From c3e89967fb8ce7fc1fd431a2e618b82cc856cb4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Sun, 21 Oct 2018 20:45:41 +0300 Subject: [PATCH 1/2] Fix front health checking - Specified seperated /health path in order to allow for healthcheck even if webmail and admin are not seletectd. This also allows healthchecking fom external services like DNS load balancers; - Make curl not to fail on TLS because localhost is not included in the certificates. --- core/nginx/Dockerfile | 2 +- core/nginx/conf/nginx.conf | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/core/nginx/Dockerfile b/core/nginx/Dockerfile index 87951c03..00ecf84e 100644 --- a/core/nginx/Dockerfile +++ b/core/nginx/Dockerfile @@ -13,4 +13,4 @@ VOLUME ["/certs"] CMD /start.py -HEALTHCHECK CMD curl -f -L http://localhost/ || exit 1 +HEALTHCHECK CMD curl -k -f -L http://localhost/health || exit 1 diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf index 8fcda1c3..d2cbc7fe 100644 --- a/core/nginx/conf/nginx.conf +++ b/core/nginx/conf/nginx.conf @@ -146,6 +146,10 @@ http { proxy_pass_request_body off; proxy_set_header Content-Length ""; } + + location /health { + return 204; + } } # Forwarding authentication server From a2fea36c79367ce967e4b96a028aa5ff86c869dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Sun, 21 Oct 2018 20:49:01 +0300 Subject: [PATCH 2/2] Increase HEALTHCHECK start time for services that need to wait for host resolving during startup. In Docker Swarm mode the services listed below can get stuck in their start script, while they are waiting for other services become available. Now, with HEALTHCHECK enabled, docker does not resolve names of services that not pass HEALTHCHECK yet. Meaning that if one of the depenend services is not yet available, it will create a chain of failing services. The services below retry to resolve 100 time, with an average of 3.5 seconds. Hence, the --start-time flag is now set at 350 seconds. - dovecot (imap) - postfix (smtp) - rspamd (antispam) --- core/dovecot/Dockerfile | 2 +- core/postfix/Dockerfile | 2 +- services/rspamd/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/core/dovecot/Dockerfile b/core/dovecot/Dockerfile index c0d3e3cd..e19631ee 100644 --- a/core/dovecot/Dockerfile +++ b/core/dovecot/Dockerfile @@ -14,4 +14,4 @@ VOLUME ["/data", "/mail"] CMD /start.py -HEALTHCHECK CMD echo QUIT|nc localhost 110|grep "Dovecot ready." +HEALTHCHECK --start-period=350s CMD echo QUIT|nc localhost 110|grep "Dovecot ready." diff --git a/core/postfix/Dockerfile b/core/postfix/Dockerfile index 5533499e..e0529e01 100644 --- a/core/postfix/Dockerfile +++ b/core/postfix/Dockerfile @@ -13,4 +13,4 @@ VOLUME ["/data"] CMD /start.py -HEALTHCHECK CMD echo QUIT|nc localhost 25|grep "220 .* ESMTP Postfix" +HEALTHCHECK --start-period=350s CMD echo QUIT|nc localhost 25|grep "220 .* ESMTP Postfix" diff --git a/services/rspamd/Dockerfile b/services/rspamd/Dockerfile index d87a64f5..4337fb2e 100644 --- a/services/rspamd/Dockerfile +++ b/services/rspamd/Dockerfile @@ -18,4 +18,4 @@ VOLUME ["/var/lib/rspamd"] CMD /start.py -HEALTHCHECK CMD curl -f -L http://localhost:11334/ || exit 1 +HEALTHCHECK --start-period=350s CMD curl -f -L http://localhost:11334/ || exit 1