Pull request 1779: 3290-docker-healthcheck

Merge in DNS/adguard-home from 3290-docker-healthcheck to master Updates #3290. Squashed commit of the following: commit 3ac8f26c1c22855d973910fd13c096776aa8dfa6 Merge: bc17565f 0df32601 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 27 01:09:03 2023 +0500 Merge branch 'master' into 3290-docker-healthcheck commit bc17565fcb5acba68129734450fb08b4fe341771 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Mar 26 18:04:08 2023 +0500 all: fix script commit e150fee8025dacdc5aa1d12916d1f42e89216156 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Mar 26 17:18:12 2023 +0500 all: imp naming commit 26b6448d10af39f8363eadd962af228a9d4ae51d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sun Mar 26 03:13:47 2023 +0500 all: support https web commit b5c09ce8b2ac52d6e47a00f76125bee229f616a0 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sat Mar 25 20:03:45 2023 +0500 all: imp scripts fmt, naming commit 8c3798c46974e48cc0c379c2ecc46a6d8d54164b Merge: e33b0c5c fb7b8bba Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Sat Mar 25 00:25:38 2023 +0500 Merge branch 'master' into 3290-docker-healthcheck commit e33b0c5cbfe5a28b29734c9ceee046b0f82a0efe Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 16:47:26 2023 +0500 all: fix docs commit 57bfd898b9c468b2b72eba06294ed5e5e0226c20 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 16:44:40 2023 +0500 dnsforward: add special-use domain handling commit f04ae13f441a25d0b4dc1359b328552f7507fc23 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 16:05:10 2023 +0500 all: imp code commit 32f150f88390320d2da85b54e27f6c751eccb851 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 04:19:10 2023 +0500 all: mv Dockerfile, log changes commit a094a44ccfa26988f0e71f19288e08b26e255e2b Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Fri Mar 24 04:04:27 2023 +0500 all: finish scripts, imp names commit 4db0d0e7cb7ed69030994bc1b579534dd2c3395d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Thu Mar 23 18:33:47 2023 +0500 docker: add script and awk program
2023-03-26 23:12:24 +03:00
parent 0df32601bb
commit d58772f177
8 changed files with 167 additions and 5 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -0,0 +1,74 @@
+# A docker file for scripts/make/build-docker.sh.
+
+FROM alpine:3.17
+
+ARG BUILD_DATE
+ARG VERSION
+ARG VCS_REF
+
+LABEL\
+	maintainer="AdGuard Team <devteam@adguard.com>" \
+	org.opencontainers.image.authors="AdGuard Team <devteam@adguard.com>" \
+	org.opencontainers.image.created=$BUILD_DATE \
+	org.opencontainers.image.description="Network-wide ads & trackers blocking DNS server" \
+	org.opencontainers.image.documentation="https://github.com/AdguardTeam/AdGuardHome/wiki/" \
+	org.opencontainers.image.licenses="GPL-3.0" \
+	org.opencontainers.image.revision=$VCS_REF \
+	org.opencontainers.image.source="https://github.com/AdguardTeam/AdGuardHome" \
+	org.opencontainers.image.title="AdGuard Home" \
+	org.opencontainers.image.url="https://adguard.com/en/adguard-home/overview.html" \
+	org.opencontainers.image.vendor="AdGuard" \
+	org.opencontainers.image.version=$VERSION
+
+# Update certificates.
+RUN apk --no-cache add ca-certificates libcap tzdata && \
+	mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
+	chown -R nobody: /opt/adguardhome
+
+ARG DIST_DIR
+ARG TARGETARCH
+ARG TARGETOS
+ARG TARGETVARIANT
+
+COPY --chown=nobody:nogroup\
+	./${DIST_DIR}/docker/AdGuardHome_${TARGETOS}_${TARGETARCH}_${TARGETVARIANT}\
+	/opt/adguardhome/AdGuardHome
+
+RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
+
+# 53     : TCP, UDP : DNS
+# 67     :      UDP : DHCP (server)
+# 68     :      UDP : DHCP (client)
+# 80     : TCP      : HTTP (main)
+# 443    : TCP, UDP : HTTPS, DNS-over-HTTPS (incl. HTTP/3), DNSCrypt (main)
+# 784    :      UDP : DNS-over-QUIC (experimental)
+# 853    : TCP, UDP : DNS-over-TLS, DNS-over-QUIC
+# 3000   : TCP, UDP : HTTP(S) (alt, incl. HTTP/3)
+# 3001   : TCP, UDP : HTTP(S) (beta, incl. HTTP/3)
+# 5443   : TCP, UDP : DNSCrypt (alt)
+# 6060   : TCP      : HTTP (pprof)
+# 8853   :      UDP : DNS-over-QUIC (experimental)
+#
+# TODO(a.garipov): Remove the old, non-standard 784 and 8853 ports for
+# DNS-over-QUIC in a future release.
+EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 443/udp 784/udp\
+	853/tcp 853/udp 3000/tcp 3000/udp 5443/tcp\
+	5443/udp 6060/tcp 8853/udp
+
+WORKDIR /opt/adguardhome/work
+
+# Install helpers for healthcheck.
+COPY --chown=nobody:nogroup\
+	./${DIST_DIR}/docker/scripts\
+	/opt/adguardhome/scripts
+
+ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
+
+HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD [ "/opt/adguardhome/scripts/healthcheck.sh" ]
+
+CMD [ \
+	"--no-check-update", \
+	"-c", "/opt/adguardhome/conf/AdGuardHome.yaml", \
+	"-h", "0.0.0.0", \
+	"-w", "/opt/adguardhome/work" \
+]
--- a/docker/dns-bind.awk
+++ b/docker/dns-bind.awk
@@ -0,0 +1,22 @@
+/^[^[:space:]]/ { is_dns = /^dns:/ }
+
+/^[[:space:]]+bind_hosts:/ { if (is_dns) prev_line = FNR }
+
+/^[[:space:]]+- .+/ {
+    if (FNR - prev_line == 1) {
+        addrs[addrsnum++] = $2
+        prev_line = FNR
+    }
+}
+
+/^[[:space:]]+port:/ { if (is_dns) port = $2 }
+
+END {
+    for (i in addrs) {
+        if (match(addrs[i], ":")) {
+            print "[" addrs[i] "]:" port
+        } else {
+            print addrs[i] ":" port
+        }
+    }
+}
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+# AdGuard Home Docker healthcheck script
+
+# Exit the script if a pipeline fails (-e), prevent accidental filename
+# expansion (-f), and consider undefined variables as errors (-u).
+set -e -f -u
+
+# Function error_exit is an echo wrapper that writes to stderr and stops the
+# script execution with code 1.
+error_exit() {
+	echo "$1" 1>&2
+
+	exit 1
+}
+
+agh_dir="/opt/adguardhome"
+readonly agh_dir
+
+filename="${agh_dir}/conf/AdGuardHome.yaml"
+readonly filename
+
+if ! [ -f "$filename" ]
+then
+    wget "http://127.0.0.1:3000" -O /dev/null -q || exit 1
+
+    exit 0
+fi
+
+help_dir="${agh_dir}/scripts"
+readonly help_dir
+
+# Parse web host
+
+web_url="$( awk -f "${help_dir}/web-bind.awk" "$filename" )"
+readonly web_url
+
+if [ "$web_url" = '' ]
+then
+    error_exit "no web bindings could be retrieved from $filename"
+fi
+
+# TODO(e.burkov):  Deal with 0 port.
+case "$web_url"
+in
+(*':0')
+    error_exit '0 in web port is not supported by healthcheck'
+    ;;
+(*)
+    # Go on.
+    ;;
+esac
+
+# Parse DNS hosts
+
+dns_hosts="$( awk -f "${help_dir}/dns-bind.awk" "$filename" )"
+readonly dns_hosts
+
+if [ "$dns_hosts" = '' ]
+then
+    error_exit "no DNS bindings could be retrieved from $filename"
+fi
+
+# TODO(e.burkov):  Deal with 0 port.
+case "$( echo "$dns_hosts" | head -n 1 )"
+in
+(*':0')
+    error_exit '0 in DNS port is not supported by healthcheck'
+    ;;
+(*)
+    # Go on.
+    ;;
+esac
+
+# Check
+
+wget "$web_url" -O /dev/null -q || exit 1
+
+echo "$dns_hosts" | while read -r host
+do
+    nslookup -type=a healthcheck.adguardhome.test. "$host" > /dev/null ||\
+        error_exit "nslookup failed for $host"
+done
--- a/docker/web-bind.awk
+++ b/docker/web-bind.awk
@@ -0,0 +1,23 @@
+BEGIN { scheme = "http" }
+
+/^bind_host:/ { host = $2 }
+
+/^bind_port:/ { port = $2 }
+
+/force_https: true$/ { scheme = "https" }
+
+/port_https:/ { https_port = $2 }
+
+/server_name:/ { https_host = $2 }
+
+END {
+    if (scheme == "https") {
+        host = https_host
+        port = https_port
+    }
+    if (match(host, ":")) {
+        print scheme "://[" host "]:" port
+     } else {
+        print scheme "://" host ":" port
+    }
+}