ARG MODSECURITY_VERSION="3.0.13"
ARG LUA_VERSION="5.4"

FROM nginx:1-alpine-slim AS build

ARG MODSECURITY_VERSION
ARG LUA_VERSION

RUN set -eux; \
    apk add \
        autoconf \
        automake \
        ca-certificates \
        coreutils \
        curl-dev \
        g++ \
        gcc \
        git \
        grep \
        libc-dev \
        libfuzzy2-dev \
        libmaxminddb-dev \
        libstdc++ \
        libtool \
        libxml2-dev \
        linux-headers \
        lmdb-dev \
        lua${LUA_VERSION}-dev \
        make \
        openssl \
        openssl-dev \
        patch \
        pcre-dev \
        pcre2-dev \
        pkgconfig \
        sed \
        yajl-dev \
        zlib-dev

RUN set -eux; \
    echo "Download nginx and modules"; \
    cd /opt; \
    git clone -b master --depth 1 https://github.com/owasp-modsecurity/ModSecurity-nginx.git; \
    wget "http://nginx.org$(wget http://nginx.org/en/download.html -O - | grep -oP 'Mainline version.*?\K(/download/.*?tar.gz)')" -O - | tar zxvf - ; \
    mv $(ls | grep nginx-) nginx

RUN set -eux; \
    echo "Build ModSecurity library"; \
    cd /opt; \
    git clone https://github.com/owasp-modsecurity/ModSecurity --branch "v${MODSECURITY_VERSION}" --depth 1 --recursive; \
    cd ModSecurity; \
    ./build.sh; \
    ./configure --with-yajl --with-ssdeep --with-lmdb --with-pcre2 --with-maxmind --enable-silent-rules; \
    make install

RUN set -eux; \
    echo "Make nginx modules"; \
    cd /opt/nginx; \
    ./configure --with-compat --add-dynamic-module=/opt/ModSecurity-nginx; \
    make modules

RUN set -eux; \
    echo "Strip compilation"; \
    find /usr/local/modsecurity/lib/ -type l -delete; \
    strip /usr/local/modsecurity/lib/lib*.so*; \
    strip /opt/nginx/objs/ngx_http_modsecurity_module.so


FROM nginx:1-alpine-slim

ARG LUA_VERSION
ARG MODSECURITY_VERSION

COPY --from=build /opt/nginx/objs/ngx_http_modsecurity_module.so /usr/lib/nginx/modules
COPY --from=build /usr/local/modsecurity/lib/lib*.so* /usr/local/modsecurity/lib/
RUN set -eux; \
    apk add --update --no-cache \
        libfuzzy2 \
        libmaxminddb \
        libstdc++ \
        libxml2 \
        lmdb \
        lua${LUA_VERSION} \
        lua${LUA_VERSION}-socket \
        lua${LUA_VERSION}-lzlib \
        moreutils \
        openssl \
        tzdata \
        pcre \
        pcre2 \
        yajl; \
    chmod -R 644 /usr/lib/nginx/modules/ngx_http_modsecurity_module.so; \
    cd /usr/local/modsecurity/lib; \
    ln -s libmodsecurity.so.${MODSECURITY_VERSION} libmodsecurity.so.3.0; \
    ln -s libmodsecurity.so.${MODSECURITY_VERSION} libmodsecurity.so.3; \
    ln -s libmodsecurity.so.${MODSECURITY_VERSION} libmodsecurity.so; \
    mkdir -p /tmp/modsecurity/tmp; \
    mkdir -p /tmp/modsecurity/data