# afaq — PHP 7.4 + Apache application image (development).
#
# Mirrors the afaq4-docker reference image, with the project bind-mounted at
# /var/www/html (NOT copied) so edits on the host are live in the container.
# DocumentRoot is public_html/ (afaq's web root — see bootstrap/paths.php).
#
# The database is NOT part of this stack. The app connects to MySQL on the host
# PC (host.docker.internal) or on the local network (a 192.168.x.x address);
# see docker-compose.yml and HOW-TO-DOCKER.md.
FROM php:7.4-apache

# 1. Build/runtime packages for the PHP extensions below.
RUN apt-get update && apt-get install -y --no-install-recommends \
        curl \
        g++ \
        git \
        libbz2-dev \
        libfreetype6-dev \
        libicu-dev \
        libjpeg-dev \
        libmcrypt-dev \
        libpng-dev \
        libreadline-dev \
        sudo \
        unzip \
        libonig-dev \
        libxml2-dev \
        libzip-dev \
        zip \
    && rm -rf /var/lib/apt/lists/*

# 2. mod_rewrite (URL rewriting) + mod_headers (the .htaccess security headers).
RUN a2enmod rewrite headers ssl

# 3. PHP extensions afaq relies on.
RUN docker-php-ext-configure gd --with-freetype --with-jpeg \
    && docker-php-ext-install \
        bcmath \
        bz2 \
        calendar \
        iconv \
        intl \
        mbstring \
        opcache \
        pdo_mysql \
        mysqli \
        pcntl \
        exif \
        sockets \
        gd \
        zip

# mcrypt — required by afaq (see docs/deployment.md); only available via PECL on 7.4.
RUN pecl install mcrypt-1.0.5 && docker-php-ext-enable mcrypt

# 4. Composer is intentionally NOT used to (re)build vendor/ — afaq ships a
#    hand-maintained vendor/ and composer install fails on this project (see
#    CLAUDE.md). It is provided only for ad-hoc inspection.
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer

# 5. Configs baked in so the image boots standalone; docker-compose bind-mounts
#    php.ini on top so it can be tuned without a rebuild.
COPY php.ini           /usr/local/etc/php/php.ini
COPY apache-vhost.conf /etc/apache2/sites-available/000-default.conf
COPY entrypoint.sh     /usr/local/bin/entrypoint.sh
# Strip any CR so the script runs even if checked out with CRLF on Windows.
RUN sed -i 's/\r$//' /usr/local/bin/entrypoint.sh \
    && chmod +x /usr/local/bin/entrypoint.sh

RUN mkdir -p /etc/apache2/ssl

WORKDIR /var/www/html

EXPOSE 80 443

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]