# (C) Jules Field <Jules@Zend.To> 2022 for ZendTo.

FROM debian:10-slim
MAINTAINER Jules Field <Jules@Zend.To>

ARG TZ
ENV TZ=${TZ:-UTC}
# Only needed at build time, so not an ENV.
# Value comes from docker-compose.yml
ARG ZENDTO_VERSION

WORKDIR /root
ARG DEBIAN_FRONTEND=noninteractive
ENV ZENDTOCONFDIR=/opt/zendto/config
ENV ZENDTOPREFS=${ZENDTOCONFDIR}/preferences.php

RUN apt update && \
	apt install -y --no-install-recommends \
	apache2 \
	ca-certificates \
	clamav \
	clamav-daemon \
	cron \
	curl \
	gettext \
	jq \
	locales \
	nano \
	rrdtool \
	tzdata \
	vim-tiny \
	&& \
	ln -nsf /usr/share/zoneinfo/"$TZ" /etc/localtime && \
	dpkg-reconfigure tzdata && \
	rm -rf /var/lib/apt/lists/* /usr/share/doc/* && \
	curl -o /etc/apt/trusted.gpg.d/zendto.gpg.asc https://zend.to/files/zendto.gpg.asc && \
	rm -f zendto-repo.deb && \
	curl -O https://zend.to/files/zendto-repo.deb && \
	apt install -y ./zendto-repo.deb && \
	rm -f zendto-repo.deb && \
	curl https://zend.to/files/install.ZendTo.tgz | \
	tar xz && \
	# Disable the "pause()" function to speed Docker setups
	sed -ie '/^pause()/a return;' install.ZendTo/lib/functions.sh
WORKDIR /root/install.ZendTo/Ubuntu-Debian

# Stage 1 - Apache - is actually only curl and apache2, so done above
# Stage 2 - PHP - done from downloaded ZendTo Installer
RUN test -x 2-php.sh && \
	apt update && \
	./2-php.sh --defaults </dev/null && \
	# Disable mod_php and replace it with php-fpm
	PHPVER="$( php --info | grep '^PHP Version' | head -1 | awk '{ print $NF }' | cut -d. -f1,2 )" && \
	a2dismod php${PHPVER} && \
	a2dismod mpm_prefork && \
	a2enmod mpm_event && \
	a2enmod proxy_fcgi && \
	apt install -y --no-install-recommends php${PHPVER}-fpm && \
	apt purge -y libapache2-mod-php${PHPVER} && \
	apt -y autoremove && \
	a2enconf php${PHPVER}-fpm && \
	# Check log_errors is on
	sed -Ei -e 's!^;?(\s*php_admin_flag\[log_errors\])\s*=\s*\S+!\1 = on!g' \
		/etc/php/${PHPVER}/fpm/pool.d/www.conf && \
	touch /var/log/fpm-php.www.log && \
	chown www-data:www-data /var/log/fpm-php.www.log && \
	mkdir -p /run/php && \
	rm -rf /var/lib/apt/lists/* /usr/share/doc/*

# Run stage 3 - ClamAV - by hand as we don't want to run freshclam here
# Set logging to stderr, and reduce self-check time to 10 minutes so it
# notices signature updates a lot faster
RUN sed -Ei.zendto \
	-e 's!^(\s*SelfCheck)\s+\S+!\1 600!g' \
	-e 's!^(\s*LogSyslog)\s+\S+!\1 false!g' \
	-e 's!^(\s*LogRotate)\s+\S+!\1 false!g' \
	-e 's!^(\s*LogFile)\s+\S+!\1 /dev/stderr!g' \
	-e 's!^(\s*UpdateLogFile)\s+\S+!\1 /dev/stderr!g' \
	/etc/clamav/clamd.conf /etc/clamav/freshclam.conf && \
	# Allowing ClamAV to read Apache files
	usermod -a -G www-data clamav && \
	# and the other way around!
	usermod -a -G clamav www-data && \
	# The owner of this needs to be right before we start clamd
	install --owner=clamav --group=clamav -d /var/run/clamav

