FROM debian:wheezy

MAINTAINER Aymeric Sorek "aymericsorek@protonmail.com"

# Environment
ENV LANG C.UTF-8
ENV LANGUAGE C.UTF-8
ENV LC_ALL C.UTF-8

# Change sources.list
RUN echo "deb http://archive.debian.org/debian wheezy main" > /etc/apt/sources.list

# Update and upgrade
RUN apt-get update
RUN apt-get dist-upgrade -y

# Install packages
RUN apt-get install -y wget
RUN apt-get install -y nginx
RUN apt-get install -y curl

# Install vulnerable versions from snapshot archive
#RUN wget http://snapshot.debian.org/archive/debian/20130319T033933Z/pool/main/o/openssl/libssl1.0.0_1.0.1e-2_amd64.deb -O /tmp/libssl1.0.0_1.0.1e-2_amd64.deb
#RUN wget http://snapshot.debian.org/archive/debian/20130319T033933Z/pool/main/o/openssl/openssl_1.0.1e-2_amd64.deb -O /tmp/openssl_1.0.1e-2_amd64.deb
COPY libssl1.0.0_1.0.1e-2_amd64.deb /tmp/libssl1.0.0_1.0.1e-2_amd64.deb
COPY openssl_1.0.1e-2_amd64.deb /tmp/openssl_1.0.1e-2_amd64.deb
RUN dpkg -i /tmp/libssl1.0.0_1.0.1e-2_amd64.deb
RUN dpkg -i /tmp/openssl_1.0.1e-2_amd64.deb

# Define the ENV variable
ENV nginx_vhost /etc/nginx/sites-available/default
ENV nginx_conf /etc/nginx/nginx.conf

# Generation certificate and key
RUN mkdir /etc/nginx/ssl
RUN openssl req -x509 -nodes -days 365 -sha256 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=FR/ST=You_re_not_supposed_to_be_here/L=You_re_not_supposed_to_be_here/O=You_re_not_supposed_to_be_here/CN=10.1.0.1"
RUN openssl dhparam -out /etc/nginx/dhparam.pem 2048

# Conf nginx
COPY default ${nginx_vhost}
COPY nginx.conf /etc/nginx/nginx.conf
RUN rm -rf /var/www/html/*
RUN mkdir -p /var/www/html
RUN chown -R www-data:www-data /var/www/html

# Volume
COPY webroot /var/www/html

# Test nginx conf
RUN nginx -t

# Clean up
RUN apt-get autoremove
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Scripts
COPY start.sh /start.sh
CMD ["./start.sh"]

# Expose web ports
EXPOSE 443