Dockerfile

# Use the rootless Docker-in-Docker base image
FROM docker:dind-rootless

# Set the working directory inside the container
WORKDIR /app

# Copy the Nginx app's index.html and its Dockerfile (exdocker) into this container
COPY index.html ./
COPY exdocker ./

# Switch to root user to install curl, as apk requires root privileges
USER root
RUN apk add --no-cache curl
# Switch back to the default non-root user for dind-rootless (usually 'docker')
# This is important for security and proper operation of the rootless daemon
USER docker

# Expose a port from this DinD container.
# We'll map the inner Nginx container's port 80 to this port (e.g., 8080)
# within the DinD container. Then, we can map this 8080 to the host.
EXPOSE 8080

# The base image's ENTRYPOINT is `dockerd-rootless.sh`.
# We override the default CMD to run our script.
# Our script will:
# 1. Start the rootless daemon in the background.
# 2. Wait for the daemon to be ready.
# 3. Perform the build and run of the inner Nginx container.
# 4. Keep the outer container alive.
CMD ["sh", "-c", "\
    # Start the rootless Docker daemon in the background
    /usr/local/bin/dockerd-rootless.sh & \
    # Wait for the Docker daemon to be fully ready
    # This loop is more robust than a fixed sleep
    until docker info >/dev/null 2>&1; do \
        echo 'Waiting for Docker daemon to start...'; \
        sleep 1; \
    done; \
    echo 'Docker daemon is up and running!'; \
    \
    # Build the Nginx image using the copied exdocker Dockerfile
    docker build -f exdocker -t my-nginx-app . && \
    \
    # Run the Nginx container in detached mode, mapping its port 80
    # to port 8080 *inside this DinD container*.
    docker run -d -p 8080:80 --name my-inner-nginx my-nginx-app && \
    \
    echo 'Inner Nginx container started. Testing accessibility...' && \
    \
    # Test accessibility of the inner Nginx server
    curl http://localhost:8080 && \
    \
    # Keep this DinD container running indefinitely
    sleep infinity"]