FROM nginx:1.25-alpine

# 安装必要工具
RUN apk add --no-cache curl ca-certificates

# 创建日志目录
RUN mkdir -p /var/log/nginx /var/www/certbot

# 复制配置
COPY nginx/nginx.conf /etc/nginx/nginx.conf
COPY nginx/conf.d/ /etc/nginx/conf.d/

# 创建 SSL 目录并生成自签名证书（仅用于开发，生产环境应挂载真实证书）
RUN mkdir -p /etc/nginx/ssl && \
    apk add --no-cache openssl && \
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout /etc/nginx/ssl/key.pem \
    -out /etc/nginx/ssl/cert.pem \
    -subj "/CN=api.example.com" && \
    apk del openssl

# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD curl -f http://localhost/health || exit 1

EXPOSE 80 443

CMD ["nginx", "-g", "daemon off;"]
