admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed healthcheck to only ping 1.1.1.1 to check connectivity

Browse Source 
This is because your VPN public IP might not be the VPN server entrance IP address, resulting in the container being unhealthy most of the time.
This commit is contained in:
Quentin McGaw
2019-01-15 14:40:28 +01:00
parent 370098f5ca
commit a3bfa2d77a
4 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Dockerfile
View File

@@ -26,8 +26,7 @@ ENV USER= \
BLOCK_MALICIOUS=off \ BLOCK_MALICIOUS=off \
EXTRA_SUBNETS= EXTRA_SUBNETS=
ENTRYPOINT /entrypoint.sh ENTRYPOINT /entrypoint.sh
HEALTHCHECK --interval=5m --timeout=5s --start-period=15s --retries=1 \ HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
CMD [ "$(grep -o "$(wget -qO- https://diagnostic.opendns.com/myip)" /openvpn/target/config.ovpn)" != "" ] || exit 1
RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \ wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \
https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \ https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \
@@ -51,10 +50,10 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab
tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \ tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
rm -f /tmp/* rm -f /tmp/*
COPY unbound.conf /etc/unbound/unbound.conf COPY unbound.conf /etc/unbound/unbound.conf
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh healthcheck.sh /
RUN chown nonrootuser -R /etc/unbound && \ RUN chown nonrootuser -R /etc/unbound && \
chmod 700 /etc/unbound && \ chmod 700 /etc/unbound && \
chmod 500 /entrypoint.sh && \ chmod 500 /entrypoint.sh healthcheck.sh && \
chmod 400 \ chmod 400 \
/etc/unbound/root.hints \ /etc/unbound/root.hints \
/etc/unbound/root.key \ /etc/unbound/root.key \

7
Dockerfile.arm32v6
View File

@@ -26,8 +26,7 @@ ENV USER= \
BLOCK_MALICIOUS=off \ BLOCK_MALICIOUS=off \
EXTRA_SUBNETS= EXTRA_SUBNETS=
ENTRYPOINT /entrypoint.sh ENTRYPOINT /entrypoint.sh
HEALTHCHECK --interval=5m --timeout=5s --start-period=15s --retries=1 \ HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
CMD [ "$(grep -o "$(wget -qO- https://diagnostic.opendns.com/myip)" /openvpn/target/config.ovpn)" != "" ] || exit 1
RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \ wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \
https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \ https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \
@@ -51,10 +50,10 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab
tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \ tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
rm -f /tmp/* rm -f /tmp/*
COPY unbound.conf /etc/unbound/unbound.conf COPY unbound.conf /etc/unbound/unbound.conf
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh healthcheck.sh /
RUN chown nonrootuser -R /etc/unbound && \ RUN chown nonrootuser -R /etc/unbound && \
chmod 700 /etc/unbound && \ chmod 700 /etc/unbound && \
chmod 500 /entrypoint.sh && \ chmod 500 /entrypoint.sh healthcheck.sh && \
chmod 400 \ chmod 400 \
/etc/unbound/root.hints \ /etc/unbound/root.hints \
/etc/unbound/root.key \ /etc/unbound/root.key \

7
Dockerfile.arm64v8
View File

@@ -26,8 +26,7 @@ ENV USER= \
BLOCK_MALICIOUS=off \ BLOCK_MALICIOUS=off \
EXTRA_SUBNETS= EXTRA_SUBNETS=
ENTRYPOINT /entrypoint.sh ENTRYPOINT /entrypoint.sh
HEALTHCHECK --interval=5m --timeout=5s --start-period=15s --retries=1 \ HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
CMD [ "$(grep -o "$(wget -qO- https://diagnostic.opendns.com/myip)" /openvpn/target/config.ovpn)" != "" ] || exit 1
RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \ wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \
https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \ https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \
@@ -51,10 +50,10 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab
tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \ tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
rm -f /tmp/* rm -f /tmp/*
COPY unbound.conf /etc/unbound/unbound.conf COPY unbound.conf /etc/unbound/unbound.conf
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh healthcheck.sh /
RUN chown nonrootuser -R /etc/unbound && \ RUN chown nonrootuser -R /etc/unbound && \
chmod 700 /etc/unbound && \ chmod 700 /etc/unbound && \
chmod 500 /entrypoint.sh && \ chmod 500 /entrypoint.sh healthcheck.sh && \
chmod 400 \ chmod 400 \
/etc/unbound/root.hints \ /etc/unbound/root.hints \
/etc/unbound/root.key \ /etc/unbound/root.key \

9
healthcheck.sh Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
ping -W 1 -w 1 -q -s 8 1.1.1.1 &> /dev/null
status=$?
if [ $status = 0 ]; then
exit 0
fi
printf "Pinging 1.1.1.1 resulted in error status code $status"
exit 1