#Dockerfile CyberFT system
#version 3.8 (php7.0)

FROM debian:jessie

#step 1 - core and tools
RUN echo "deb http://httpredir.debian.org/debian wheezy main" >> /etc/apt/sources.list \
&& export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& apt-get update \
&& apt-get -y install nano libnss3-1d libnspr4-0d apt-utils debconf-utils sudo wget autoconf libtool liblzma-dev python-dev software-properties-common python-software-properties locales libc6-i386 lib32z1 \
&& apt-get -y install alien locales libc6-i386 lib32z1 \
&& apt-get -y -t=jessie install lsb-security lsb-core \
&& apt-mark hold lsb lsb-base lsb-core lsb-security

#step 2 - mysql
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& wget https://www.dotdeb.org/dotdeb.gpg \
&& sudo apt-key add dotdeb.gpg \
&& rm -rf dotdeb.gpg \
&& echo "deb http://packages.dotdeb.org jessie all"  >> /etc/apt/sources.list \
&& echo "deb-src http://packages.dotdeb.org jessie all" >> /etc/apt/sources.list \
&& echo "mysql-server mysql-server/root_password password 123qwe" | debconf-set-selections \
&& echo "mysql-server mysql-server/root_password_again password 123qwe" | debconf-set-selections \
&& apt-get -y install mysql-server

#step3 - php
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& echo "deb-src http://httpredir.debian.org/debian jessie main" >> /etc/apt/sources.list \
&& echo "deb http://httpredir.debian.org/debian jessie-updates main" >> /etc/apt/sources.list \
&& echo "deb-src http://httpredir.debian.org/debian jessie-updates main" >> /etc/apt/sources.list \
&& apt-get update \
&& apt-get -y install libxslt1.1 libzip2 gcc  \
&& apt-get install -y php7.0-readline php7.0-fpm php7.0-common php7.0-cli php7.0-mcrypt php7.0-mysqlnd php7.0-curl php7.0-intl php7.0-curl php7.0-mcrypt php7.0-mysqlnd php7.0-intl php7.0-mbstring php7.0-zip php7.0-xml php7.0-ssh2

#step 4 - java
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& echo "deb http://httpredir.debian.org/debian wheezy main" >> /etc/apt/sources.list \
&& echo "deb http://packages.dotdeb.org jessie all"  >> /etc/apt/sources.list \
&& echo "deb-src http://packages.dotdeb.org jessie all" >> /etc/apt/sources.list \
&& echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \
&& echo "deb-src http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \
&& echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee /etc/apt/sources.list.d/webupd8team-java.list \
&& echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list \
&& apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886 \
&& apt-get -y update \
&& echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | sudo debconf-set-selections \
&& apt-get -y install oracle-java8-set-default

#step5 - nginx
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \
&& echo "deb-src http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list \
&& wget https://nginx.ru/keys/nginx_signing.key \
&& sudo apt-key add nginx_signing.key \
&& apt-get update \
&& apt-get install nginx \
&& rm -rf /etc/nginx/sites-enabled/default

#step6 - elasticsearch
COPY deps/elasticsearch-2.4.1.deb /root
RUN dpkg -i /root/elasticsearch-2.4.1.deb \
&& rm -rf /root/elasticsearch-2.4.1.deb

#step7 - redis-server
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& apt-get -y install redis-server

#step8 - stunnel4
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& apt-get install -y stunnel4 \
&& sed -i 's/ENABLED=0/ENABLED=1/' /etc/default/stunnel4

#step9 - incrontab
COPY deps/incron_0.5.10-1_amd64.deb /root/
RUN dpkg -i /root/incron_0.5.10-1_amd64.deb \
&& echo "root" >> "/etc/incron.allow" \
&& rm -rf /root/incron_0.5.10-1_amd64.deb

#step10 - openssl
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& cd /root \
&& apt-get install make \
&& wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2.tar.gz \
&& tar xvf openssl-1.0.2.tar.gz \
&& cd ./openssl-1.0.2 \
&& ./config --prefix=/usr/local/openssl-1.0.2 shared \
&& make \
&& make install \
&& echo "openssl_conf = openssl_def\n$(cat /usr/local/openssl-1.0.2/ssl/openssl.cnf)" > /usr/local/openssl-1.0.2/ssl/openssl.cnf \
&& echo "[openssl_def]\nengines = engine_section\n[engine_section]\ngost = gost_section\n[gost_section]\nengine_id = gost\ndynamic_path = /usr/local/openssl-1.0.2/lib/engines/libgost.so\ndefault_algorithms = ALL\nCRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet" >> /usr/local/openssl-1.0.2/ssl/openssl.cnf \
&& echo 'export OPENSSL_CONF="/usr/local/openssl-1.0.2/ssl/openssl.cnf"' >  /etc/environment \
&& export OPENSSL_CONF="/usr/local/openssl-1.0.2/ssl/openssl.cnf" \
&& mv /usr/lib/ssl/openssl.cnf /usr/lib/ssl/openssl.cnf_bak \
&& rm -rf /usr/bin/opensssl \
&& ln -sf /usr/local/openssl-1.0.2/openssl /usr/bin/opensssl \
&& ln -sf /usr/local/openssl-1.0.2/ssl/openssl.cnf /usr/lib/ssl/openssl.cnf

