feat: warn when incorrect interface/port in use for web processes

Users that misconfigure their process's listening interface or port will now see an additional healthcheck warning for web deploys. While only a single port is checked, this ensures that users at least have some context as to why their app isn't responding as expected. Closes #4798
2026-02-24 04:00:36 +01:00 · 2023-10-15 03:01:14 -04:00
parent ab8a957786
commit f33d7f129b
7 changed files with 37 additions and 28 deletions
--- a/contrib/dependencies.json
+++ b/contrib/dependencies.json
@@ -11,11 +11,11 @@
        },
        {
            "name": "docker-container-healthchecker",
-            "version": "0.7.1",
+            "version": "0.7.2",
            "urls": {
-                "amd64": "https://github.com/dokku/docker-container-healthchecker/releases/download/v0.7.1/docker-container-healthchecker_0.7.1_linux_amd64.tgz",
-                "arm4": "https://github.com/dokku/docker-container-healthchecker/releases/download/v0.7.1/docker-container-healthchecker_0.7.1_linux_arm64.tgz",
-                "arm": "https://github.com/dokku/docker-container-healthchecker/releases/download/v0.7.1/docker-container-healthchecker_0.7.1_linux_armhf.tgz"
+                "amd64": "https://github.com/dokku/docker-container-healthchecker/releases/download/v0.7.2/docker-container-healthchecker_0.7.2_linux_amd64.tgz",
+                "arm4": "https://github.com/dokku/docker-container-healthchecker/releases/download/v0.7.2/docker-container-healthchecker_0.7.2_linux_arm64.tgz",
+                "arm": "https://github.com/dokku/docker-container-healthchecker/releases/download/v0.7.2/docker-container-healthchecker_0.7.2_linux_armhf.tgz"
            }
        },
        {
@@ -104,4 +104,4 @@
            }
        }
    ]
-}
+}
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Version: 0.31.5
 Section: web
 Priority: optional
 Architecture: amd64
-Depends: apache2-utils, locales, git, cpio, curl, man-db, netcat, sshcommand, docker-engine-cs (>= 17.05.0) | docker-engine (>= 17.05.0) | docker-io (>= 17.05.0) | docker.io (>= 17.05.0) | docker-ce (>= 17.05.0) | docker-ee (>= 17.05.0) | moby-engine, docker-compose-plugin | moby-compose, docker-buildx-plugin | moby-buildx, docker-container-healthchecker, docker-image-labeler, lambda-builder, net-tools, netrc, software-properties-common, parallel, procfile-util, python-software-properties | python3-software-properties, rsync, rsyslog, dos2unix, jq, unzip
+Depends: apache2-utils, locales, git, cpio, curl, man-db, netcat, sshcommand, docker-engine-cs (>= 17.05.0) | docker-engine (>= 17.05.0) | docker-io (>= 17.05.0) | docker.io (>= 17.05.0) | docker-ce (>= 17.05.0) | docker-ee (>= 17.05.0) | moby-engine, docker-compose-plugin | moby-compose, docker-buildx-plugin | moby-buildx, docker-container-healthchecker, docker-image-labeler, lambda-builder, net-tools, netrc, software-properties-common, parallel, procfile-util, python-software-properties | python3-software-properties, rsync, rsyslog, dos2unix, jq, unzip, util-linux
 Recommends: herokuish, bash-completion, dokku-update, dokku-event-listener
 Pre-Depends: gliderlabs-sigil, nginx (>= 1.8.0) | openresty, dnsutils, cgroupfs-mount | cgroup-lite, plugn, sudo, python3, debconf
 Maintainer: Jose Diaz-Gonzalez <dokku@josediazgonzalez.com>
--- a/docker/usr/local/bin/docker-container-healthchecker
+++ b/docker/usr/local/bin/docker-container-healthchecker
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-set -eo pipefail
-[[ $TRACE ]] && set -x
-
-main() {
-  declare desc="re-runs docker-container-healthchecker commands as sudo"
-  local DOCKER_CONTAINER_HEALTHCHECKER_BIN=""
-  if [[ -x "/usr/bin/docker-container-healthchecker" ]]; then
-    DOCKER_CONTAINER_HEALTHCHECKER_BIN="/usr/bin/docker-container-healthchecker"
-  fi
-
-  if [[ -z "$DOCKER_CONTAINER_HEALTHCHECKER_BIN" ]]; then
-    echo "!   No docker-container-healthchecker binary found" 1>&2
-    exit 1
-  fi
-
-  sudo -E "$DOCKER_CONTAINER_HEALTHCHECKER_BIN" "$@"
-}
-
-main "$@"
--- a/plugins/scheduler-docker-local/check-deploy
+++ b/plugins/scheduler-docker-local/check-deploy
@@ -148,7 +148,12 @@ trigger-scheduler-docker-local-check-deploy() {
    ARG_ARRAY+=("$DOKKU_APP_LISTEN_PORT")
  fi

