cloudflared-docker icon indicating copy to clipboard operation
cloudflared-docker copied to clipboard

Published 20 hours ago verified publisher icon Erisa

Health checks

Open matt-laird opened this issue 2 years ago • 4 comments

How would one go about setting up health checks for their container if (as mentioned in issue #1) the binary is the only thing available?

matt-laird avatar Jul 26 '22 16:07 matt-laird

Good question! I have not tried this and have not personally implemented a health check for cloudflared before.

If you could, what command would you use to run your health checks? What resources would you check against?

Erisa avatar Jul 26 '22 16:07 Erisa

I think sh and/or curl would be useful, curl can be used to check an endpoint is unavailable via the active tunnel, or shell could be used to scrape the logs for retries and errors. Both of these would yield an unhealthy state.

matt-laird avatar Jul 26 '22 17:07 matt-laird

Its possible if you start the tunnel with a metrics flag. See here - https://yaleman.org/post/2021/2021-01-11-monitoring-cloudflared/

OR

You could monitor via Cloudflare via API

Use a GET on https://api.cloudflare.com/client/v4/accounts/:account_identifier/tunnels endpoint for getting the tunnel status/connections.

Cloudflare API v4 documentation - https://api.cloudflare.com/#getting-started-endpoints has instructions on how to make API requests & generate the necessary tokens.

jiriteach avatar Jul 26 '22 19:07 jiriteach

Thanks for the suggestions @Jiriteach I tried option one, seems I can't access the server no matter what I do. I've set & exposed the port, but my curl results in a connection refused.

Am I understanding correctly that you should be able to access this endpoint outside the container? I avoided suggested option two because it seems silly to have to ask a public facing Cloudflare API for metrics that are already on local.

matt-laird avatar Sep 12 '22 19:09 matt-laird

For anyone still looking for this, I have pushed a small modification of this image with just curl static binary added from tarampampam/curl image at https://hub.docker.com/r/sidevesh/cloudflared, @Erisa if this change makes sense to be integrated then let me know and I can open a PR

sidevesh avatar Feb 13 '23 16:02 sidevesh

@matt-laird We're using this image (as it's better than the official) and we are running it with the metrics on. We are starting tunnels like this:

/cloudflared tunnel --no-autoupdate --protocol auto --metrics 0.0.0.0:80 run

yggdrasil-tynor avatar Aug 28 '23 18:08 yggdrasil-tynor

As another option the Dockerfile can be modified to include following command in the scratch section:

# Copy curl binary from a docker image
COPY --from=ghcr.io/tarampampam/curl /bin/curl /bin/curl

Letgamer avatar Dec 24 '23 00:12 Letgamer