# Stage 4 not needed in docker container, firewalling done by docker itself
# Run stage 5 by hand as we don't do SSL in the docker container
COPY httpd.conf /etc/apache2/sites-available/001-zendto.conf
COPY php.ini .
RUN PHPVER="$( php --info | grep '^PHP Version' | head -1 | awk '{ print $NF }' | cut -d. -f1,2 )" && \
	install -D --mode=0644 php.ini /etc/php/${PHPVER}/cli/conf.d/99-zendto.ini && \
	install -D --mode=0644 php.ini /etc/php/${PHPVER}/fpm/conf.d/99-zendto.ini && \
	install -D --mode=0644 php.ini /etc/php/${PHPVER}/apache2/conf.d/99-zendto.ini && \
	rm -f php.ini
RUN chmod u=rw,go=r /etc/apache2/sites-available/001-zendto.conf && \
	a2dissite 000-default && \
	a2ensite 001-zendto && \
	a2dismod -f autoindex && \
	a2dismod -f status && \
	a2enmod rewrite && \
	a2enmod headers && \
	a2disconf other-vhosts-access-log && \
	a2disconf serve-cgi-bin
# Fix logging to stdout/stderr like Apache do it
RUN sed -Ei -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/stdout!g' \
			-e 's!^(\s*ErrorLog)\s+\S+!\1 /dev/stderr!g' \
			/etc/apache2/apache2.conf

# Stage 6 is obsolete
# Do stage 7 (installing ZendTo itself) by hand as we don't want most of it here
RUN apt update && \
	if [ -z "$ZENDTO_VERSION" -o "$ZENDTO_VERSION" = "latest" ] ; then \
		apt install -y zendto; \
	else \
		echo "Installing requested ZendTo version $ZENDTO_VERSION" && \
		curl -O "https://zend.to/files/zendto_${ZENDTO_VERSION}.deb" && \
		dpkg -i "zendto_${ZENDTO_VERSION}.deb" && \
		rm -f "zendto_${ZENDTO_VERSION}.deb"; \
	fi && \
	# Fix the /var/zendto/incoming path to be in 'shared'
	sed -ie 's/var\/zendto\/incoming/var\/zendto\/shared\/incoming/' /etc/cron.d/zendto && \
	apt install -y zendto-saml && \
	cp -n ${ZENDTOCONFDIR}/preferences.php ${ZENDTOCONFDIR}/preferences.php.sample && \
	cp -n ${ZENDTOCONFDIR}/internaldomains.conf ${ZENDTOCONFDIR}/internaldomains.conf.sample && \
	cp -n ${ZENDTOCONFDIR}/zendto.conf ${ZENDTOCONFDIR}/zendto.conf.sample && \
	install -D --mode=0755 ../lib/domainname.pl /usr/local/bin/domainname.pl && \
	# Setup graphing
	php /opt/zendto/sbin/rrdUpdate.php ${ZENDTOPREFS} | grep -v '^[0-9]*x[0-9]*$' && \
	# Setup languages
	/opt/zendto/bin/makelanguages && \
	rm -rf /var/lib/apt/lists/* /usr/share/doc/*

# Stage 8 has no effect on Debian as no SELinux
# Note: This is how to disable the maintenance cron entries on
#       worker nodes in a Docker swarm
# sed -e '/rrd/!s/^\([^#]\)/\# Not on Docker workers: \1/' /etc/cron.d/zendto

# Set up the entry point so we can run ZendTo cli commands and bash
COPY docker-entrypoint.sh /usr/local/bin/
RUN mkdir -p /docker-entrypoint-init.d && \
	chmod a=rx /usr/local/bin/docker-entrypoint.sh && \
	ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat

# Clean up
WORKDIR /
RUN rm -rf /var/lib/apt/lists/* /usr/share/doc/* /root/zendto-repo.deb /root/install.ZendTo

VOLUME /opt/zendto/config
VOLUME /opt/zendto/simplesamlphp/config
VOLUME /opt/zendto/templates
VOLUME /opt/zendto/www/images/email
VOLUME /opt/zendto/www/css
VOLUME /var/zendto/shared

ENTRYPOINT [ "docker-entrypoint.sh" ]
EXPOSE 80
CMD [ "run" ]
