feat: add Caddy healthcheck and various cleanup (#462)

* feat: add Caddy healthcheck and various cleanup

* fix healtcheck
This commit is contained in:
Kévin Dunglas 2023-09-14 14:11:07 +02:00 committed by GitHub
parent 8b40991b05
commit 81c2a77ed5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 40 additions and 29 deletions

View File

@ -68,7 +68,5 @@ jobs:
name: Checkout
uses: actions/checkout@v3
-
name: Lint Dockerfiles
name: Lint Dockerfile
uses: hadolint/hadolint-action@v3.1.0
with:
recursive: true

View File

@ -47,11 +47,9 @@ COPY --link docker/php/php-fpm.d/zz-docker.conf /usr/local/etc/php-fpm.d/zz-dock
RUN mkdir -p /var/run/php
COPY --link --chmod=755 docker/php/docker-healthcheck.sh /usr/local/bin/docker-healthcheck
HEALTHCHECK --interval=10s --timeout=3s --retries=3 --start-period=40s CMD ["docker-healthcheck"]
HEALTHCHECK --start-period=1m CMD docker-healthcheck
COPY --link --chmod=755 docker/php/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
ENTRYPOINT ["docker-entrypoint"]
CMD ["php-fpm"]
@ -113,6 +111,7 @@ WORKDIR /srv/app
ADD --chmod=500 https://caddyserver.com/api/download?os=linux&arch=$TARGETARCH&p=github.com/dunglas/mercure/caddy&p=github.com/dunglas/vulcain/caddy /usr/bin/caddy
COPY --link docker/caddy/Caddyfile /etc/caddy/Caddyfile
HEALTHCHECK CMD wget --no-verbose --tries=1 --spider https://localhost/healthz || exit 1
# Prod Caddy image
FROM caddy_base AS caddy_prod

View File

@ -1,32 +1,46 @@
{
# Debug
{$CADDY_DEBUG}
{$CADDY_GLOBAL_OPTIONS}
}
{$SERVER_NAME}
{$SERVER_NAME:localhost}
{$CADDY_EXTRA_CONFIG}
log
log {
# Redact the authorization query parameter that can be set by Mercure
format filter {
wrap console
fields {
uri query {
replace authorization REDACTED
}
}
}
}
route {
root * /srv/app/public
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow anonymous subscribers (double-check that it's what you want)
anonymous
# Enable the subscription API (double-check that it's what you want)
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
vulcain
php_fastcgi unix//var/run/php/php-fpm.sock
encode zstd gzip
file_server
# Healthcheck URL
respond /healthz 200
skip_log /healthz
root * /srv/app/public
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow anonymous subscribers (double-check that it's what you want)
anonymous
# Enable the subscription API (double-check that it's what you want)
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
vulcain
php_fastcgi unix//var/run/php/php-fpm.sock
encode zstd gzip
file_server
}