sudo tee /var/www/html/index.html > /dev/null <<'EOF'
<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8" />
  <meta name="viewport" content="width=device-width,initial-scale=1" />
  <title>Greg2 Secure Web App (Apache)</title>
  <style>
    body { font-family: system-ui, -apple-system, Segoe UI, Roboto, Arial, sans-serif; margin: 0; background: #0b1020; color: #e8ecff; }
    header { padding: 24px 20px; background: rgba(255,255,255,0.06); border-bottom: 1px solid rgba(255,255,255,0.10); }
    .wrap { max-width: 920px; margin: 0 auto; padding: 18px 20px 40px; }
    .card { background: rgba(255,255,255,0.06); border: 1px solid rgba(255,255,255,0.10); border-radius: 14px; padding: 16px; margin-top: 14px; }
    .grid { display: grid; grid-template-columns: 1fr; gap: 14px; }
    @media (min-width: 860px) { .grid { grid-template-columns: 1fr 1fr; } }
    .title { font-size: 18px; font-weight: 700; margin: 0 0 6px; }
    .muted { color: rgba(232,236,255,0.75); margin: 0; }
    .pill { display:inline-block; padding: 4px 10px; border-radius: 999px; background: rgba(120,140,255,0.18); border: 1px solid rgba(120,140,255,0.28); font-size: 12px; }
    code { background: rgba(0,0,0,0.35); padding: 2px 6px; border-radius: 8px; }
    button { padding: 10px 12px; border-radius: 12px; border: 1px solid rgba(255,255,255,0.16);
             background: rgba(255,255,255,0.08); color: #e8ecff; cursor: pointer; }
    button:hover { background: rgba(255,255,255,0.12); }
    .row { display:flex; gap:10px; align-items:center; flex-wrap:wrap; }
    .ok { color: #7dffb0; }
    .warn { color: #ffd37d; }
    a { color: #a8b6ff; }
  </style>
</head>
<body>
  <header>
    <div class="wrap">
      <div class="row" style="justify-content:space-between;">
        <div>
          <div class="pill">Apache • Static App</div>
          <h1 style="margin:10px 0 6px;">Greg2 Secure Web App</h1>
          <p class="muted">A lightweight demo “web app” served by Apache on EC2.</p>
        </div>
        <div style="text-align:right;">
          <div class="muted" style="font-size:13px;">Server time</div>
          <div id="time" style="font-weight:700;"></div>
        </div>
      </div>
    </div>
  </header>

  <main class="wrap">
    <div class="grid">
      <div class="card">
        <p class="title">Status</p>
        <p class="muted">If you can see this page, your EC2 instance is reachable on <code>HTTP/80</code>.</p>
        <p style="margin-top:10px;">
          Web tier: <span class="ok">ONLINE</span><br />
          DB tier: <span class="warn">PRIVATE (no public IP)</span>
        </p>
      </div>

      <div class="card">
        <p class="title">Security controls (what this lab demonstrates)</p>
        <ul style="margin:8px 0 0; padding-left:18px; color: rgba(232,236,255,0.85);">
          <li>Public subnet routes to an Internet Gateway</li>
          <li>Private subnet routes outbound via NAT Gateway</li>
          <li>Security Group allows inbound HTTP/HTTPS only</li>
          <li>Database inbound restricted to the web security group</li>
        </ul>
      </div>

      <div class="card">
        <p class="title">Quick client-side check</p>
        <p class="muted">Click to show what your browser sees.</p>
        <div class="row" style="margin-top:10px;">
          <button onclick="showInfo()">Show details</button>
          <button onclick="copyURL()">Copy page URL</button>
        </div>
        <pre id="out" style="margin-top:12px; white-space:pre-wrap; background:rgba(0,0,0,0.28); padding:12px; border-radius:12px; border:1px solid rgba(255,255,255,0.10);"></pre>
      </div>

      <div class="card">
        <p class="title">Next step: HTTPS</p>
        <p class="muted">
          For TLS, terminate HTTPS on an <b>Application Load Balancer</b> using an ACM certificate,
          then forward to this instance on HTTP.
        </p>
        <p class="muted" style="margin-top:10px;">Tip: enforce HTTPS with an ALB redirect (80 → 443).</p>
      </div>
    </div>

    <p class="muted" style="margin-top:18px; font-size:13px;">
      Built for your cloud security lab. No frameworks. Just Apache + HTML/CSS/JS.
    </p>
  </main>

  <script>
    function tick() {
      document.getElementById('time').textContent = new Date().toLocaleString();
    }
    setInterval(tick, 1000); tick();

    function showInfo() {
      const info = {
        userAgent: navigator.userAgent,
        url: location.href,
        protocol: location.protocol,
        host: location.host,
        time: new Date().toISOString()
      };
      document.getElementById('out').textContent = JSON.stringify(info, null, 2);
    }

    async function copyURL() {
      try {
        await navigator.clipboard.writeText(location.href);
        alert("Copied!");
      } catch (e) {
        alert("Copy failed (browser permissions). URL: " + location.href);
      }
    }
  </script>
</body>
</html>
EOF