FROM debian:bookworm-slim

ARG TARGETARCH
ENV DEBIAN_FRONTEND=noninteractive

# curl fuer den Download, ca-certificates fuer HTTPS
RUN apt-get update && \
    apt-get install -y --no-install-recommends curl ca-certificates tar && \
    rm -rf /var/lib/apt/lists/*

# Aktuelle Version von GitHub API ermitteln und Binary herunterladen
RUN set -eux; \
    VERSION=$(curl -fsSL https://api.github.com/repos/erebe/wstunnel/releases/latest \
        | grep '"tag_name"' | sed 's/.*"tag_name": *"\([^"]*\)".*/\1/'); \
    VERNUM="${VERSION#v}"; \
    case "$(uname -m)" in \
        x86_64)  ARCH="amd64" ;; \
        aarch64) ARCH="arm64" ;; \
        armv7*)  ARCH="armv7" ;; \
        *)       echo "Unsupported arch: $(uname -m)"; exit 1 ;; \
    esac; \
    echo "Downloading wstunnel ${VERSION} for ${ARCH}..."; \
    curl -fsSL "https://github.com/erebe/wstunnel/releases/download/${VERSION}/wstunnel_${VERNUM}_linux_${ARCH}.tar.gz" \
        | tar -xz -C /usr/local/bin wstunnel; \
    chmod +x /usr/local/bin/wstunnel; \
    wstunnel --version

EXPOSE 443

ENTRYPOINT ["/usr/local/bin/wstunnel"]
CMD ["server", "--restrict-to", "127.0.0.1:51820", "wss://0.0.0.0:443"]