-  docker-container-healthchecker check "$DOKKU_APP_CONTAINER_ID" "${ARG_ARRAY[@]}" || FAILEDCHECKS="$?"
+  if [[ "$DOKKU_APP_CONTAINER_TYPE" == "web" ]]; then
+    content="$(docker-container-healthchecker add "$DOKKU_APP_CONTAINER_TYPE" --app-json "$TMP_APP_JSON_OUTPUT" --listening-check --name "port listening check" --port "$DOKKU_APP_LISTEN_PORT" --pretty --warn-only)"
+    echo "$content" >"$TMP_APP_JSON_OUTPUT"
+  fi
+
+  sudo /usr/bin/docker-container-healthchecker check "$DOKKU_APP_CONTAINER_ID" "${ARG_ARRAY[@]}" || FAILEDCHECKS="$?"

  if [[ $FAILEDCHECKS -gt 0 ]]; then
    "$DOCKER_BIN" container update --restart=no "$DOKKU_APP_CONTAINER_ID" &>/dev/null || true
--- a/plugins/scheduler-docker-local/install
+++ b/plugins/scheduler-docker-local/install
@@ -17,6 +17,9 @@ trigger-scheduler-docker-local-install() {
  echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/crontab" >"/etc/sudoers.d/dokku-cron"
  chmod "0440" "/etc/sudoers.d/dokku-cron"

+  echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/docker-container-healthchecker" >"/etc/sudoers.d/dokku-docker-container-healthchecker"
+  chmod "0440" "/etc/sudoers.d/dokku-docker-container-healthchecker"
+
  DOKKU_PATH="$(command -v dokku)"

  if [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
--- a/tests/apps/python/web.py
+++ b/tests/apps/python/web.py
@@ -31,7 +31,10 @@ if __name__ == "__main__":
    for arg in sys.argv:
        print(f"Arg: {arg}")

-    port = int(os.getenv("PORT", 5000))
+    port = int(os.getenv("PORT", "5000"))
+    if os.getenv("ALT_PORT"):
+        port = int(os.getenv("ALT_PORT", "5000"))
+
    server = http.server.HTTPServer(("0.0.0.0", port), GetHandler)
    print("Listening on port {0}".format(port))
    server.serve_forever()
--- a/tests/unit/checks.bats
+++ b/tests/unit/checks.bats
@@ -268,3 +268,21 @@ teardown() {
  assert_output_contains "/healthcheck"
  assert_success
 }
+
+@test "(checks) listening checks" {
+  if [[ "$TERM_PROGRAM" == "vscode" ]]; then
+    skip "environment must be running in the host namespace"
+  fi
+
+  run /bin/bash -c "dokku config:set $TEST_APP ALT_PORT=5001"
+  echo "output: $output"
+  echo "status: $status"
+  assert_success
+
+  run deploy_app
+  echo "output: $output"
+  echo "status: $status"
+  assert_failure
+  assert_output_contains "Failure in name='port listening check': container listening on expected IPv4 interface with an unexpected port: expected=5000 actual=5001"
+  assert_output_contains "Running healthcheck name='port listening check' attempts=3 port=5000 retries=2 timeout=5 type='listening' wait=5"
+}