Docker: healthcheck results in 'unhealthy' because 'localhost' is being used
The healthcheck in Docker yields an 'unhealthy' because /opt/gitlab/etc/gitlab-healthcheck-rc
uses localhost
and not the correct and full domain name.
As no webserver is listening on 127.0.0.1:<port>
curl fails. Interestingly you did forget that its output becomes the unhealthy message in Docker, resulting in some unhelpful string.
- Configure a custom domain name, and nginx to listen to the external IP. (I guess the latter is the default.)
- Check TLS only. (Not 100% about this one.)
- Restart Gitlab's container.
Yes, sudo gitlab-ctl reconfigure
as suggested in gitlab-ce#24997 does not help.
This is how /opt/gitlab/etc/gitlab-healthcheck-rc
looks like:
url='https://localhost:443/help'
flags='--insecure'
… yet it should be something like this:
url='https://example.com:443/help'
flags='--insecure'
If you want to stick with the health-checks the way they are:
-
/opt/gitlab/etc/gitlab-healthcheck-rc
should include the domain name. - Run curl with flag
-fsS
to suppress messages about download progress. An error message will be returned instead, like "404 not found". - Depending on curl's error message, have one of your own displayed (print to STDOUT or STDERR).
See also https://docs.docker.com/engine/reference/builder/#healthcheck
I suggest a different approach, which drops checking if a page /help
is returned. Instead:
- Assemble a list of all services that are supposed to be running according to the configs.
- Branch into unhealthy if their last PID is different from the currently seen PID or
if something likedockerhub status
(where available) yields something non-positive. - (Healthy if either no last PID is found or is the same.)
- (Store PIDs. Exit.)
Edited by Mark Kubacki