From 69976362757c3f7c9e258eb8d892af37606a820e Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 10 Jan 2023 17:41:08 +0100
Subject: [PATCH 1/8] web healthcheck

---
 compose.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/compose.yml b/compose.yml
index 341ffd1..16f36ce 100644
--- a/compose.yml
+++ b/compose.yml
@@ -33,6 +33,14 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+    secrets:
+      - admin_password
+    healthcheck:
+      test: ["CMD-SHELL", 'curl -s -N --user admin:$$(cat /run/secrets/admin_password) localhost/ocs/v2.php/apps/serverinfo/api/v1/info | grep "statuscode>200<"']
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
 
   app:
     image: nextcloud:25.0.1-fpm
-- 
2.49.0


From ad126fef8eb0cd3ae945609b8bf55eedc1d438e2 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 10 Jan 2023 17:41:44 +0100
Subject: [PATCH 2/8] redis healthcheck

---
 compose.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/compose.yml b/compose.yml
index 16f36ce..3fd9825 100644
--- a/compose.yml
+++ b/compose.yml
@@ -110,6 +110,11 @@ services:
       - internal
     volumes:
       - "redis:/data"
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 3s
+      timeout: 5s
+      retries: 20
 
 secrets:
   db_root_password:
-- 
2.49.0


From b7c6775ac6de930ae5864f9212f14d32841d8a87 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 10 Jan 2023 17:42:07 +0100
Subject: [PATCH 3/8] mariadb healthcheck

---
 compose.mariadb.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/compose.mariadb.yml b/compose.mariadb.yml
index 956e424..d7ddaac 100644
--- a/compose.mariadb.yml
+++ b/compose.mariadb.yml
@@ -31,6 +31,12 @@ services:
           backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /tmp/backup/backup.sql'
           backupbot.backup.post-hook: "rm -rf /tmp/backup"
           backupbot.backup.path: "/tmp/backup/"
+    healthcheck:
+      test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)"  ping']
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
 configs:
   my_tune:
     name: ${STACK_NAME}_my_cnf_${MY_CNF_VERSION}
-- 
2.49.0


From 3f778ef1eb1f0f64f8d1acc0f5960cc0259d004a Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 10 Jan 2023 17:42:37 +0100
Subject: [PATCH 4/8] php-fpm healthcheck

---
 abra.sh        |  1 +
 compose.yml    | 12 ++++++++++++
 healthcheck.sh |  8 ++++++++
 3 files changed, 21 insertions(+)
 create mode 100644 healthcheck.sh

diff --git a/abra.sh b/abra.sh
index 11569be..808270e 100644
--- a/abra.sh
+++ b/abra.sh
@@ -4,6 +4,7 @@ export FPM_TUNE_VERSION=v5
 export NGINX_CONF_VERSION=v4
 export MY_CNF_VERSION=v4
 export ENTRYPOINT_VERSION=v3
+export HEALTHCHECK_VERSION=v1
 
 run_occ(){
     su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
diff --git a/compose.yml b/compose.yml
index 3fd9825..49d70ea 100644
--- a/compose.yml
+++ b/compose.yml
@@ -52,6 +52,9 @@ services:
       - source: entrypoint
         target: /custom-entrypoint.sh
         mode: 555
+      - source: healthcheck
+        target: /healthcheck.sh
+        mode: 555
     entrypoint: /custom-entrypoint.sh
     secrets:
       - db_password
@@ -91,6 +94,12 @@ services:
         - "coop-cloud.${STACK_NAME}.version=3.0.1+25.0.1-fpm"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
+    healthcheck:
+      test: ["CMD", '/healthcheck.sh']
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
 
   cron:
     image: nextcloud:25.0.1-fpm
@@ -148,6 +157,9 @@ configs:
     name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
     file: entrypoint.sh.tmpl
     template_driver: golang
+  healthcheck:
+    name: ${STACK_NAME}_healthcheck_${HEALTHCHECK_VERSION}
+    file: healthcheck.sh
 
 networks:
   proxy:
diff --git a/healthcheck.sh b/healthcheck.sh
new file mode 100644
index 0000000..6ebcfaf
--- /dev/null
+++ b/healthcheck.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+which cgi-fcgi > /dev/null || (apt-get update && apt-get install -y libfcgi-bin)
+
+SCRIPT_NAME=/var/www/html/status.php \
+SCRIPT_FILENAME=/var/www/html/status.php \
+REQUEST_METHOD=GET \
+cgi-fcgi -bind -connect 127.0.0.1:9000 | grep 'installed":true'
-- 
2.49.0


From 55866403eed5231cd8d11d795313d2e93930e634 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 10 Jan 2023 18:31:25 +0100
Subject: [PATCH 5/8] fix CI deployment: set healthcheck version

---
 .drone.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.drone.yml b/.drone.yml
index 231c1e7..d846d2f 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -22,6 +22,7 @@ steps:
       NGINX_CONF_VERSION: v1
       MY_CNF_VERSION: v1
       ENTRYPOINT_VERSION: v1
+      HEALTHCHECK_VERSION: v1
       SECRET_DB_PASSWORD_VERSION: v1
       SECRET_DB_ROOT_PASSWORD_VERSION: v1
       SECRET_ADMIN_PASSWORD_VERSION: v1
-- 
2.49.0


