FROM erseco/alpine-php-webserver:3.20.5
ARG VERSION=
ARG WEBDIR=/var/www/html
LABEL version="${VERSION}" \
Maintainer="H2 invent GmbH" \
Description="Meetling Livekit Middleware" \
org.opencontainers.version="${VERSION}" \
org.opencontainers.image.title="Meetling Livekit Middleware" \
org.opencontainers.image.license="BSL" \
org.opencontainers.image.vendor="H2 invent GmbH" \
org.opencontainers.image.authors="Andreas Holzmann <support@h2-invent.com>" \
org.opencontainers.image.source="https://github.com/h2-invent/livekit" \
org.opencontainers.image.documentation="https://meetling.de" \
org.opencontainers.image.url="https://meetling.de"
USER root
RUN apk --no-cache add \
unzip \
cronie \
openssl
RUN echo "#!/bin/sh" > /docker-entrypoint-init.d/02-openssl.sh \
&& echo "openssl genrsa -out ${WEBDIR}/private.pem" >> /docker-entrypoint-init.d/02-openssl.sh \
&& echo "openssl rsa -in ${WEBDIR}/private.pem -pubout -out ${WEBDIR}/public/public.pem" >> /docker-entrypoint-init.d/02-openssl.sh \
&& echo "chown nobody ${WEBDIR}/private.pem" >> /docker-entrypoint-init.d/02-openssl.sh \
&& chmod +x /docker-entrypoint-init.d/*
RUN --mount=type=secret,id=ARTIFACT_USER \
--mount=type=secret,id=ARTIFACT_SECRET \
--mount=type=secret,id=ARTIFACT_URL \
ARTIFACT_USER=$(cat /run/secrets/ARTIFACT_USER) \
ARTIFACT_SECRET=$(cat /run/secrets/ARTIFACT_SECRET) \
ARTIFACT_URL=$(cat /run/secrets/ARTIFACT_URL) \
&& wget https://${ARTIFACT_USER}:${ARTIFACT_SECRET}@${ARTIFACT_URL}-${VERSION}.zip -O artifact.zip \
&& unzip artifact.zip -d ${WEBDIR} \
&& chown -R nobody ${WEBDIR}/public \
&& chown -R nobody ${WEBDIR}/var \
&& chmod -R 700 ${WEBDIR}/public \
&& chmod -R 700 ${WEBDIR}/var
RUN apk del unzip \
&& rm artifact.zip \
&& rm ${WEBDIR}/private.pem \
&& rm ${WEBDIR}/public/public.pem \
&& rm -r ${WEBDIR}/var/cache \
&& rm -rf /var/cache/apk/*
USER nobody
ENV nginx_root_directory=/var/www/html/public \
upload_max_filesize=10M