ARG UNIT_VERSION=1.11.0
FROM eumau/nginx-unit:${UNIT_VERSION}-php7.3

RUN set -ex; \
    apt-get update; \
    apt-get install -y --no-install-recommends \
	php-exif \
	php-gd \
	php-intl \
	php-ldap \
#	php-opcache \
	php-mysql \
	php-pgsql \
	php-sqlite3 \
	php-zip \
#	php-imagick \
	php-xml \
	php-mbstring \
	php-curl \
    ;

ENV ROUNDCUBEMAIL_VERSION=1.3.10

# Download package and extract to web volume
RUN set -ex; \
	fetchDeps="gnupg dirmngr ssl-cert"; \
	apt-get -qq update; \
	apt-get install -y --no-install-recommends $fetchDeps; \
	curl -o roundcubemail.tar.gz -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz; \
	curl -o roundcubemail.tar.gz.asc -fSL https://github.com/roundcube/roundcubemail/releases/download/${ROUNDCUBEMAIL_VERSION}/roundcubemail-${ROUNDCUBEMAIL_VERSION}-complete.tar.gz.asc; \
	export GNUPGHOME="$(mktemp -d)"; \
	# workaround for "Cannot assign requested address", see e.g. https://github.com/inversepath/usbarmory-debian-base_image/issues/9
	echo "disable-ipv6" > "$GNUPGHOME/dirmngr.conf"; \
	# ha.pool.sks-keyservers.net seems to be unreliable, use pgp.mit.edu as fallback
	gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5 || gpg --batch --keyserver pgp.mit.edu --recv-keys F3E4C04BB3DB5D4215C45F7F5AB2BAA141C4F7D5; \
	gpg --batch --verify roundcubemail.tar.gz.asc roundcubemail.tar.gz; \
	tar -xf roundcubemail.tar.gz -C /usr/src/; \
	gpgconf --kill all; \
	rm -r "$GNUPGHOME" roundcubemail.tar.gz.asc roundcubemail.tar.gz; \
	# upstream tarballs include ./roundcubemail-${ROUNDCUBEMAIL_VERSION}/ so this gives us /usr/src/roundcubemail-${ROUNDCUBEMAIL_VERSION}
	mv /usr/src/roundcubemail-${ROUNDCUBEMAIL_VERSION} /usr/src/roundcubemail; \
	rm -rf /usr/src/roundcubemail/installer

# include the wait-for-it.sh script
RUN curl -fL https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh > /wait-for-it.sh && chmod +x /wait-for-it.sh

# use custom PHP settings
COPY php.ini /etc/php/7.3/embed/conf.d/roundcube-defaults.ini

COPY docker-entrypoint.sh /

# expose these volumes
VOLUME /var/roundcube/config
VOLUME /var/www/html
VOLUME /tmp/roundcube-temp

# launch and configure Unit
RUN \
# generate self-signed certificate bundle
	mkdir -p /ssl; \
	cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key > /ssl/bundle.pem; \
	chmod 600 /ssl/bundle.pem; \
# create mock index files for configuring unit
	[ -d /var/www/html/public_html ] || { \
	  mkdir -p /var/www/html/public_html /var/www/html/public_html.remove; \
	}; \
	[ -f /var/www/html/public_html/index.php ] || { \
	  touch /var/www/html/public_html/index.php /var/www/html/public_html/index.php.remove; \
	}; \
# configure unit
	unitd --control unix:/var/run/control.unit.sock; \
	curl -X PUT --data-binary @/ssl/bundle.pem --unix-socket \
          /var/run/control.unit.sock http://localhost/certificates/default; \
	curl -X PUT --data-binary \
	'{ \
	  "listeners": { \
	    "*:9080": { "pass": "routes" }, \
	    "*:9443": { "pass": "routes", "tls": { "certificate": "default" } } \
          }, \
	  "routes": [ \
	    { "match": { "uri": "/plugins/*.php" }, "action": { "pass": "applications/direct_php" } }, \
	    { "match": { "uri": "/plugins/*.css" }, "action": { "share": "/var/www/html/public_html" } }, \
	    { "match": { "uri": "/plugins/*.js" }, "action": { "share": "/var/www/html/public_html" } }, \
	    { "match": { "uri": "/skins/*" }, "action": { "share": "/var/www/html/public_html" } }, \
	    { "match": { "uri": "/program/*" }, "action": { "share": "/var/www/html/public_html" } }, \
	    { "action": { "pass": "applications/index_php" } } \
	  ], \
	  "applications": { \
	    "index_php": { \
	      "type": "php", \
	      "processes": { "max": 20, "spare": 5 }, \
	      "user": "www-data", \
	      "group": "www-data", \
	      "root": "/var/www/html/public_html", \
	      "script": "index.php" \
	    }, \
	    "direct_php": { \
	      "type": "php", \
	      "processes": { "max": 5, "spare": 0 }, \
	      "user": "www-data", \
	      "group": "www-data", \
	      "root": "/var/www/html/public_html", \
	      "index": "index.php" \
	    } \
	  } \
	}' \
	--unix-socket /var/run/control.unit.sock http://localhost/config/; \
	[ -f /var/www/html/public_html/index.php.remove ] && { \
	  rm /var/www/html/public_html/index.php /var/www/html/public_html/index.php.remove; \
	}; \
	[ -d /var/www/html/public_html.remove ] && { \
	  rm -rf /var/www/html/public_html /var/www/html/public_html.remove; \
	}


WORKDIR /var/www/html
EXPOSE 9000
ENTRYPOINT ["/docker-entrypoint.sh"]
STOPSIGNAL SIGTERM
CMD ["unitd", "--no-daemon", "--control", "unix:/var/run/control.unit.sock"]