Erisa/cloudflared-docker

Health checks

Closed this issue · 7 comments

How would one go about setting up health checks for their container if (as mentioned in issue #1) the binary is the only thing available?

Erisa commented

Good question! I have not tried this and have not personally implemented a health check for cloudflared before.

If you could, what command would you use to run your health checks? What resources would you check against?

I think sh and/or curl would be useful, curl can be used to check an endpoint is unavailable via the active tunnel, or shell could be used to scrape the logs for retries and errors. Both of these would yield an unhealthy state.

Its possible if you start the tunnel with a metrics flag. See here - https://yaleman.org/post/2021/2021-01-11-monitoring-cloudflared/

OR

You could monitor via Cloudflare via API

Use a GET on https://api.cloudflare.com/client/v4/accounts/:account_identifier/tunnels endpoint for getting the tunnel status/connections.

Cloudflare API v4 documentation - https://api.cloudflare.com/#getting-started-endpoints has instructions on how to make API requests & generate the necessary tokens.

Thanks for the suggestions @jiriteach I tried option one, seems I can't access the server no matter what I do. I've set & exposed the port, but my curl results in a connection refused.

Am I understanding correctly that you should be able to access this endpoint outside the container? I avoided suggested option two because it seems silly to have to ask a public facing Cloudflare API for metrics that are already on local.

For anyone still looking for this, I have pushed a small modification of this image with just curl static binary added from tarampampam/curl image at https://hub.docker.com/r/sidevesh/cloudflared,
@Erisa if this change makes sense to be integrated then let me know and I can open a PR

@matt-laird We're using this image (as it's better than the official) and we are running it with the metrics on. We are starting tunnels like this:

/cloudflared tunnel --no-autoupdate --protocol auto --metrics 0.0.0.0:80 run

As another option the Dockerfile can be modified to include following command in the scratch section:

# Copy curl binary from a docker image
COPY --from=ghcr.io/tarampampam/curl /bin/curl /bin/curl