php icon indicating copy to clipboard operation
php copied to clipboard

Add support for `HEALTHCHECK_URL` environment variable

Open jozefrebjak opened this issue 1 month ago • 2 comments

Add support for a HEALTHCHECK_URL environment variable to allow customizing the health check endpoint without overriding the entire HEALTHCHECK instruction.

Problem

When running PHP applications with secure cookie configurations in production, the default health check fails.

Why this happens

  1. Production applications commonly use secure cookies:

    • __Host- or __Secure- cookie prefixes
    • Secure flag set to true
    • SameSite=Strict or SameSite=Lax
  2. The internal health checker correctly uses plain HTTP (http://127.0.0.1/)

  3. When the application tries to set a secure cookie over HTTP, it throws an exception

Example error

Fatal error: Uncaught SecurityException: Attempted to send a secure cookie over a non-secure connection.

This affects all major PHP frameworks when configured for production security:

  • CodeIgniter 4 - Config\Cookie::$secure = true
  • Laravel - SESSION_SECURE_COOKIE=true
  • Symfony - framework.session.cookie_secure: true

Current workaround

Users must override the entire HEALTHCHECK in their Dockerfile:

HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
  CMD curl -sf http://127.0.0.1/health || exit 1

This works but:

  • Bypasses the well-designed wait-for script
  • Requires users to duplicate health check logic
  • Loses any future improvements to the base image's health checking

Proposed solution

Add support for a HEALTHCHECK_URL environment variable:

# In wait-for or health check script
target="${1:-${HEALTHCHECK_URL:-http://127.0.0.1/}}"

jozefrebjak avatar Dec 30 '25 22:12 jozefrebjak

Hi @jozefrebjak, thanks for reaching out.

I'm not sure I fully understand your point, but my Docker images don't have a default HEALTHCHECK configured (except the FrankenPHP variants). So I'm not sure where this issue is coming from.

If it's related to #360, please try setting the environment variable DISABLE_ONLIVE_HOOK=1 for the container.

shinsenter avatar Dec 31 '25 12:12 shinsenter

Btw, the internal healthcheck script uses the HEALTH_CHECK_URL variable.

https://github.com/shinsenter/php/blob/ba8901b0be9b2032af33324bc55e19857a5830cf/src/php/common/os-s6-overlay.dockerfile#L84

If this implementation matches what you're looking for, try using that variable.

shinsenter avatar Dec 31 '25 12:12 shinsenter