generated from bisco/codex-bootstrap
fix: make wordpress healthcheck production safe
This commit is contained in:
+1
-1
@@ -73,7 +73,7 @@ services:
|
|||||||
db:
|
db:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "php", "-r", "$$c=@file_get_contents('http://127.0.0.1/wp-login.php'); exit($$c===false ? 1 : 0);"]
|
test: ["CMD", "php", "/usr/local/bin/azionelab-healthcheck.php"]
|
||||||
interval: 10s
|
interval: 10s
|
||||||
timeout: 5s
|
timeout: 5s
|
||||||
retries: 20
|
retries: 20
|
||||||
|
|||||||
@@ -6,6 +6,23 @@
|
|||||||
2. Run `docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh`.
|
2. Run `docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh`.
|
||||||
3. Inspect `docker compose logs wordpress db` without printing secret values.
|
3. Inspect `docker compose logs wordpress db` without printing secret values.
|
||||||
|
|
||||||
|
## WordPress stays in waiting or unhealthy
|
||||||
|
|
||||||
|
1. Inspect `docker compose logs wordpress db` without printing secret values.
|
||||||
|
2. Confirm the database volume was initialized with the same `MARIADB_DATABASE`,
|
||||||
|
`MARIADB_USER`, and password currently configured in `.env`.
|
||||||
|
3. Confirm `WP_URL` has the intended scheme and hostname. In production it should be
|
||||||
|
the public HTTPS URL.
|
||||||
|
4. Rebuild after changes to the WordPress image:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
docker compose up --build -d wordpress
|
||||||
|
```
|
||||||
|
|
||||||
|
The WordPress healthcheck is internal and does not depend on the public DNS/TLS route.
|
||||||
|
It sends the configured host and forwarded protocol headers to avoid following external
|
||||||
|
HTTPS redirects during production startup.
|
||||||
|
|
||||||
## NGINX returns 502
|
## NGINX returns 502
|
||||||
|
|
||||||
1. Run `docker compose ps` and `docker compose exec proxy nginx -t`.
|
1. Run `docker compose ps` and `docker compose exec proxy nginx -t`.
|
||||||
|
|||||||
@@ -3,11 +3,13 @@ FROM wordpress:7.0.0-php8.3-apache
|
|||||||
COPY php.ini /usr/local/etc/php/conf.d/azionelab.ini
|
COPY php.ini /usr/local/etc/php/conf.d/azionelab.ini
|
||||||
COPY .htaccess /opt/azionelab/.htaccess
|
COPY .htaccess /opt/azionelab/.htaccess
|
||||||
COPY entrypoint-wrapper.sh /usr/local/bin/azionelab-entrypoint
|
COPY entrypoint-wrapper.sh /usr/local/bin/azionelab-entrypoint
|
||||||
|
COPY healthcheck.php /usr/local/bin/azionelab-healthcheck.php
|
||||||
COPY theme/azionelab /opt/azionelab/theme
|
COPY theme/azionelab /opt/azionelab/theme
|
||||||
COPY mu-plugins/azionelab-content.php /opt/azionelab/azionelab-content.php
|
COPY mu-plugins/azionelab-content.php /opt/azionelab/azionelab-content.php
|
||||||
|
|
||||||
RUN sed -ri 's!^[[:space:]]*CustomLog .*!CustomLog /dev/null combined!' /etc/apache2/sites-available/000-default.conf \
|
RUN sed -ri 's!^[[:space:]]*CustomLog .*!CustomLog /dev/null combined!' /etc/apache2/sites-available/000-default.conf \
|
||||||
&& chmod 755 /usr/local/bin/azionelab-entrypoint \
|
&& chmod 755 /usr/local/bin/azionelab-entrypoint \
|
||||||
|
&& chmod 644 /usr/local/bin/azionelab-healthcheck.php \
|
||||||
&& chown -R www-data:www-data /opt/azionelab
|
&& chown -R www-data:www-data /opt/azionelab
|
||||||
|
|
||||||
ENTRYPOINT ["azionelab-entrypoint"]
|
ENTRYPOINT ["azionelab-entrypoint"]
|
||||||
|
|||||||
@@ -0,0 +1,36 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
declare(strict_types=1);
|
||||||
|
|
||||||
|
$wpUrl = getenv('WP_URL') ?: 'http://localhost';
|
||||||
|
$parts = parse_url($wpUrl);
|
||||||
|
$host = $parts['host'] ?? 'localhost';
|
||||||
|
$scheme = $parts['scheme'] ?? 'http';
|
||||||
|
$port = isset($parts['port']) ? (int) $parts['port'] : null;
|
||||||
|
|
||||||
|
$hostHeader = $host;
|
||||||
|
if ($port !== null && !(($scheme === 'http' && $port === 80) || ($scheme === 'https' && $port === 443))) {
|
||||||
|
$hostHeader .= ':' . $port;
|
||||||
|
}
|
||||||
|
|
||||||
|
$context = stream_context_create([
|
||||||
|
'http' => [
|
||||||
|
'follow_location' => 0,
|
||||||
|
'header' => "Host: {$hostHeader}\r\nX-Forwarded-Proto: {$scheme}\r\n",
|
||||||
|
'ignore_errors' => true,
|
||||||
|
'max_redirects' => 0,
|
||||||
|
'timeout' => 3,
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response = @file_get_contents('http://127.0.0.1/wp-login.php', false, $context);
|
||||||
|
if ($response === false || empty($http_response_header[0])) {
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!preg_match('/\s([0-9]{3})\s/', $http_response_header[0], $matches)) {
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
$status = (int) $matches[1];
|
||||||
|
exit($status >= 200 && $status < 400 ? 0 : 1);
|
||||||
Reference in New Issue
Block a user