fix: make wordpress healthcheck production safe

This commit is contained in:
bisco
2026-06-25 12:53:36 +02:00
parent a835900418
commit 32edb96b40
4 changed files with 56 additions and 1 deletions
+1 -1
View File
@@ -73,7 +73,7 @@ services:
db:
condition: service_healthy
healthcheck:
test: ["CMD", "php", "-r", "$$c=@file_get_contents('http://127.0.0.1/wp-login.php'); exit($$c===false ? 1 : 0);"]
test: ["CMD", "php", "/usr/local/bin/azionelab-healthcheck.php"]
interval: 10s
timeout: 5s
retries: 20
+17
View File
@@ -6,6 +6,23 @@
2. Run `docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh`.
3. Inspect `docker compose logs wordpress db` without printing secret values.
## WordPress stays in waiting or unhealthy
1. Inspect `docker compose logs wordpress db` without printing secret values.
2. Confirm the database volume was initialized with the same `MARIADB_DATABASE`,
`MARIADB_USER`, and password currently configured in `.env`.
3. Confirm `WP_URL` has the intended scheme and hostname. In production it should be
the public HTTPS URL.
4. Rebuild after changes to the WordPress image:
```bash
docker compose up --build -d wordpress
```
The WordPress healthcheck is internal and does not depend on the public DNS/TLS route.
It sends the configured host and forwarded protocol headers to avoid following external
HTTPS redirects during production startup.
## NGINX returns 502
1. Run `docker compose ps` and `docker compose exec proxy nginx -t`.
+2
View File
@@ -3,11 +3,13 @@ FROM wordpress:7.0.0-php8.3-apache
COPY php.ini /usr/local/etc/php/conf.d/azionelab.ini
COPY .htaccess /opt/azionelab/.htaccess
COPY entrypoint-wrapper.sh /usr/local/bin/azionelab-entrypoint
COPY healthcheck.php /usr/local/bin/azionelab-healthcheck.php
COPY theme/azionelab /opt/azionelab/theme
COPY mu-plugins/azionelab-content.php /opt/azionelab/azionelab-content.php
RUN sed -ri 's!^[[:space:]]*CustomLog .*!CustomLog /dev/null combined!' /etc/apache2/sites-available/000-default.conf \
&& chmod 755 /usr/local/bin/azionelab-entrypoint \
&& chmod 644 /usr/local/bin/azionelab-healthcheck.php \
&& chown -R www-data:www-data /opt/azionelab
ENTRYPOINT ["azionelab-entrypoint"]
+36
View File
@@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
$wpUrl = getenv('WP_URL') ?: 'http://localhost';
$parts = parse_url($wpUrl);
$host = $parts['host'] ?? 'localhost';
$scheme = $parts['scheme'] ?? 'http';
$port = isset($parts['port']) ? (int) $parts['port'] : null;
$hostHeader = $host;
if ($port !== null && !(($scheme === 'http' && $port === 80) || ($scheme === 'https' && $port === 443))) {
$hostHeader .= ':' . $port;
}
$context = stream_context_create([
'http' => [
'follow_location' => 0,
'header' => "Host: {$hostHeader}\r\nX-Forwarded-Proto: {$scheme}\r\n",
'ignore_errors' => true,
'max_redirects' => 0,
'timeout' => 3,
],
]);
$response = @file_get_contents('http://127.0.0.1/wp-login.php', false, $context);
if ($response === false || empty($http_response_header[0])) {
exit(1);
}
if (!preg_match('/\s([0-9]{3})\s/', $http_response_header[0], $matches)) {
exit(1);
}
$status = (int) $matches[1];
exit($status >= 200 && $status < 400 ? 0 : 1);