#step11 - libxml
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& cd /root \
&& wget --no-check-certificate http://xmlsoft.org/sources/libxml2-2.9.4.tar.gz \
&& tar xvf libxml2-2.9.4.tar.gz && cd libxml2-2.9.4 \
&& sudo ./configure --prefix=/usr/local/libxml2-2.9.4 \
&& sudo make \
&& sudo make install

#step12 - xmlsec
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& cd /root \
&& wget --no-check-certificate https://www.aleksey.com/xmlsec/download/xmlsec1-1.2.23.tar.gz \
&& tar xvzf xmlsec1-1.2.23.tar.gz \
&& cd xmlsec1-1.2.23 \
&& ./configure --prefix=/usr/local/xmlsec1-1.2.23 --enable-gost --disable-crypto-dl --with-openssl=/usr/local/openssl-1.0.2 --with-libxml=/usr/local/libxml2-2.9.4 --without-gcrypt --without-gnutls --without-libxslt \
&& make \
&& make install \
&& ln -sf ./usr/local/xmlsec1-1.2.23/lib/* /usr/lib/ \
&& ln -sf ./usr/local/xmlsec1-1.2.23/lib/* /usr/lib32/

#step13- crypto-pro
COPY deps/linux-amd64.tgz /root
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& cd /root/ \
&& tar -xf linux-amd64.tgz \
&& cd linux-amd64 \
&& alien -kci cprocsp-compat-altlinux-64-1.0.0-1.noarch.rpm \
&& alien -kci lsb-cprocsp-base-3.9.0-4.noarch.rpm \
&& alien -kci lsb-cprocsp-rdr-64-3.9.0-4.x86_64.rpm \
&& alien -kci lsb-cprocsp-capilite-64-3.9.0-4.x86_64.rpm \
&& alien -kci lsb-cprocsp-kc1-64-3.9.0-4.x86_64.rpm \
&& alien -kci cprocsp-stunnel-64-3.9.0-4.x86_64.rpm

#step14 - configure and clean
COPY deps/sudoers /etc/sudoers
COPY deps/cyberft-crypt /usr/bin/
RUN export http_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& export https_proxy=http://nikolashin:AAB0nd008-@officeproxy.cyberplat.com:8080/ \
&& cd /root \
&& apt-get install ccze \
&& apt-get -y autoremove \
&& rm -rf /etc/apt/apt.conf \
&& rm -rf /etc/apt/sources.list \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf  /var/lib/apt/* \
&& rm -rf /root/* \
&& find /var/cache/* -type f -exec rm {} \; \
&& rm -rf /nginx_signing.key \
&& chmod -R 0644 /etc/sudoers \
&& chmod +x /usr/bin/cyberft-crypt \
&& chmod -R 0775 /usr/bin/cyberft-crypt \
&& echo 'LD_LIBRARY_PATH="/usr/lib/x86_64-linux-gnu:/usr/local/xmlsec1-1.2.23/lib:/usr/local/openssl-1.0.2/lib:/usr/local/libxml2-2.9.4/lib:${LD_LIBRARY_PATH}"' >>  /etc/environment \
&& echo "alias logs='tail -f /var/www/cyberft/app/logs/* | ccze -A'" >> /root/.bashrc \
&& echo "alias services='/var/www/cyberft/app/background-jobs stop && /var/www/cyberft/app/src/yii resque/purge && /var/www/cyberft/app/src/yii app/update && /var/www/cyberft/app/background-jobs start'" >> /root/.bashrc \
&& echo "alias src='cd /var/www/cyberft/app/src'" >> /root/.bashrc

MAINTAINER nikolashin@cyberplat.com
LABEL CyberFT="3.8"
ENV LD_LIBRARY_PATH "/usr/lib/x86_64-linux-gnu:/usr/local/xmlsec1-1.2.23/lib:/usr/local/openssl-1.0.2/lib:/usr/local/libxml2-2.9.4/lib:${LD_LIBRARY_PATH}"
CMD ["/bin/bash"]