From 0abe1912f4bd41c25ad5b28e04f671b5c6f9238a Mon Sep 17 00:00:00 2001 From: btimbermont Date: Thu, 14 Feb 2019 09:19:14 +0100 Subject: [PATCH 1/3] Added healthcheck that checks if network is still up --- Dockerfile | 10 ++++++++-- scripts/healthcheck.sh | 22 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) create mode 100755 scripts/healthcheck.sh diff --git a/Dockerfile b/Dockerfile index 39e85bf02..ccfe4bc7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,11 +34,14 @@ RUN apt-get update \ && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && groupmod -g 1000 users \ && useradd -u 911 -U -d /config -s /bin/false abc \ - && usermod -G users abc + && usermod -G users abc \ ADD openvpn/ /etc/openvpn/ ADD transmission/ /etc/transmission/ ADD tinyproxy /opt/tinyproxy/ +ADD scripts /etc/scripts/ + +RUN chmod a+x /etc/scripts/healthcheck.sh ENV OPENVPN_USERNAME=**None** \ OPENVPN_PASSWORD=**None** \ @@ -129,7 +132,10 @@ ENV OPENVPN_USERNAME=**None** \ TRANSMISSION_WEB_HOME= \ DROP_DEFAULT_ROUTE= \ WEBPROXY_ENABLED=false \ - WEBPROXY_PORT=8888 + WEBPROXY_PORT=8888 \ + HEALTH_CHECK_HOST=google.com + +HEALTHCHECK --interval=5m CMD /etc/scripts/healthcheck.sh # Expose port and run EXPOSE 9091 diff --git a/scripts/healthcheck.sh b/scripts/healthcheck.sh new file mode 100755 index 000000000..dc669e277 --- /dev/null +++ b/scripts/healthcheck.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# Ping uses both exit codes 1 and 2. Exit code 2 cannot be used for docker health checks, +# therefore we use this script to catch error code 2 +HOST=$HEALTH_CHECK_HOST + +if [ -z "$HOST" ] +then + echo "Host not set! Set env 'HEATH_CHECK_HOST'. For now, using default google.com" + HOST="google.com" +fi + +ping -c 1 $HOST +STATUS=$? +if [ $STATUS -ne 0 ] +then + echo "Network is down" + exit 1 +fi + +echo "Network is up" +exit 0 + From 75b15a63898dea17ca470b38e0175a816ab47fa9 Mon Sep 17 00:00:00 2001 From: btimbermont Date: Thu, 14 Feb 2019 09:21:39 +0100 Subject: [PATCH 2/3] Remove typo in Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ccfe4bc7c..15483cb71 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,7 @@ RUN apt-get update \ && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ && groupmod -g 1000 users \ && useradd -u 911 -U -d /config -s /bin/false abc \ - && usermod -G users abc \ + && usermod -G users abc ADD openvpn/ /etc/openvpn/ ADD transmission/ /etc/transmission/ From 5cf8f018e097edc00ac26fa1f829051dfd0bdb3f Mon Sep 17 00:00:00 2001 From: btimbermont Date: Thu, 14 Feb 2019 09:31:25 +0100 Subject: [PATCH 3/3] Extended readme.md to include health check --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 87c53b9a9..8d2fef4dd 100644 --- a/README.md +++ b/README.md @@ -166,6 +166,14 @@ If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to t |`UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443`| |`UFW_DISABLE_IPTABLES_REJECT` | Prevents the use of `REJECT` in the `iptables` rules, for hosts without the `ipt_REJECT` module (such as the Synology NAS). | `UFW_DISABLE_IPTABLES_REJECT=true`| +### Health check option + +Because your VPN connection can sometimes fail, Docker will run a health check on this container every 5 minutes to see if the container is still connected to the internet. By default, this check is done by pinging google.com once. You change the host that is pinged. + +| Variable | Function | Example | +|----------|----------|-------| +| `HEALTH_CHECK_HOST` | this host is pinged to check if the network connection still works | `google.com` | + ### Permission configuration options By default the startup script applies a default set of permissions and ownership on the transmission download, watch and incomplete directories. The GLOBAL_APPLY_PERMISSIONS directive can be used to disable this functionality.