FROM node:25-alpine3.22 AS build-page

COPY . /src

RUN cd /src \
    && apk add pnpm \
    && pnpm install \
    && pnpm run build

# Stage 1: build

FROM debian:13 AS build-server

ARG NGINX_VERSION=1.30.0
ARG ZSTD_MODULE_VERSION=0.1.1

RUN apt-get update && apt-get install -y --no-install-recommends \
    build-essential \
    ca-certificates \
    curl \
    libpcre2-dev \
    libssl-dev \
    zlib1g-dev \
    libzstd-dev \
    tar \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /build

RUN curl -fsSLO "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" \
    && tar -xzf "nginx-${NGINX_VERSION}.tar.gz" \
    && curl -fsSL "https://github.com/tokers/zstd-nginx-module/archive/refs/tags/${ZSTD_MODULE_VERSION}.tar.gz" -o zstd-nginx-module.tar.gz \
    && tar -xzf zstd-nginx-module.tar.gz

WORKDIR /build/nginx-${NGINX_VERSION}

RUN ./configure \
    --prefix=/etc/nginx \
    --sbin-path=/usr/sbin/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --pid-path=/run/nginx.pid \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_gzip_static_module \
    --add-module=/build/zstd-nginx-module-${ZSTD_MODULE_VERSION} \
    && make -j"$(nproc)" \
    && make install

# Stage 2: hardened runtime

FROM dhi.io/nginx:1.30.0-debian13

COPY --from=build-server /usr/sbin/nginx /usr/sbin/nginx
COPY --from=build-server /etc/nginx /etc/nginx
COPY --from=build-page /src/dist /usr/share/nginx/html

EXPOSE 80 443

CMD ["-g", "daemon off;"]