#
#  Building assumes midpoint-dist.tar.gz is present in the current directory.
#

FROM i2incommon/shibboleth_sp:3.4.1_06122023_rocky8_multiarch

MAINTAINER info@evolveum.com

RUN rpm --import https://yum.corretto.aws/corretto.key
RUN curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo
RUN yum -y update
RUN yum -y install \
        java-17-amazon-corretto-devel \
        cronie \
        supervisor \
	libcurl-minimal \
	&& yum clean -y all

RUN cd /etc/httpd/conf.d/ \
    && rm -f autoindex.conf ssl.conf userdir.conf welcome.conf

COPY container_files/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
COPY container_files/httpd/conf/* /etc/httpd/conf.d/
COPY container_files/usr-local-bin/* /usr/local/bin/
COPY container_files/opt-tier/* /opt/tier/

RUN chmod 755 /opt/tier/setenv.sh \
    && chmod 755 /usr/local/bin/sendtierbeacon.sh \
    && chmod 755 /usr/local/bin/setup-cron.sh \
    && chmod 755 /usr/local/bin/setup-timezone.sh \
    && chmod 755 /usr/local/bin/start-midpoint.sh \
    && chmod 755 /usr/local/bin/start-httpd.sh \
    && chmod 755 /usr/local/bin/startup.sh \
    && chmod 755 /usr/local/bin/healthcheck.sh

RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
    && mkdir /etc/httpd/conf.d/vhosts \
    && rm /etc/httpd/conf.d/shib.conf \
    && sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
    && echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
    && sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
    && sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
    && echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
    && echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf

# Build arguments

ARG MP_DIST_FILE=midpoint-dist.tar.gz

ENV MP_DIR /opt/midpoint

RUN mkdir -p ${MP_DIR}/var

COPY ${MP_DIST_FILE} ${MP_DIR}
COPY container_files/mp-dir/ ${MP_DIR}/

RUN echo 'Extracting midPoint archive...' \
 && tar xzf ${MP_DIR}/${MP_DIST_FILE} -C ${MP_DIR} --strip-components=1

# Disabled because of wider compatibility issues (e.g. AWS)
# TODO: consider all the consequences
#VOLUME ${MP_DIR}/var

# Logging parameters

ENV ENV demo
ENV USERTOKEN ""

# Other parameters

ENV MP_MEM_MAX 2048m
ENV MP_MEM_INIT 1024m
ENV TIMEZONE UTC
ENV TIER_RELEASE not-released-yet
ENV TIER_MAINTAINER tier

# TIER Beacon Opt-out
# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage/midPoint) and version (4.0, etc)
# once daily between midnight and 4am.  There is no configuration or private information collected or sent.
# This data helps with the scaling and funding of TIER.  Please do not disable it if you find the TIER tools useful.
# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
#####     ENV TIER_BEACON_OPT_OUT true

# requires MP_VERSION and TIER_xyz variables so we have to execute it here

RUN /opt/tier/setenv.sh

HEALTHCHECK --interval=1m --timeout=30s --start-period=2m CMD /usr/local/bin/healthcheck.sh

CMD ["/usr/local/bin/startup.sh"]