ARG SSL_VARIANT=selfsigned
ARG NGINX_TAG=1.25-alpine


FROM nginx:${NGINX_TAG} as nginx_letsencrypt

ONBUILD RUN echo "Let's encrypt support not implemented yet."; exit 1


FROM nginx:${NGINX_TAG} as nginx_selfsigned

ARG SELFSIGNED_REQ_HOST
ARG SELFSIGNED_REQ_ALT_NAMES
ONBUILD RUN test "${SELFSIGNED_REQ_HOST}" || { echo "Require SELFSIGNED_REQ_HOST argument."; exit 1; }
ONBUILD RUN \
	apk add openssl && \
	printf "DE\nHassia\nEschborn\nSource Arcade\nWeb\n${SELFSIGNED_REQ_HOST}\n\n" | \
		openssl req -x509 -nodes -days 14 -newkey rsa:2048 \
			-addext "subjectAltName = ${SELFSIGNED_REQ_ALT_NAMES}" \
			-keyout /etc/ssl/private/sa-selfsigned.key \
			-out /etc/ssl/certs/sa-selfsigned.crt && \
	apk del openssl


FROM nginx_${SSL_VARIANT}

COPY nginx/Dockerfile.entrypoint /nginx-entrypoint
RUN chmod 544 /nginx-entrypoint

ENTRYPOINT ["/bin/sh", "/nginx-entrypoint"]
CMD ["nginx", "-g", "daemon off;"]