# Use the official Debian 11 (bullseye) base image
FROM debian:bullseye-slim

# Update the package lists and install required packages
RUN apt-get update && apt-get install -y \
    curl \
    redis-server \
    apt-transport-https \
    ca-certificates \
    gnupg \
    software-properties-common \
    sudo \
    && rm -rf /var/lib/apt/lists/*

# Import the Tyk public key
RUN curl -s https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.deb.sh | bash

# Install the Tyk Gateway package
RUN apt-get update && apt-get install -y tyk-gateway=5.3.4 && rm -rf /var/lib/apt/lists/*

# Create necessary directories
RUN mkdir -p /var/log/tyk-gateway /var/run/tyk-gateway

# Create a non-root user
RUN useradd -u 1000 -m -s /bin/bash tykuser && \
    usermod -aG sudo tykuser && \
    echo "tykuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

# Configure the Tyk Gateway
RUN /opt/tyk-gateway/install/setup.sh --listenport=7860 --redishost=localhost --redisport=6379 --domain=""

# Set correct permissions
RUN chown -R tykuser:tykuser /opt/tyk-gateway /var/log/tyk-gateway /var/run/tyk-gateway /var/run /var/log

# Modify the service script to use sudo
RUN sed -i 's/\$DAEMON/sudo -u tykuser \$DAEMON/' /etc/init.d/tyk-gateway

# Expose the Tyk Gateway port
EXPOSE 7860

# Start Redis and Tyk Gateway
CMD service redis-server start && \
    service tyk-gateway start && \
    tail -f /var/log/tyk-gateway/tyk-gateway.log