generated from bisco/codex-bootstrap
fix: make wordpress healthcheck production safe
This commit is contained in:
+1
-1
@@ -73,7 +73,7 @@ services:
|
||||
db:
|
||||
condition: service_healthy
|
||||
healthcheck:
|
||||
test: ["CMD", "php", "-r", "$$c=@file_get_contents('http://127.0.0.1/wp-login.php'); exit($$c===false ? 1 : 0);"]
|
||||
test: ["CMD", "php", "/usr/local/bin/azionelab-healthcheck.php"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 20
|
||||
|
||||
@@ -6,6 +6,23 @@
|
||||
2. Run `docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh`.
|
||||
3. Inspect `docker compose logs wordpress db` without printing secret values.
|
||||
|
||||
## WordPress stays in waiting or unhealthy
|
||||
|
||||
1. Inspect `docker compose logs wordpress db` without printing secret values.
|
||||
2. Confirm the database volume was initialized with the same `MARIADB_DATABASE`,
|
||||
`MARIADB_USER`, and password currently configured in `.env`.
|
||||
3. Confirm `WP_URL` has the intended scheme and hostname. In production it should be
|
||||
the public HTTPS URL.
|
||||
4. Rebuild after changes to the WordPress image:
|
||||
|
||||
```bash
|
||||
docker compose up --build -d wordpress
|
||||
```
|
||||
|
||||
The WordPress healthcheck is internal and does not depend on the public DNS/TLS route.
|
||||
It sends the configured host and forwarded protocol headers to avoid following external
|
||||
HTTPS redirects during production startup.
|
||||
|
||||
## NGINX returns 502
|
||||
|
||||
1. Run `docker compose ps` and `docker compose exec proxy nginx -t`.
|
||||
|
||||
@@ -3,11 +3,13 @@ FROM wordpress:7.0.0-php8.3-apache
|
||||
COPY php.ini /usr/local/etc/php/conf.d/azionelab.ini
|
||||
COPY .htaccess /opt/azionelab/.htaccess
|
||||
COPY entrypoint-wrapper.sh /usr/local/bin/azionelab-entrypoint
|
||||
COPY healthcheck.php /usr/local/bin/azionelab-healthcheck.php
|
||||
COPY theme/azionelab /opt/azionelab/theme
|
||||
COPY mu-plugins/azionelab-content.php /opt/azionelab/azionelab-content.php
|
||||
|
||||
RUN sed -ri 's!^[[:space:]]*CustomLog .*!CustomLog /dev/null combined!' /etc/apache2/sites-available/000-default.conf \
|
||||
&& chmod 755 /usr/local/bin/azionelab-entrypoint \
|
||||
&& chmod 644 /usr/local/bin/azionelab-healthcheck.php \
|
||||
&& chown -R www-data:www-data /opt/azionelab
|
||||
|
||||
ENTRYPOINT ["azionelab-entrypoint"]
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
$wpUrl = getenv('WP_URL') ?: 'http://localhost';
|
||||
$parts = parse_url($wpUrl);
|
||||
$host = $parts['host'] ?? 'localhost';
|
||||
$scheme = $parts['scheme'] ?? 'http';
|
||||
$port = isset($parts['port']) ? (int) $parts['port'] : null;
|
||||
|
||||
$hostHeader = $host;
|
||||
if ($port !== null && !(($scheme === 'http' && $port === 80) || ($scheme === 'https' && $port === 443))) {
|
||||
$hostHeader .= ':' . $port;
|
||||
}
|
||||
|
||||
$context = stream_context_create([
|
||||
'http' => [
|
||||
'follow_location' => 0,
|
||||
'header' => "Host: {$hostHeader}\r\nX-Forwarded-Proto: {$scheme}\r\n",
|
||||
'ignore_errors' => true,
|
||||
'max_redirects' => 0,
|
||||
'timeout' => 3,
|
||||
],
|
||||
]);
|
||||
|
||||
$response = @file_get_contents('http://127.0.0.1/wp-login.php', false, $context);
|
||||
if ($response === false || empty($http_response_header[0])) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
if (!preg_match('/\s([0-9]{3})\s/', $http_response_header[0], $matches)) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
$status = (int) $matches[1];
|
||||
exit($status >= 200 && $status < 400 ? 0 : 1);
|
||||
Reference in New Issue
Block a user