FROM ubuntu:24.04

ARG XRAY_VERSION=v26.3.27
ARG XRAY_ZIP=Xray-linux-64.zip
ARG XRAY_ZIP_SHA256=23cd9af937744d97776ee35ecad4972cf4b2109d1e0fe6be9930467608f7c8ae
ARG S6_OVERLAY_VERSION=3.2.3.0
ARG S6_OVERLAY_ARCH=x86_64
ARG S6_OVERLAY_NOARCH_SHA256=b720f9d9340efc8bb07528b9743813c836e4b02f8693d90241f047998b4c53cf
ARG S6_OVERLAY_ARCH_SHA256=a93f02882c6ed46b21e7adb5c0add86154f01236c93cd82c7d682722e8840563
ARG SOURCE_VERSION=unknown

# Use USTC Ubuntu mirrors and install runtime tools.
RUN set -eux; \
    if [ -f /etc/apt/sources.list ]; then \
        sed -i \
            -e 's@//.*archive.ubuntu.com@//mirrors.ustc.edu.cn@g' \
            -e 's@//.*security.ubuntu.com@//mirrors.ustc.edu.cn@g' \
            /etc/apt/sources.list; \
    fi; \
    if [ -d /etc/apt/sources.list.d ]; then \
        find /etc/apt/sources.list.d -type f -name '*.sources' -exec sed -i \
            -e 's@//.*archive.ubuntu.com@//mirrors.ustc.edu.cn@g' \
            -e 's@//.*security.ubuntu.com@//mirrors.ustc.edu.cn@g' \
            {} +; \
    fi; \
    apt-get update; \
    apt-get install -y --no-install-recommends ca-certificates curl git iptables jq unzip xz-utils; \
    rm -rf /var/lib/apt/lists/*

# Install s6-overlay as PID 1 / service supervisor.
RUN set -eux; \
    s6_base="https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}"; \
    curl -fsSL "${s6_base}/s6-overlay-noarch.tar.xz" -o /tmp/s6-overlay-noarch.tar.xz; \
    curl -fsSL "${s6_base}/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz" -o /tmp/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz; \
    printf '%s  %s\n' "${S6_OVERLAY_NOARCH_SHA256}" /tmp/s6-overlay-noarch.tar.xz | sha256sum -c -; \
    printf '%s  %s\n' "${S6_OVERLAY_ARCH_SHA256}" /tmp/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz | sha256sum -c -; \
    tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz; \
    tar -C / -Jxpf /tmp/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz; \
    rm -f /tmp/s6-overlay-noarch.tar.xz /tmp/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz

# Install Xray from the official release archive.
RUN set -eux; \
    download_base="https://github.com/XTLS/Xray-core/releases"; \
    download_url="$download_base/download/$XRAY_VERSION/$XRAY_ZIP"; \
    curl -fsSL "$download_url" -o /tmp/xray.zip; \
    printf '%s  %s\n' "${XRAY_ZIP_SHA256}" /tmp/xray.zip | sha256sum -c -; \
    unzip /tmp/xray.zip -d /tmp/xray; \
    install -m 0755 /tmp/xray/xray /usr/local/bin/xray; \
    mkdir -p /usr/local/share/xray /etc/xray; \
    if [ -f /tmp/xray/geoip.dat ]; then install -m 0644 /tmp/xray/geoip.dat /usr/local/share/xray/geoip.dat; fi; \
    if [ -f /tmp/xray/geosite.dat ]; then install -m 0644 /tmp/xray/geosite.dat /usr/local/share/xray/geosite.dat; fi; \
    useradd --system --home-dir /nonexistent --shell /usr/sbin/nologin xray; \
    rm -rf /tmp/xray /tmp/xray.zip

ENV XRAY_CONFIG=/etc/xray/config.json \
    XRAY_GENERATED_CONFIG=/tmp/xray.generated.json \
    XRAY_IPV6_ENABLED=0 \
    XRAY_TRANSPARENT=1 \
    XRAY_REDIRECT_PORT=12345

COPY scripts/ /usr/local/bin/scripts/
COPY rootfs/ /

RUN chmod +x \
    /usr/local/bin/scripts/*.sh \
    /etc/cont-init.d/* \
    /etc/cont-finish.d/*; \
    printf '%s\n' "${SOURCE_VERSION}" > /usr/local/share/ubuntu-xray-source-version

ENTRYPOINT ["/init"]
CMD ["/bin/bash"]
