# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#  http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.4

ARG KOGITO_MANAGEMENT_CONSOLE_PORT=8080

ENV RUNTIME_TOOLS_MANAGEMENT_CONSOLE_KOGITO_ENV_MODE="PROD"

COPY entrypoint.sh dist-dev/image-env-to-json-standalone dist-dev/EnvJson.schema.json /tmp/

RUN microdnf --disableplugin=subscription-manager -y install httpd \
  && microdnf --disableplugin=subscription-manager clean all \
  && echo "Mutex posixsem" >> /etc/httpd/conf/httpd.conf \
  && sed -i -e "/#ServerName www.example.com:80/aHeader set Content-Security-Policy \"frame-ancestors 'self';\"" /etc/httpd/conf/httpd.conf \
  && sed -i -e 's/Options Indexes FollowSymLinks/Options -Indexes +FollowSymLinks/' /etc/httpd/conf/httpd.conf \
  && sed -i "s/Listen 80/Listen ${KOGITO_MANAGEMENT_CONSOLE_PORT}/g" /etc/httpd/conf/httpd.conf \
  && sed -i "s/#ServerName www.example.com:80/ServerName 127.0.0.1:${KOGITO_MANAGEMENT_CONSOLE_PORT}/g" /etc/httpd/conf/httpd.conf \
  && sed -i '$ a ServerTokens Prod' /etc/httpd/conf/httpd.conf \
  && sed -i '$ a ServerSignature Off' /etc/httpd/conf/httpd.conf \
  && sed -i -e '/<Directory "\/var\/www\/html">/a    RewriteEngine on\n    RewriteCond %{REQUEST_FILENAME} -f [OR]\n    RewriteCond %{REQUEST_FILENAME} -d\n    RewriteRule ^ - [L]\n    RewriteRule ^ index.html [L]' /etc/httpd/conf/httpd.conf \
  && chmod -R g=u /etc/httpd/conf \
  && mkdir /management-console \
  && mv -t /management-console /tmp/entrypoint.sh /tmp/image-env-to-json-standalone /tmp/EnvJson.schema.json \
  && chgrp -R 0 /var/log/httpd /var/run/httpd /var/www/html /management-console \
  && chmod -R g=u /var/log/httpd /var/run/httpd /var/www/html /management-console \
  && chmod +x /management-console/entrypoint.sh /management-console/image-env-to-json-standalone

COPY dist-dev/runtime-tools-management-console-webapp /management-console/app

RUN if [ -f /management-console/app/env.json ]; then chmod a+w /management-console/app/env.json; fi

EXPOSE ${KOGITO_MANAGEMENT_CONSOLE_PORT}

USER 1000

ENTRYPOINT [ "/management-console/entrypoint.sh" ]