From d0f6ca27be7ef2092f62ef8e702f8fcce0ed719d Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Wed, 11 Jan 2023 15:30:02 +0100
Subject: [PATCH 6/8] make web healthcheck more future prove

---
 compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose.yml b/compose.yml
index 49d70ea..4b05134 100644
--- a/compose.yml
+++ b/compose.yml
@@ -36,7 +36,7 @@ services:
     secrets:
       - admin_password
     healthcheck:
-      test: ["CMD-SHELL", 'curl -s -N --user admin:$$(cat /run/secrets/admin_password) localhost/ocs/v2.php/apps/serverinfo/api/v1/info | grep "statuscode>200<"']
+      test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php |  grep "installed\":true"']
       interval: 30s
       timeout: 10s
       retries: 10
-- 
2.49.0


From dbe88a0eaa00afa209085344b6bb402d4bb6a73c Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Wed, 11 Jan 2023 15:34:29 +0100
Subject: [PATCH 7/8] install cgi-fcgi via entrypoint

---
 .drone.yml         | 1 -
 abra.sh            | 1 -
 compose.yml        | 8 +-------
 entrypoint.sh.tmpl | 2 ++
 healthcheck.sh     | 8 --------
 5 files changed, 3 insertions(+), 17 deletions(-)
 delete mode 100644 healthcheck.sh

diff --git a/.drone.yml b/.drone.yml
index d846d2f..231c1e7 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -22,7 +22,6 @@ steps:
       NGINX_CONF_VERSION: v1
       MY_CNF_VERSION: v1
       ENTRYPOINT_VERSION: v1
-      HEALTHCHECK_VERSION: v1
       SECRET_DB_PASSWORD_VERSION: v1
       SECRET_DB_ROOT_PASSWORD_VERSION: v1
       SECRET_ADMIN_PASSWORD_VERSION: v1
diff --git a/abra.sh b/abra.sh
index 808270e..11569be 100644
--- a/abra.sh
+++ b/abra.sh
@@ -4,7 +4,6 @@ export FPM_TUNE_VERSION=v5
 export NGINX_CONF_VERSION=v4
 export MY_CNF_VERSION=v4
 export ENTRYPOINT_VERSION=v3
-export HEALTHCHECK_VERSION=v1
 
 run_occ(){
     su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
diff --git a/compose.yml b/compose.yml
index 4b05134..2443035 100644
--- a/compose.yml
+++ b/compose.yml
@@ -52,9 +52,6 @@ services:
       - source: entrypoint
         target: /custom-entrypoint.sh
         mode: 555
-      - source: healthcheck
-        target: /healthcheck.sh
-        mode: 555
     entrypoint: /custom-entrypoint.sh
     secrets:
       - db_password
@@ -95,7 +92,7 @@ services:
         - "backupbot.backup=true"
         - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
     healthcheck:
-      test: ["CMD", '/healthcheck.sh']
+      test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep "installed\":true"']
       interval: 30s
       timeout: 10s
       retries: 10
@@ -157,9 +154,6 @@ configs:
     name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
     file: entrypoint.sh.tmpl
     template_driver: golang
-  healthcheck:
-    name: ${STACK_NAME}_healthcheck_${HEALTHCHECK_VERSION}
-    file: healthcheck.sh
 
 networks:
   proxy:
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index 742ccb9..c2e5ab6 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -34,6 +34,8 @@ if ! [[ $(grep {{ env "X_FRAME_OPTIONS_ALLOW_FROM" }} lib/public/AppFramework/Ht
 fi
 {{ end }}
 
+# Required for healthcheck
+which cgi-fcgi > /dev/null || (apt-get update && apt-get install -y libfcgi-bin)
 
 
 /entrypoint.sh php-fpm
diff --git a/healthcheck.sh b/healthcheck.sh
deleted file mode 100644
index 6ebcfaf..0000000
--- a/healthcheck.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-which cgi-fcgi > /dev/null || (apt-get update && apt-get install -y libfcgi-bin)
-
-SCRIPT_NAME=/var/www/html/status.php \
-SCRIPT_FILENAME=/var/www/html/status.php \
-REQUEST_METHOD=GET \
-cgi-fcgi -bind -connect 127.0.0.1:9000 | grep 'installed":true'
-- 
2.49.0


From 30ce2ba98e061916816a404e70b004b0e2871561 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Wed, 11 Jan 2023 15:57:20 +0100
Subject: [PATCH 8/8] remvove unnecessary admin_password from web container

---
 compose.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/compose.yml b/compose.yml
index 2443035..df9d279 100644
--- a/compose.yml
+++ b/compose.yml
@@ -33,8 +33,6 @@ services:
         - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-    secrets:
-      - admin_password
     healthcheck:
       test: ["CMD-SHELL", 'curl -s -N curl -Ns localhost/status.php |  grep "installed\":true"']
       interval: 30s
-- 
2.49.0