FROM ubuntu:20.04

# Update all packages and install the apt tools to install the rest
RUN apt update && \
    apt upgrade -y && \
    apt install -y gnupg2 apt-utils ca-certificates apt-transport-https wget

# Add the PGP Key of SOGo
RUN wget -O- "https://keys.openpgp.org/vks/v1/by-fingerprint/74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9" | gpg --dearmor | apt-key add -

# Download SOGO from this repo:
COPY SOGo.list /etc/apt/sources.list.d/SOGo.list

# Update apt cache and install SOGo
RUN apt update && \
    # Switch to non-interactive install
    export DEBIAN_FRONTEND=noninteractive && \
    # Do the time zone settings beforehand so we don't get promted for it during install (pick your timezone)
    echo "tzdata tzdata/Areas select Europe" | debconf-set-selections && \
    echo "tzdata tzdata/Zones/Europe select Berlin" | debconf-set-selections && \
    echo "tzdata tzdata/Zones/Etc select UTC" | debconf-set-selections && \
    # For some reason SOGo wants this file to be present
    mkdir -p /usr/share/doc/sogo/ && touch /usr/share/doc/sogo/foo.sh && \
    # Install the actual services needed
    apt install -y --no-install-recommends apache2 sope4.9-gdl1-postgresql sogo supervisor gosu && \
    # Prepare non-privileged file permissions for SOGo
    chown sogo /etc/sogo/sogo.conf && \
    mkdir -p /var/run/sogo && chown sogo /var/run/sogo && \
    # Apache also runs on a non-privileged user
    mkdir -p /var/run/apache2 && chown www-data /var/run/apache2 && \
    # Activate the necessary Apache mods and disable the default site
    a2enmod proxy headers proxy_http rewrite && \
    a2dissite 000-default && \
    # Verify that gosu works
    gosu nobody true
    
# This file is explained below
COPY config/supervisord.conf /etc/supervisord/supervisord.conf

COPY config/sogo.conf /etc/sogo/sogo.conf
COPY config/idp-metadata.xml /etc/sogo/idp-metadata.xml
COPY config/saml.key /etc/pki/tls/private/saml.key
COPY config/saml.pem /etc/pki/tls/certs/saml.pem
COPY config/idp.pub /etc/pki/tls/certs/idp.pub
COPY config/idp.pem /etc/pki/tls/certs/idp.pem
RUN chmod 644 /etc/pki/tls/private/saml.key /etc/pki/tls/certs/saml.pem

COPY config/site.conf /etc/apache2/sites-enabled/sogo.conf

# Supervisord will start Apache and SOGo
CMD exec /usr/bin/supervisord -c /etc/supervisord/supervisord.conf