Added a view healthchecks

This commit is contained in:
Florian Zirker 2023-06-09 08:58:54 +02:00
parent 063ff194e2
commit 0520815da1
8 changed files with 75 additions and 16 deletions

View file

@ -40,6 +40,10 @@ services:
volumes: volumes:
- ${VOLUMES_PATH}/firefoxsync/db:/var/lib/postgresql/data - ${VOLUMES_PATH}/firefoxsync/db:/var/lib/postgresql/data
user: ${UID}:${GID} user: ${UID}:${GID}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
labels: labels:
- "docker.group=firefoxsync" - "docker.group=firefoxsync"

View file

@ -11,18 +11,6 @@ services:
networks: networks:
- web - web
- git - git
labels:
- "traefik.enable=true"
- "traefik.http.routers.forgejo.rule=Host(`gitea.${DOMAIN}`, `git.${DOMAIN}`)"
- "traefik.http.routers.forgejo.entrypoints=websecure"
- "traefik.http.routers.forgejo.tls.certresolver=netcup"
- "traefik.http.routers.forgejo.tls.options=intermediate@file"
- "traefik.http.routers.forgejo.middlewares=gitearedir"
- "traefik.http.middlewares.gitearedir.redirectregex.regex=^https://gitea.${DOMAIN}/(.*)"
- "traefik.http.middlewares.gitearedir.redirectregex.replacement=https://git.${DOMAIN}/$${1}"
- "traefik.http.middlewares.gitearedir.redirectregex.permanent=true"
- "traefik.http.services.forgejo.loadbalancer.server.port=3000"
- "docker.group=git"
depends_on: depends_on:
- db - db
restart: unless-stopped restart: unless-stopped
@ -35,6 +23,22 @@ services:
- DB_NAME=${POSTGRES_DB} - DB_NAME=${POSTGRES_DB}
- DB_USER=${POSTGRES_USER} - DB_USER=${POSTGRES_USER}
- DB_PASSWD=${POSTGRES_PASSWORD} - DB_PASSWD=${POSTGRES_PASSWORD}
healthcheck:
test: ["CMD", "curl" ,"--fail", "localhost:3000/api/healthz"]
interval: 5s
timeout: 3s
labels:
- "traefik.enable=true"
- "traefik.http.routers.forgejo.rule=Host(`gitea.${DOMAIN}`, `git.${DOMAIN}`)"
- "traefik.http.routers.forgejo.entrypoints=websecure"
- "traefik.http.routers.forgejo.tls.certresolver=netcup"
- "traefik.http.routers.forgejo.tls.options=intermediate@file"
- "traefik.http.routers.forgejo.middlewares=gitearedir"
- "traefik.http.middlewares.gitearedir.redirectregex.regex=^https://gitea.${DOMAIN}/(.*)"
- "traefik.http.middlewares.gitearedir.redirectregex.replacement=https://git.${DOMAIN}/$${1}"
- "traefik.http.middlewares.gitearedir.redirectregex.permanent=true"
- "traefik.http.services.forgejo.loadbalancer.server.port=3000"
- "docker.group=git"
db: db:
@ -48,6 +52,10 @@ services:
- git - git
volumes: volumes:
- ${VOLUMES_PATH}/git/forgejo_db:/var/lib/postgresql/data - ${VOLUMES_PATH}/git/forgejo_db:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
labels: labels:
- "docker.group=git" - "docker.group=git"

View file

@ -47,6 +47,10 @@ services:
- POSTGRES_DB=grafana - POSTGRES_DB=grafana
- POSTGRES_USER=${POSTGRES_USER} - POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
labels: labels:
- "docker.group=monitoring" - "docker.group=monitoring"

