FROM nginx:mainline-alpine

ENV PUID=1000 \
    PGID=1000 \
    UMASK=022 \
    LOG_ROTATE_COUNT=7 \
    LOG_ROTATE_SIZE=10M \
    CERTBOT_EMAIL="" \
    CERTBOT_AGREE_TOS="true"

RUN apk add --no-cache \
    certbot \
    certbot-nginx \
    dcron \
    logrotate \
    openssl && \
    \
    find /usr/lib/python* -name '__pycache__' -type d -exec rm -rf {} + && \
    find /usr/lib/python* -name '*.pyc' -delete && \
    find /usr/lib/python* -name '*.pyo' -delete && \
    rm -rf /usr/share/doc/* /usr/share/man/* && \
    \
    rm -f /var/log/nginx/access.log /var/log/nginx/error.log && \
    touch /var/log/nginx/access.log /var/log/nginx/error.log /var/log/nginx/error_log_stream && \
    \
    echo "0 3 * * * certbot renew --nginx --post-hook 'nginx -s reload' >> /var/log/letsencrypt/cron.log 2>&1" >> /etc/crontabs/root && \
    \
    cp -r /etc/nginx /etc/nginx.dist

COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

EXPOSE 80 443 443/udp
VOLUME ["/var/www", "/etc/nginx", "/etc/letsencrypt", "/var/log/nginx", "/var/log/letsencrypt"]

ENTRYPOINT ["/entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"]