From 06c5887dc68caceec5989d6faf2c347a7cc37c22 Mon Sep 17 00:00:00 2001 From: Omer Cohen Date: Wed, 1 Mar 2017 12:04:51 +0200 Subject: [PATCH] adding docker healthcheck and an unauthenticated port for external healthchecks starting docker v1.12 there's an option for an internal healthcheck this commit allows an unauthenticated requests from localhost and adds an additional server with port 9999 for orchestrated healthchecks like rancher or k8s, this port should not be exposed to untrusted networks --- Dockerfile | 4 +++- auth.conf | 17 ++++++++++------- healthcheck.conf | 8 ++++++++ launch.sh | 1 + 4 files changed, 22 insertions(+), 8 deletions(-) create mode 100644 healthcheck.conf diff --git a/Dockerfile b/Dockerfile index 20f86e7..232e7f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,8 @@ WORKDIR /opt RUN apk add --no-cache gettext -COPY auth.conf auth.htpasswd launch.sh ./ +COPY auth.conf healthcheck.conf auth.htpasswd launch.sh ./ + +HEALTHCHECK CMD wget -q http://localhost:80/ || exit 1 CMD ["./launch.sh"] diff --git a/auth.conf b/auth.conf index aaebd2e..0b9aaa7 100644 --- a/auth.conf +++ b/auth.conf @@ -1,11 +1,14 @@ server { - listen 80 default_server; + listen 80 default_server; - location / { - auth_basic "Restricted"; - auth_basic_user_file auth.htpasswd; + location / { + satisfy any; + allow 127.0.0.1; + deny all; + auth_basic "Restricted"; + auth_basic_user_file auth.htpasswd; - proxy_pass http://${FORWARD_HOST}:${FORWARD_PORT}; - proxy_read_timeout 900; - } + proxy_pass http://${FORWARD_HOST}:${FORWARD_PORT}; + proxy_read_timeout 900; + } } diff --git a/healthcheck.conf b/healthcheck.conf new file mode 100644 index 0000000..18bfd75 --- /dev/null +++ b/healthcheck.conf @@ -0,0 +1,8 @@ +server { + listen 9999 default_server; + + location / { + proxy_pass http://${FORWARD_HOST}:${FORWARD_PORT}; + proxy_read_timeout 900; + } +} diff --git a/launch.sh b/launch.sh index f5aba9e..9d56a67 100755 --- a/launch.sh +++ b/launch.sh @@ -2,6 +2,7 @@ rm /etc/nginx/conf.d/default.conf || : envsubst < auth.conf > /etc/nginx/conf.d/auth.conf +envsubst < healthcheck.conf > /etc/nginx/conf.d/healthcheck.conf envsubst < auth.htpasswd > /etc/nginx/auth.htpasswd nginx -g "daemon off;"