feat: add Caddy healthcheck and various cleanup (#462)

* feat: add Caddy healthcheck and various cleanup * fix healtcheck
2023-09-14 14:11:07 +02:00 · 2023-09-14 14:11:07 +02:00 · 81c2a77ed5
commit 81c2a77ed5
parent 8b40991b05
3 changed files with 40 additions and 29 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -68,7 +68,5 @@ jobs:
        name: Checkout
        uses: actions/checkout@v3
      -
-        name: Lint Dockerfiles
+        name: Lint Dockerfile
        uses: hadolint/hadolint-action@v3.1.0
-        with:
-          recursive: true
--- a/5
+++ b/5
@ -47,11 +47,9 @@ COPY --link docker/php/php-fpm.d/zz-docker.conf /usr/local/etc/php-fpm.d/zz-dock
 RUN mkdir -p /var/run/php

 COPY --link --chmod=755 docker/php/docker-healthcheck.sh /usr/local/bin/docker-healthcheck
-
-HEALTHCHECK --interval=10s --timeout=3s --retries=3 --start-period=40s CMD ["docker-healthcheck"]
+HEALTHCHECK --start-period=1m CMD docker-healthcheck

 COPY --link --chmod=755 docker/php/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
-
 ENTRYPOINT ["docker-entrypoint"]
 CMD ["php-fpm"]

@ -113,6 +111,7 @@ WORKDIR /srv/app
 ADD --chmod=500 https://caddyserver.com/api/download?os=linux&arch=$TARGETARCH&p=github.com/dunglas/mercure/caddy&p=github.com/dunglas/vulcain/caddy /usr/bin/caddy

 COPY --link docker/caddy/Caddyfile /etc/caddy/Caddyfile
+HEALTHCHECK CMD wget --no-verbose --tries=1 --spider https://localhost/healthz || exit 1

 # Prod Caddy image
 FROM caddy_base AS caddy_prod
--- a/docker/caddy/Caddyfile
+++ b/docker/caddy/Caddyfile
@ -1,32 +1,46 @@
 {
-    # Debug
-    {$CADDY_DEBUG}
+	{$CADDY_GLOBAL_OPTIONS}
 }

-{$SERVER_NAME}
+{$SERVER_NAME:localhost} 

 {$CADDY_EXTRA_CONFIG}

-log
+log {
+	# Redact the authorization query parameter that can be set by Mercure
+	format filter {
+		wrap console
+		fields {
+			uri query {
+				replace authorization REDACTED
+			}
+		}
+	}
+}

 route {
-    root * /srv/app/public
-    mercure {
-        # Transport to use (default to Bolt)
-        transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
-        # Publisher JWT key
-        publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
-        # Subscriber JWT key
-        subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
-        # Allow anonymous subscribers (double-check that it's what you want)
-        anonymous
-        # Enable the subscription API (double-check that it's what you want)
-        subscriptions
-        # Extra directives
-        {$MERCURE_EXTRA_DIRECTIVES}
-    }
-    vulcain
-    php_fastcgi unix//var/run/php/php-fpm.sock
-    encode zstd gzip
-    file_server
+	# Healthcheck URL
+	respond /healthz 200
+	skip_log /healthz
+
+	root * /srv/app/public
+	mercure {
+		# Transport to use (default to Bolt)
+		transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
+		# Publisher JWT key
+		publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
+		# Subscriber JWT key
+		subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
+		# Allow anonymous subscribers (double-check that it's what you want)
+		anonymous
+		# Enable the subscription API (double-check that it's what you want)
+		subscriptions
+		# Extra directives
+		{$MERCURE_EXTRA_DIRECTIVES}
+	}
+	vulcain
+
+	php_fastcgi unix//var/run/php/php-fpm.sock
+	encode zstd gzip
+	file_server
 }