healthcheck with `service` command always returns unhealthy status

Question

healthcheck with `service` command always returns unhealthy status

Closed this issue 4 months ago · 1 comments

Bug Overview

One of the way "to healthcheck nginx container" is to use service nginx status command

gateway:
    image: nginx:stable
    restart: always
    healthcheck:
      test: ["CMD", "service", "nginx", "status"]
      interval: 10s
      timeout: 5s
      retries: 5
...

After switching from nginx:stable to nginxinc/nginx-unprivileged:stable the healthcheck always show unhealthy status.

This command doesn't work on unprivileged debian image because:

we moved pid to /tmp/nginx.pid
init.d script in /etc/init.d/nginx using /run/nginx.pid as pid file location

DESC=${DESC:-nginx}
NAME=${NAME:-nginx}
CONFFILE=${CONFFILE:-/etc/nginx/nginx.conf}
DAEMON=${DAEMON:-/usr/sbin/nginx}
PIDFILE=${PIDFILE:-/run/nginx.pid}
SLEEPSEC=${SLEEPSEC:-1}
UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS:-5}
CHECKSLEEP=${CHECKSLEEP:-3}

Expected Behavior

service nginx status returns nginx is running.
command like docker ps shows healthy status

Steps to Reproduce the Bug

run docker run --rm -p 8080:8080 -d --health-cmd "service nginx status" --health-interval 10s --health-timeout 5s --health-retries 5 --name health-test nginxinc/nginx-unprivileged:stable
run docker ps or run docker exec health-test service nginx status

output of docker ps:

➜  ~ docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED          STATUS                      PORTS                                         NAMES
ac90b03512cc   nginxinc/nginx-unprivileged:stable   "/docker-entrypoint.…"   53 seconds ago   Up 53 seconds (unhealthy)   0.0.0.0:8080->8080/tcp, [::]:8080->8080/tcp   health-test

output of docker exec:
nginx is not running ... failed!

Environment Details

Version of Docker and method of installation: Docker desktop (28.2.2) and docker server (28.1.1)
Version/tag of the NGINX Docker unprivileged image or specific commit: stable (1.2.8)
Target deployment platform: Docker compose
Target OS: Ubuntu 22.04.05

Additional Context

We can fix Dockerfile-debian.template by adding another override with sed (if it's ok i'll make PR):
sed -i 's,PIDFILE=${PIDFILE:-/run/nginx.pid},PIDFILE=${PIDFILE:-/tmp/nginx.pid},' /etc/init.d/nginx
but i'm not sure how to fix -otel and -perl variants.

Answer 1 · 2025-06-26T11:20:45.000Z

Hey @S1ealth! Thanks for reporting this! If you could open a PR that would be great 😄

Due to how the images are built, adding the sed command in this block https://github.com/nginx/docker-nginx-unprivileged/blob/main/Dockerfile-debian.template#L128-L137 should be enough to propagate the change to the other variants.