FROM haproxy:2.4.13-alpine

# For building the image in a proxy environment if necessary
ARG HTTP_PROXY
ARG HTTPS_PROXY

ENV HTTP_PROXY   ${HTTP_PROXY}
ENV HTTPS_PROXY  ${HTTPS_PROXY}
ENV http_proxy   ${HTTP_PROXY}
ENV https_proxy  ${HTTPS_PROXY}

# Added to execute commands which required root permission
USER root

RUN apk add --no-cache \
    ca-certificates \
    curl \
    bash \
    socat \
    openssl \
    shadow \
    util-linux && \
    chown -R haproxy:haproxy /usr/local/etc/haproxy

RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private

COPY --chown=haproxy aai.pem /etc/ssl/private/aai.pem
COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh
COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf
COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg

# Changing group and group permission to allow haproxy user to execute sed comamnd ot change files
RUN chgrp haproxy /usr/local/etc/haproxy; \
    chgrp haproxy /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf

RUN chmod +x /docker-entrypoint.sh; \
    chmod g+wx /usr/local/etc/haproxy; \
    chmod g+w /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf

# Reverting to haproxy use to not run the pod with root permissions
USER haproxy

ENTRYPOINT [ "/docker-entrypoint.sh" ]
CMD [ "haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ]
EXPOSE 8443