Skip to content

Add healthchecks and minor service improvements #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aleksa-radojicic wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add healthchecks and minor service improvements #209

aleksa-radojicic wants to merge 6 commits into from

Conversation

@aleksa-radojicic
Copy link
Contributor

@aleksa-radojicic aleksa-radojicic commented Jan 28, 2026

Summary

Added healthchecks for all services (collabora already had one). Timing values for healthchecks may be adjusted.

Other changes

  • Keycloak environment variable renamings due to deprecation and naming inconsistencies.
  • Security improvement (use postgres user in postgres service).
  • Documentation update for rootless Docker setup.

Breaking changes

Involves renaming the following environment variables:

  • KEYCLOAK_ADMIN → KC_BOOTSTRAP_ADMIN_USERNAME
  • KEYCLOAK_ADMIN_PASSWORD → KC_BOOTSTRAP_ADMIN_PASSWORD
  • KEYCLOAK_DOMAIN → KC_DOMAIN

@aleksa-radojicic
refactor(keycloak)!: rename deprecated env vars KEYCLOAK_ADMIN and KE…
1c73ca6 
…YCLOAK_ADMIN_PASSWORD

Use env vars KC_BOOTSTRAP_ADMIN_USERNAME and KC_BOOTSTRAP_ADMIN_PASSWORD respectively.

BREAKING CHANGE: Rename environment variables KEYCLOAK_ADMIN to KC_BOOTSTRAP_ADMIN_USERNAME and KEYCLOAK_ADMIN_PASSWORD to KC_BOOTSTRAP_ADMIN_PASSWORD.
@aleksa-radojicic
refactor(keycloak)!: rename env var KEYCLOAK_DOMAIN to KC_DOMAIN for …
8988475 
…consistency

Follows the same naming convention as the official Keycloak environment variables, beginning with 'KC' prefix.

BREAKING CHANGE: Rename environment variable KEYCLOAK_ADMIN to KC_DOMAIN.
@aleksa-radojicic
docs: add description for DOCKER_SOCKET_PATH env var
3a6060e 
When Docker is running in rootless mode DOCKER_SOCKET_PATH needs to be changed to "/run/user/1000/docker.sock".
@aleksa-radojicic
fix(keycloak): add -p flag when creating dir /opt/keycloak/data/import
e09e6ec 
When Keycloak container is restarted this line will produce an error in logs which is harmless, but unnecessary.
@aleksa-radojicic
sec(postgres): use postgres user instead of root
3f8f664 
The `postgres` user is already defined in the [official image](https://github.com/docker-library/postgres/blob/39623ba5d20db58a25c3010896baaf54b9aa6b6d/17/alpine3.23/Dockerfile).
@aleksa-radojicic
feat: add healthchecks for all services except collabora
5b07c81 
Added healthchecks for all services (`collabora` already had one):
* `collaboration`
* `keycloak`
* `ldap-manager`
* `ldap-server`
* `opencloud`
* `postgres`
* `radicale`
* `tika`
* `traefik`

Keycloak and Tika probes use `/dev/tcp/` to send a GET request because `curl` / `wget` are not available in the image.

`opencloud` healthcheck could alternatively use `wget or `/dev/tcp` via `bash`; keeping all three approaches is unnecessary.
Add frontend login-route healthcheck for `ldap-manager`, because the base image [dunglas/frankenphp:php8.4-alpine](https://github.com/php/frankenphp/blob/ddb11c1f72f5765d4eacae200ba5b1b8267b4dbe/Dockerfile) comes with backend-only healthcheck.

NOTE: `/dev/tcp` is the leanest and least-bloated approach for healthchecking because it requires only a `bash` shell and no extra binaries, so it avoids increasing image size.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aleksa-radojicic