FROM alpine:latest AS base

FROM alpine:latest AS build
ARG NGINX_VERSION LIBRESSL_VERSION=4.1.0
ENV NGINX_VERSION=${NGINX_VERSION}
RUN --mount=type=cache,target=/var/cache/apk apk update
RUN --mount=type=cache,target=/var/cache/apk apk add \
	autoconf \
	automake \
	bind-tools \
	binutils \
	build-base \
	ca-certificates \
	cmake \
	curl \
	gcc \
	gd-dev \
	geoip-dev \
	git \
	gnupg \
	go \
	libc-dev \
	libgcc \
	libstdc++ \
	libtool \
	libxslt-dev \
	linux-headers \
	make \
	ninja \
	pcre \
	pcre-dev \
	perl-dev \
	su-exec \
	tar \
	tzdata \
	zlib \
	zlib-dev \
	mercurial
RUN adduser -D luser
USER luser
WORKDIR /home/luser

#RUN git clone --depth 1 --branch v4.0.0 https://github.com/libressl/portable.git libressl
#RUN git clone --depth 1 --branch v4.0.0 https://github.com/libressl/portable.git libressl
ADD --mount=ssh --chown=luser:luser git@github.com/libressl/portable.git#v${LIBRESSL_VERSION} libressl
#ADD --chown=luser:luser https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz libressl.tgz
#RUN tar -xzf libressl.tgz && mv libressl-${LIBRESSL_VERSION} libressl && rm libressl.tgz
RUN mkdir -p libressl/build
RUN cmake -G Ninja -B libressl/build -S libressl \ 
	-DCMAKE_BUILD_TYPE=Release \
	-DLIBRESSL_APPS=OFF \
	-DLIBRESSL_SKIP_INSTALL=ON \
	-DENABLE_ASM=OFF \
	-DENABLE_NC=OFF \
	-DLIBRESSL_TESTS=OFF \
	-DBUILD_SHARED_LIBS=OFF
RUN cmake --build libressl/build

ADD --chown=luser:luser https://github.com/nginx/nginx.git#release-${NGINX_VERSION} /nginx
ADD --chown=luser:luser https://github.com/openresty/headers-more-nginx-module.git /ngx_headers_more
ADD --chown=luser:luser https://github.com/google/ngx_brotli.git /ngx_brotli
USER root
WORKDIR /
RUN hg clone http://hg.nginx.org/njs /njs
RUN chown luser:luser -R /njs
USER luser
WORKDIR /home/luser
ADD --chown=luser:luser --chmod=755 ./build.sh ./build.sh
RUN ./build.sh


FROM base AS release
ARG VERSION
ENV NGINX_VERSION=${VERSION}

RUN addgroup -S nginx
RUN adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx

RUN --mount=type=cache,target=/var/cache/apk apk add --virtual .install_deps make perl-dev gettext binutils
RUN --mount=type=cache,target=/var/cache/apk \
    --mount=type=bind,from=build,source=/nginx,target=/nginx \
    --mount=type=bind,from=build,source=/ngx_headers_more,target=/ngx_headers_more \
    --mount=type=bind,from=build,source=/ngx_brotli,target=/ngx_brotli \
    --mount=type=bind,from=build,source=/njs,target=/njs \
	--mount=type=bind,source=install.sh,target=/install.sh \
	 (cd nginx && sh /install.sh)
RUN --mount=type=cache,target=/var/cache/apk apk del .install_deps

COPY conf/nginx.conf /etc/nginx/nginx.conf
COPY conf/nginx.vh.no-default.conf /etc/nginx/conf.d/default.conf

LABEL description="NGINX Docker built top of LibreSSL" \
      maintainer="Walter Oggioni <oggioni.walter@gmail.com>" \
      openssl="LibreSSL" \
      nginx="nginx ${NGINX_VERSION}"

EXPOSE 80 443 443/udp

STOPSIGNAL SIGTERM

CMD ["nginx", "-g", "daemon off;"]