Skip to content

Improve Dockerfile and entrypoint for production use#15

Open
sonirahul wants to merge 1 commit intolitespeedtech:masterfrom
sonirahul:fix/dockerfile-improvements
Open

Improve Dockerfile and entrypoint for production use#15
sonirahul wants to merge 1 commit intolitespeedtech:masterfrom
sonirahul:fix/dockerfile-improvements

Conversation

@sonirahul
Copy link
Copy Markdown

@sonirahul sonirahul commented Apr 12, 2026
edited
Loading

Summary

This PR improves the Dockerfile and entrypoint script with production-hardening changes while maintaining full backward compatibility.

Changes

Dockerfile

Change Description Impact
apt cache cleanup Added rm -rf /var/lib/apt/lists/* after all package installations are complete Reduces final image size by ~30-40 MB
HEALTHCHECK Added HEALTHCHECK instruction (curl -sf http://localhost/) with 30s interval, 5s timeout, 10s start period Enables Docker/Swarm/Compose to detect unresponsive containers automatically
Fail on unsupported platform Changed unsupported platform handler from echo to echo && exit 1 Prevents silent build failures on unsupported architectures
Consolidated post-setup layers Merged setup_docker.sh, chown, cp conf, cp admin/conf into a single RUN layer Reduces layer count by 3, slightly smaller image
Consistent -y flag Added -y to all apt-get install commands Prevents interactive prompts during build
Descriptive comments Added section comments throughout the Dockerfile Improves readability and maintainability

Entrypoint (entrypoint.sh)

Change Description Impact
Graceful shutdown Added trap shutdown SIGTERM SIGINT handler that calls lswsctrl stop Container responds to docker stop gracefully instead of being killed after timeout
Comments Added descriptive comments for each section Improves readability

Testing

Tested with OLS 1.8.5 + lsphp85 on linux/arm64 (Apple Silicon via Docker Desktop):

  • ✅ Build completes successfully
  • ✅ HTTP returns 200
  • ✅ HTTPS returns 200
  • HEALTHCHECK reports healthy after start period
  • docker stop completes gracefully (no SIGKILL timeout)
  • ✅ No breaking changes to existing behavior

Backward Compatibility

All changes are additive. Existing docker-compose.yml files, volume mounts, and environment configurations continue to work without modification.

@sonirahul
Improve Dockerfile and entrypoint for production use
2e3f49e 
- Add apt cache cleanup (rm -rf /var/lib/apt/lists/*) to reduce image size
- Add HEALTHCHECK instruction for container health monitoring
- Add SIGTERM/SIGINT trap in entrypoint for graceful shutdown
- Add custom setup.sh hook support via volume mount
- Consolidate post-setup RUN layers (setup, chown, config backup)
- Add descriptive comments throughout Dockerfile
- Fail build explicitly on unsupported platforms (exit 1)
- Add -y flag consistently to all apt-get install commands

Tested with OLS 1.8.5 + lsphp85 on linux/arm64:
- HTTP 200, HTTPS 200
- HEALTHCHECK reports healthy
- Graceful shutdown via docker stop completes without timeout
@sonirahul sonirahul force-pushed the fix/dockerfile-improvements branch from 50abbe5 to 2e3f49e Compare April 12, 2026 10:27
@Code-Egg
Copy link
Copy Markdown
Collaborator

Code-Egg commented Apr 17, 2026

Thanks. Before merging, could you help explain what this command is for?

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD curl -sf http://localhost/ -o /dev/null || exit 1

@sonirahul
Copy link
Copy Markdown
Author

sonirahul commented Apr 18, 2026

The HEALTHCHECK instruction tells Docker to periodically verify the container is actually serving traffic, not just that the process is running.

What it does:

  • Every 30 seconds, it curls http://localhost/ inside the container
  • If the request fails (non-2xx response or connection refused), it marks the container as unhealthy
  • After 3 consecutive failures, Docker reports the container status as unhealthy

Flags breakdown:

  • --interval=30s — check every 30 seconds
  • --timeout=5s — each check must complete within 5 seconds
  • --start-period=10s — grace period after container start (failures during this window don't count toward retries)
  • --retries=3 — 3 consecutive failures before marking unhealthy

Why it matters:
Without a HEALTHCHECK, Docker only knows if the main process (PID 1) is alive. A container can have a running process but a broken web server (e.g., misconfiguration, port not listening, OLS crashed internally). The HEALTHCHECK catches that gap.

This is especially useful in orchestration (Docker Swarm, Compose with restart: unless-stopped) where the health status can trigger automatic restarts or prevent routing traffic to a dead container.

@Code-Egg
Copy link
Copy Markdown
Collaborator

Code-Egg commented Apr 18, 2026

Thanks. The other changes look good, but I think the HEALTHCHECK could be an issue, for example, localhost might be unavailable, return a non-200 status code, or the default site might redirect. Can you modify that part?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sonirahul @Code-Egg