FROM nginx:1.26-bookworm

ENV TZ=Asia/Seoul
ENV DEBIAN_FRONTEND=noninteractive

# ========================================
# 1. Base packages & timezone setup
# ========================================
RUN apt-get update && \
    apt-get install -y --no-install-recommends apt-utils && \
    apt-get install -yq tzdata && \
    ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

# ========================================
# 2. Required packages
# ========================================
RUN apt-get install -y sendmail wget gnupg ca-certificates

# ========================================
# 3. Cron & Certbot (SSL auto-renewal)
# ========================================
RUN apt-get install -y cron certbot python3-certbot-nginx

# ========================================
# 4. CA certificates
# ========================================
RUN update-ca-certificates && \
    chmod 644 /etc/ssl/certs/ca-certificates.crt

# ========================================
# 5. Cleanup
# ========================================
RUN apt-get autoremove -y && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

# ========================================
# 6. Certbot auto-renewal cron job
# ========================================
RUN crontab -l 2>/dev/null | { cat; echo "0 5 * * 1 certbot renew --quiet --deploy-hook \"nginx -t && service nginx reload\" >> /log/nginx/crontab_\$(date +\%Y\%m\%d).log 2>&1"; } | crontab -

# ========================================
# 7. Add cron to nginx entrypoint
# ========================================
RUN sed -i'' -r -e "/set/i\cron" /docker-entrypoint.sh || true