Improve docker healthcheck (#2110)

The new docker health check respects the jetty configuration and uses the configured port and context path. It supports ssl listeners and follows redirects. Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
2026-02-02 20:59:10 +01:00 · 2022-08-30 11:02:21 +02:00
parent 6055ba145f
commit f672e175b5
17 changed files with 1261 additions and 34 deletions
--- a/scm-server/src/main/java/sonia/scm/server/HealthCheck.java
+++ b/scm-server/src/main/java/sonia/scm/server/HealthCheck.java
@@ -0,0 +1,153 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.server;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.X509TrustManager;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.Callable;
+
+public class HealthCheck implements Callable<Integer> {
+
+  private final List<Listener> listeners;
+
+  public HealthCheck(List<Listener> configuration) {
+    this.listeners = configuration;
+  }
+
+  public HealthCheck(Listener... listeners) {
+    this.listeners = Arrays.asList(listeners);
+  }
+
+  public static void main(String[] args) {
+    HealthCheck check = new HealthCheck(new ServerConfiguration().getListeners());
+    Integer exitCode = check.call();
+    System.exit(exitCode);
+  }
+
+  @Override
+  public Integer call() {
+    return listeners.stream()
+      .map(l -> String.format("%s://127.0.0.1:%d%s/api/v2", l.getScheme(), l.getPort(), contextPath(l)))
+      .mapToInt(this::checkUrl)
+      .max()
+      .orElse(0);
+  }
+
+  private String contextPath(Listener listener) {
+    if ("/".equals(listener.getContextPath())) {
+      return "";
+    }
+    return listener.getContextPath();
+  }
+
+  private Integer checkUrl(String url) {
+    return checkUrl(url, true);
+  }
+
+  private int checkUrl(String url, boolean followRedirect) {
+    try {
+      HttpURLConnection connection = createConnection(url);
+      int code = connection.getResponseCode();
+      if (isRedirect(code) && followRedirect) {
+        String location = connection.getHeaderField("Location");
+        if (location != null && !location.isEmpty()) {
+          return checkUrl(location, false);
+        } else {
+          return 1;
+        }
+      }
+      return code == 200 ? 0 : 1;
+    } catch (IOException e) {
+      return 2;
+    }
+  }
+
+  private boolean isRedirect(int code) {
+    return code == HttpServletResponse.SC_MOVED_PERMANENTLY
+      || code == HttpServletResponse.SC_MOVED_TEMPORARILY // same as SC_FOUND
+      || code == HttpServletResponse.SC_SEE_OTHER
+      || code == HttpServletResponse.SC_TEMPORARY_REDIRECT
+      || code == 308; // could not find SC field
+  }
+
+  private HttpURLConnection createConnection(String url) throws IOException {
+    HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
+    connection.setConnectTimeout(5000);
+    connection.setReadTimeout(15000);
+    connection.setRequestProperty("User-Agent", "scm-health-check/1.0");
+    if (connection instanceof HttpsURLConnection) {
+      applyHttpsConfiguration((HttpsURLConnection) connection);
+    }
+    return connection;
+  }
+
+  @SuppressWarnings("java:S5527")
+  private void applyHttpsConfiguration(HttpsURLConnection connection) {
+    connection.setHostnameVerifier((hostname, session) -> true);
+    SSLSocketFactory socketFactory = createSslSocketFactory();
+    if (socketFactory != null) {
+      connection.setSSLSocketFactory(socketFactory);
+    }
+  }
+
+  private SSLSocketFactory createSslSocketFactory() {
+    try {
+      SSLContext context = SSLContext.getInstance("TLSv1.2");
+      context.init(null, new X509TrustManager[]{new TrustAllTrustManager()}, null);
+      return context.getSocketFactory();
+    } catch (NoSuchAlgorithmException | KeyManagementException e) {
+      return null;
+    }
+  }
+
+  @SuppressWarnings("java:S4830")
+  private static class TrustAllTrustManager implements X509TrustManager {
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType) {
+      // accept anything
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType) {
+      // accept anything
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+      return new X509Certificate[0];
+    }
+  }
+}