# 強制指定使用 bookworm (Debian 12) 基礎映像檔，避免 Trixie 的套件衝突
FROM php:8.2-apache-bookworm

SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# 1. 修正網路連線並安裝系統相依套件
RUN rm -f /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list && \
    printf "deb https://free.nchc.org.tw/debian bookworm main contrib non-free non-free-firmware\n\
deb https://free.nchc.org.tw/debian bookworm-updates main contrib non-free non-free-firmware\n\
deb https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware\n" > /etc/apt/sources.list && \
    # 第一次 update 必須跳過驗證
    apt-get -o Acquire::https::Verify-Peer=false update && \
    apt-get install -y --no-install-recommends -o Acquire::https::Verify-Peer=false \
    ca-certificates \
    curl \
    gnupg \
    gnupg2 && \
    # 第二步：有了證書後安裝其餘套件（Bookworm 絕對不會有 libssl 版本衝突）
    apt-get update && apt-get install -y --no-install-recommends \
    lsb-release \
    libfreetype6-dev \
    libjpeg62-turbo-dev \
    libpng-dev \
    libgmp-dev \
    libxml2-dev \
    libcurl4-gnutls-dev \
    libmariadb-dev-compat \
    libmariadb-dev \
    libpq-dev \
    libsqlite3-dev \
    unixodbc-dev \
    libmemcached-dev \
    zlib1g-dev \
    && rm -rf /var/lib/apt/lists/*

# 2. 安裝微軟 ODBC Driver for SQL Server
RUN curl -fsSL https://packages.microsoft.com/keys/microsoft.asc \
      | gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg \
    && echo "deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/microsoft-prod.gpg] https://packages.microsoft.com/debian/12/prod bookworm main" \
      > /etc/apt/sources.list.d/mssql-release.list \
    && apt-get update && ACCEPT_EULA=Y apt-get install -y --no-install-recommends \
      msodbcsql18 \
      mssql-tools18 \
    && rm -rf /var/lib/apt/lists/*

ENV PATH="$PATH:/opt/mssql-tools18/bin"

# 3. 安裝 PHP 內建擴充
RUN docker-php-ext-configure gd --with-freetype --with-jpeg \
    && docker-php-ext-configure gmp \
    && docker-php-ext-install -j"$(nproc)" \
      gd exif gmp mysqli pdo_mysql pdo_pgsql pgsql pdo_sqlite opcache

# 4. 安裝 PECL 擴充
RUN pecl install channel://pecl.php.net/xmlrpc-1.0.0RC3 \
    && pecl install sqlsrv pdo_sqlsrv \
    && pecl install memcached \
    && docker-php-ext-enable xmlrpc sqlsrv pdo_sqlsrv memcached

# SQL Server TLS workaround
RUN echo 'openssl_conf = default_conf' > /etc/ssl/openssl_custom.cnf \
    && echo '[default_conf]' >> /etc/ssl/openssl_custom.cnf \
    && echo 'ssl_conf = ssl_sect' >> /etc/ssl/openssl_custom.cnf \
    && echo '[ssl_sect]' >> /etc/ssl/openssl_custom.cnf \
    && echo 'system_default = system_default_sect' >> /etc/ssl/openssl_custom.cnf \
    && echo '[system_default_sect]' >> /etc/ssl/openssl_custom.cnf \
    && echo 'CipherString = DEFAULT@SECLEVEL=0' >> /etc/ssl/openssl_custom.cnf \
    && echo 'Options = UnsafeLegacyRenegotiation' >> /etc/ssl/openssl_custom.cnf

ENV OPENSSL_CONF=/etc/ssl/openssl_custom.cnf

WORKDIR /var/www/html
RUN a2enmod rewrite