From bbb0484d032b6f268384b51a68b72614d79bb020 Mon Sep 17 00:00:00 2001
From: Jeremy Lin <jjlin@cs.stanford.edu>
Date: Wed, 25 Mar 2020 20:13:36 -0700
Subject: [PATCH] Healthcheck fixes/optimizations

* Switch healthcheck interval/timeout from 30s/3s to 60s/10s.
  30s interval is arguably overkill, and 3s timeout is definitely too short
  for lower end machines.
* Use HEALTHCHECK CMD exec form to avoid superfluous `sh` invocations.
* Add `--silent --show-error` flags to curl call to avoid progress meter being
  shown in healthcheck logs.
---
 docker/Dockerfile.j2                      | 4 ++--
 docker/aarch64/mysql/Dockerfile           | 6 +++---
 docker/aarch64/sqlite/Dockerfile          | 6 +++---
 docker/amd64/mysql/Dockerfile             | 6 +++---
 docker/amd64/mysql/Dockerfile.alpine      | 6 +++---
 docker/amd64/postgresql/Dockerfile        | 6 +++---
 docker/amd64/postgresql/Dockerfile.alpine | 6 +++---
 docker/amd64/sqlite/Dockerfile            | 6 +++---
 docker/amd64/sqlite/Dockerfile.alpine     | 6 +++---
 docker/armv6/mysql/Dockerfile             | 6 +++---
 docker/armv6/sqlite/Dockerfile            | 6 +++---
 docker/armv7/mysql/Dockerfile             | 6 +++---
 docker/armv7/sqlite/Dockerfile            | 6 +++---
 docker/healthcheck.sh                     | 3 ++-
 14 files changed, 40 insertions(+), 39 deletions(-)

diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2
index 74320c73..e333a27c 100644
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@@ -287,9 +287,9 @@ COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs
 COPY --from=build app/target/release/bitwarden_rs .
 {% endif %}
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/aarch64/mysql/Dockerfile b/docker/aarch64/mysql/Dockerfile
index 2727b299..bc551f64 100644
--- a/docker/aarch64/mysql/Dockerfile
+++ b/docker/aarch64/mysql/Dockerfile
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -124,9 +124,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/aarch64/sqlite/Dockerfile b/docker/aarch64/sqlite/Dockerfile
index 882c114f..ebbf6511 100644
--- a/docker/aarch64/sqlite/Dockerfile
+++ b/docker/aarch64/sqlite/Dockerfile
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -118,9 +118,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/amd64/mysql/Dockerfile b/docker/amd64/mysql/Dockerfile
index e6843597..525ad57e 100644
--- a/docker/amd64/mysql/Dockerfile
+++ b/docker/amd64/mysql/Dockerfile
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -92,9 +92,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/amd64/mysql/Dockerfile.alpine b/docker/amd64/mysql/Dockerfile.alpine
index 208eca1f..92dca50f 100644
--- a/docker/amd64/mysql/Dockerfile.alpine
+++ b/docker/amd64/mysql/Dockerfile.alpine
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -94,9 +94,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/amd64/postgresql/Dockerfile b/docker/amd64/postgresql/Dockerfile
index 1a9a467b..dfbbec9a 100644
--- a/docker/amd64/postgresql/Dockerfile
+++ b/docker/amd64/postgresql/Dockerfile
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -92,9 +92,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/amd64/postgresql/Dockerfile.alpine b/docker/amd64/postgresql/Dockerfile.alpine
index 968fa287..676462d0 100644
--- a/docker/amd64/postgresql/Dockerfile.alpine
+++ b/docker/amd64/postgresql/Dockerfile.alpine
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -94,9 +94,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/amd64/sqlite/Dockerfile b/docker/amd64/sqlite/Dockerfile
index 860d6875..6855e2d1 100644
--- a/docker/amd64/sqlite/Dockerfile
+++ b/docker/amd64/sqlite/Dockerfile
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -86,9 +86,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build app/target/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/amd64/sqlite/Dockerfile.alpine b/docker/amd64/sqlite/Dockerfile.alpine
index 556a3e3e..cd0e8f8c 100644
--- a/docker/amd64/sqlite/Dockerfile.alpine
+++ b/docker/amd64/sqlite/Dockerfile.alpine
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -88,9 +88,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/armv6/mysql/Dockerfile b/docker/armv6/mysql/Dockerfile
index df0b731a..b9cf8475 100644
--- a/docker/armv6/mysql/Dockerfile
+++ b/docker/armv6/mysql/Dockerfile
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -124,9 +124,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/armv6/sqlite/Dockerfile b/docker/armv6/sqlite/Dockerfile
index 26aa0294..7985a6ed 100644
--- a/docker/armv6/sqlite/Dockerfile
+++ b/docker/armv6/sqlite/Dockerfile
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -118,9 +118,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/armv7/mysql/Dockerfile b/docker/armv7/mysql/Dockerfile
index fbc698eb..b336b7bb 100644
--- a/docker/armv7/mysql/Dockerfile
+++ b/docker/armv7/mysql/Dockerfile
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -123,9 +123,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/armv7/sqlite/Dockerfile b/docker/armv7/sqlite/Dockerfile
index 597895ac..2d573381 100644
--- a/docker/armv7/sqlite/Dockerfile
+++ b/docker/armv7/sqlite/Dockerfile
@@ -12,7 +12,7 @@
 #  - From the console, with the following commands:
 #      docker pull bitwardenrs/web-vault:v2.12.0e
 #      docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
-#      
+#
 #  - To do the opposite, and get the tag from the hash, you can do:
 #      docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c
 FROM bitwardenrs/web-vault@sha256:feb3f46d15738191b9043be4cdb1be2c0078ed411e7b7be73a2f4fcbca01e13c as vault
@@ -117,9 +117,9 @@ COPY Rocket.toml .
 COPY --from=vault /web-vault ./web-vault
 COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs .
 
-COPY docker/healthcheck.sh ./healthcheck.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
-HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
 
 # Configures the startup!
 WORKDIR /
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
index 88c1091a..8f9fe982 100755
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@@ -49,4 +49,5 @@ base_path="$(get_base_path "${DOMAIN}")"
 if [ -n "${ROCKET_TLS}" ]; then
     s='s'
 fi
-curl --insecure --fail "http${s}://localhost:${ROCKET_PORT}${base_path}/alive" || exit 1
+curl --insecure --fail --silent --show-error \
+     "http${s}://localhost:${ROCKET_PORT}${base_path}/alive" || exit 1