FROM registry.svc.ci.openshift.org/openshift/origin-v4.0:base-router

ENV NGINX_VERSION 1.13.12-1.el7_4.ngx
COPY images/router/nginx/nginx.repo /etc/yum.repos.d/ 
RUN yum install -y nginx-${NGINX_VERSION} && \
    yum clean all && \
    mkdir -p /var/lib/nginx/router/{certs,cacerts} && \
    mkdir -p /var/lib/nginx/{conf,run,log,cache} && \
    touch /var/lib/nginx/conf/nginx.conf && \
    setcap 'cap_net_bind_service=ep' /usr/sbin/nginx && \
    chown -R :0 /var/lib/nginx && \
    chmod -R g+w /var/lib/nginx && \
    ln -sf /var/lib/nginx/log/error.log /var/log/nginx/error.log && \
    rm /etc/yum.repos.d/nginx.repo

COPY images/router/nginx/ /var/lib/nginx/
LABEL io.k8s.display-name="OpenShift NGINX Router" \
      io.k8s.description="This is a component of OpenShift and contains an NGINX instance that exposes ingress to services within the cluster through routes, and offers TLS termination, reencryption, or SNI-passthrough on ports 80 and 443."
USER 1001
EXPOSE 80 443
WORKDIR /var/lib/nginx/conf
ENV TEMPLATE_FILE=/var/lib/nginx/conf/nginx-config.template \
    RELOAD_SCRIPT=/var/lib/nginx/reload-nginx
ENTRYPOINT ["/usr/bin/openshift-router", "--working-dir=/var/lib/nginx/router"]
