FROM ubuntu:18.04
MAINTAINER Stefano Alberto Russo <stefano.russo@gmail.com>

#----------------------
# Basics
#----------------------

# Set non-interactive
ENV DEBIAN_FRONTEND noninteractive

# Update
RUN apt-get update

# Utilities
RUN apt-get install -y nano telnet unzip wget openssh-server sudo curl

# Install Apache
RUN apt-get install -y apache2
RUN apt-get install apache2-utils

# Enable mod_proxy and SSL plus related
RUN a2enmod proxy
RUN a2enmod proxy_http
RUN sudo a2enmod ssl
RUN a2enmod rewrite
RUN a2enmod headers
RUN a2enmod proxy_wstunnel


#------------------------
# Esap user
#------------------------

# Add group. We chose GID 65527 to try avoiding conflicts.
RUN groupadd -g 65527 esap

# Add user. We chose UID 65527 to try avoiding conflicts.
RUN useradd esap -d /esap -u 65527 -g 65527 -m -s /bin/bash

# Add esap user to sudoers
RUN adduser esap sudo

# No pass sudo (for everyone, actually)
COPY sudoers /etc/sudoers


#------------------------
# Apache Conf
#------------------------

# Copy and enable conf for proxy
COPY 001-proxy.conf /etc/apache2/sites-available/
RUN ln -s /etc/apache2/sites-available/001-proxy.conf /etc/apache2/sites-enabled/001-proxy.conf

# We overwrite default Apache conf as we force https
COPY 000-default.conf /etc/apache2/sites-available/

# Copy and enable conf for ssl. Not enabling ssl default site causes the first ssl
# site in sites-avaialbe to be used as default. "Check with apachectl -t -D DUMP_VHOSTS".
# A custom conf is not really necessary as defaults are ok (it is the original file)
# Note: not naming this file with "000" causes to load other sites-available before, same problem.
COPY default-ssl.conf /etc/apache2/sites-available/
RUN ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf

# Copy certificates (snakeoil or real)
RUN mkdir /certificates
COPY certificates/esap_platform.crt /root/certificates/esap_platform/esap_platform.crt
COPY certificates/esap_platform.key /root/certificates/esap_platform/esap_platform.key
COPY certificates/esap_platform.ca-bundle /root/certificates/esap_platform/esap_platform.ca-bundle

#----------------------
# Entrypoint
#----------------------

COPY run_Apache.sh /run_Apache.sh
COPY entrypoint.sh /entrypoint.sh
RUN chmod 755 /entrypoint.sh /run_Apache.sh

ENTRYPOINT ["/entrypoint.sh"]
