# Big Breathe — single-container web image for Coolify.
#   nginx 1.x  (static HTML/CSS/JS)
#   php-fpm 8.3 (contact form /api/contact.php)
#   supervisord (PID-1 process manager)

FROM php:8.3-fpm-alpine

RUN apk add --no-cache nginx supervisor curl tini \
    && mkdir -p /run/nginx /var/log/supervisor

RUN printf 'user www-data;\nworker_processes auto;\npid /run/nginx.pid;\nerror_log /dev/stderr warn;\nevents { worker_connections 1024; }\nhttp {\n    include /etc/nginx/mime.types;\n    default_type application/octet-stream;\n    access_log /dev/stdout;\n    sendfile on;\n    tcp_nopush on;\n    keepalive_timeout 65;\n    include /etc/nginx/conf.d/*.conf;\n}\n' > /etc/nginx/nginx.conf && \
    rm -f /etc/nginx/conf.d/default.conf /etc/nginx/http.d/default.conf 2>/dev/null || true
COPY infra/nginx.conf       /etc/nginx/conf.d/bigbreath.conf
COPY infra/supervisord.conf /etc/supervisord.conf
COPY infra/php-fpm-pool.conf /usr/local/etc/php-fpm.d/zzz-pool.conf

COPY src/404.html                /var/www/html/404.html
COPY src/500.html                /var/www/html/500.html
COPY src/robots.txt              /var/www/html/robots.txt
COPY src/sitemap.xml             /var/www/html/sitemap.xml
COPY src/llms.txt                /var/www/html/llms.txt

COPY src/assets                  /var/www/html/assets/
COPY src/api/contact.php         /var/www/html/api/contact.php
COPY src/api/router.php          /var/www/html/api/router.php
COPY src/api/templates           /var/www/html/api/templates/
COPY src/api/components          /var/www/html/api/components/
COPY src/api/data                /var/www/html/api/data/

RUN echo 'bigbreath:$apr1$sTejUunq$56jg.DmHWEqrg7cbge2a20' > /etc/nginx/.htpasswd

RUN chown -R www-data:www-data /var/www/html \
    && echo 'expose_php = Off' > /usr/local/etc/php/conf.d/security.ini

ENV SEND_FROM_EMAIL="" \
    SEND_TO_EMAIL="" \
    SEND_FROM_DOMAIN="" \
    RESEND_API_KEY="" \
    RECAPTCHA_SECRET_KEY="" \
    RATE_LIMIT_PER_IP_PER_10MIN=5 \
    SCORE_PASS=0.7 \
    SCORE_REVIEW=0.4 \
    TIME_MIN_SECONDS=3 \
    TRUST_PROXY=1

EXPOSE 80

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
  CMD curl -fsS http://127.0.0.1/health > /dev/null || exit 1

ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"]