View file

@ -11,6 +11,10 @@ services:
networks: networks:
- web - web
- nextcloud - nextcloud
healthcheck:
test: curl -sSf 'http://localhost/status.php' | grep '"installed":true' | grep '"maintenance":false' | grep '"needsDbUpgrade":false' || exit 1
interval: 5s
timeout: 3s
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)" - "traefik.http.routers.nextcloud.rule=Host(`cloud.${DOMAIN}`)"
@ -123,6 +127,7 @@ services:
- MYSQL_PASSWORD=${MYSQL_PASSWORD} - MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE} - MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER} - MYSQL_USER=${MYSQL_USER}
- MARIADB_AUTO_UPGRADE=1
logging: logging:
driver: "json-file" driver: "json-file"
options: options:
@ -131,6 +136,10 @@ services:
networks: networks:
- nextcloud - nextcloud
- mariadb - mariadb
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
interval: 20s
timeout: 3s
labels: labels:
- "docker.group=netxtcloud" - "docker.group=netxtcloud"
@ -166,6 +175,10 @@ services:
- monitoring - monitoring
volumes: volumes:
- ${VOLUMES_PATH}/nextcloud/redis:/data - ${VOLUMES_PATH}/nextcloud/redis:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
labels: labels:
- "docker.group=netxtcloud" - "docker.group=netxtcloud"

View file

@ -22,6 +22,9 @@ http {
sendfile on; sendfile on;
#tcp_nopush on; #tcp_nopush on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65; keepalive_timeout 65;
#gzip on; #gzip on;
@ -48,7 +51,7 @@ http {
add_header X-Download-Options "noopen" always; add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always; add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak

View file

@ -18,6 +18,7 @@ services:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
- "--log.level=INFO" - "--log.level=INFO"
#- "--accesslog=true" #- "--accesslog=true"
- "--ping=true"
- "--entrypoints.web.address=:80" - "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure" - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https" - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
@ -42,6 +43,10 @@ services:
volumes: volumes:
- ${VOLUMES_PATH}/proxy/letsencrypt:/letsencrypt - ${VOLUMES_PATH}/proxy/letsencrypt:/letsencrypt
- $PWD/tls.toml:/etc/traefik/tls.toml - $PWD/tls.toml:/etc/traefik/tls.toml
healthcheck:
test: traefik healthcheck --ping
interval: 3s
timeout: 1s
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
@ -63,14 +68,18 @@ services:
environment: environment:
# grant privileges as environment variables: https://github.com/Tecnativa/docker-socket-proxy#grant-or-revoke-access-to-certain-api-sections # grant privileges as environment variables: https://github.com/Tecnativa/docker-socket-proxy#grant-or-revoke-access-to-certain-api-sections
- CONTAINERS=1 - CONTAINERS=1
- INFO=1 - INFO=1
networks: networks:
- dockersocket - dockersocket
healthcheck:
test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost:2375/version"]
interval: 10s
timeout: 3s
privileged: true privileged: true
whoami: whoami:
image: containous/whoami image: traefik/whoami
networks: networks:
- web - web
labels: labels:

View file

@ -21,6 +21,10 @@ services:
- wallabag - wallabag
volumes: volumes:
- /var/dockervolumes/wallabag/images:/var/www/wallabag/web/assets/images - /var/dockervolumes/wallabag/images:/var/www/wallabag/web/assets/images
healthcheck:
test: ["CMD", "wget" ,"--no-verbose", "--tries=1", "--spider", "http://localhost"]
interval: 10s
timeout: 3s
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.wallabag.rule=Host(`wallabag.${DOMAIN}`)" - "traefik.http.routers.wallabag.rule=Host(`wallabag.${DOMAIN}`)"
@ -41,14 +45,24 @@ services:
- wallabag - wallabag
volumes: volumes:
- /var/dockervolumes/wallabag/db:/var/lib/mysql - /var/dockervolumes/wallabag/db:/var/lib/mysql
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
interval: 10s
timeout: 3s
labels: labels:
- "docker.group=wallabag" - "docker.group=wallabag"
redis: redis:
image: redis:alpine image: redis
restart: unless-stopped restart: unless-stopped
networks: networks:
- wallabag - wallabag
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
labels:
- "docker.group=wallabag"
networks: networks:

View file

@ -7,6 +7,10 @@ services:
networks: networks:
- web - web
restart: unless-stopped restart: unless-stopped
healthcheck:
test: ["CMD", "curl" ,"--fail", "localhost"]
interval: 5s
timeout: 3s
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.webroot.entrypoints=websecure" # All HTTP requests are globally redirected to HTTPS - "traefik.http.routers.webroot.entrypoints=websecure" # All HTTP requests are globally redirected to HTTPS