FROM almalinux/9-base
ARG PHPVER=83

# Install repos, update, install only needed packages, clean up in one layer
RUN dnf install -y \
      https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
      https://rpms.remirepo.net/enterprise/remi-release-9.rpm && \
    dnf update -y && \
    dnf install -y httpd mod_ssl wget procps cronie iproute && \
    dnf clean all && \
    rm -rf /var/cache/dnf /usr/share/doc /usr/share/man /usr/share/locale/*

# Copy scripts into the image and set permissions
COPY ./scripts/ /scripts/
RUN chmod +x /scripts/*

# Generate self-signed cert, create needed dirs, install PHP, clean up
RUN openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/localhost.key -x509 -days 3650 -subj "/CN=localhost" -out /etc/pki/tls/certs/localhost.crt && \
    mkdir -p /run/php-fpm/ && \
    /scripts/install-php$PHPVER.sh && \
    rm -rf /tmp/*

# Download and install wp-cli (consider pinning version for reproducibility)
RUN curl -L -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
    chmod +x /usr/local/bin/wp

# Copy configs and web files
COPY ./configs/default-index.conf /etc/httpd/conf.d/
COPY ./configs/prod-php.ini /etc/php.ini
COPY ./configs/phpinfo.php /var/www/html/
COPY ./configs/mariadb.repo /etc/yum.repos.d/
COPY ./configs/index.php /var/www/html/
COPY ./configs/remote_ip.conf /etc/httpd/conf.d/

# Set up cron job in a single layer
RUN echo "15 */12 * * * root /scripts/log-rotate.sh" >> /etc/crontab

HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
  CMD curl -f http://localhost/ || exit 1

ENTRYPOINT [ "/scripts/entrypoint.sh" ]