FROM alpine:3.21
LABEL Maintainer="Christian Steinle <kontakt@steinle-computer.de>"
LABEL Description="Lightweight container with Nginx 1.26 & PHP 8.4 based on Alpine Linux."

WORKDIR /var/www/html

# Set environment variable to serve not from /var/www/html but subpath, for e.g. Laravel.
ENV SERVE_PATH=

RUN apk update && \
  apk upgrade && \
  apk add --no-cache \
    curl \
    nginx \
    php84 \
    php84-bcmath \
    php84-ctype \
    php84-curl \
    php84-dom \
    php84-fileinfo \
    php84-fpm \
    php84-gd \
    php84-mbstring \
    php84-mysqli \
    php84-openssl \
    php84-pdo \
    php84-pdo_mysql \
    php84-pdo_pgsql \
    php84-pdo_sqlite \
    php84-session \
    php84-tokenizer \
    php84-xml \
    php84-xsl \
    php84-zip \
    supervisor

# Link to php, for calling "php artisan serve".
RUN ln -s /usr/bin/php84 /usr/bin/php

# Copy configuration and entrypoint. Entrypoint is needed to change nginx's document root if environement variable is given.
COPY config/nginx.conf /etc/nginx/nginx.conf
COPY config/fpm-pool.conf /etc/php84/php-fpm.d/www.conf
COPY config/php.ini /etc/php84/conf.d/custom.ini
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY config/entrypoint.sh /bin/entrypoint.sh

RUN chmod a+x /bin/entrypoint.sh

EXPOSE 8080

RUN chown -R nobody:nobody /var/www/html /run /var/lib/nginx /var/log/nginx /etc/nginx

ENTRYPOINT ["/bin/entrypoint.sh"]

# Use unpriviledged user for security.
USER nobody

# Add healthcheck to container.
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping