FROM almalinux/9-base
ARG NODEVER=20

# Install repos, update, install only needed packages, clean up in one layer
RUN dnf install -y \
      https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
    dnf update -y && \
    dnf install -y wget procps cronie iproute nginx openssl curl && \
    dnf clean all && \
    rm -rf /var/cache/dnf /usr/share/doc /usr/share/man /usr/share/locale/* \
           /var/cache/yum /tmp/* /var/tmp/*

# Copy scripts into the image and set permissions
COPY ./scripts/ /scripts/
RUN chmod +x /scripts/*

# Generate self-signed cert, create needed dirs, install Node.js, clean up
RUN openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/localhost.key -x509 -days 3650 -subj "/CN=localhost" -out /etc/pki/tls/certs/localhost.crt && \
    mkdir -p /var/log/nodejs && \
    /scripts/install-node$NODEVER.sh && \
    rm -rf /tmp/*

# Install PM2 globally for process management with minimal footprint
RUN npm install -g pm2@latest --production && \
    npm cache clean --force && \
    rm -rf /tmp/*

# Copy configs and web files
COPY ./configs/nginx.conf /etc/nginx/nginx.conf
COPY ./configs/index.js /var/www/html/
COPY ./configs/package.json /var/www/html/
COPY ./configs/ecosystem.config.js /var/www/html/

# Set up cron job for log rotation
RUN echo "15 */12 * * * root /scripts/log-rotate.sh" >> /etc/crontab

HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
  CMD curl -f http://localhost:3000/ping || exit 1

ENTRYPOINT [ "/scripts/entrypoint.sh" ]