FROM nginx:alpine

# Install Python, pip, openssl
RUN apk add --no-cache python3 py3-pip openssl bash \
    && python3 -m venv /opt/venv

ENV PATH="/opt/venv/bin:$PATH"

# Install Python dependencies
COPY app/requirements.txt /app/requirements.txt
RUN pip install --no-cache-dir -r /app/requirements.txt

# Copy application files
COPY app/ /app/
COPY nginx/nginx.conf /etc/nginx/nginx.conf.template
COPY nginx/entrypoint.sh /entrypoint.sh
COPY certs/generate-certs.sh /certs/generate-certs.sh

RUN chmod +x /entrypoint.sh /certs/generate-certs.sh \
    && mkdir -p /data /etc/nginx/conf.d \
    && rm -f /etc/nginx/conf.d/default.conf

# No EXPOSE needed - running in host network mode

ENTRYPOINT ["/entrypoint.sh"]
