From 251f7b227d13137c9779c578a4528f114d316e7d Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Mon, 29 Sep 2025 17:09:42 +0200
Subject: [PATCH] Add healthchecks for all Taiga services, fix RabbitMQ env var
 names, and define TAIGA_HOSTNAME

Details:
- Implemented healthchecks for taiga, async, rabbitmq, front, events, protected, and gateway
- Corrected RabbitMQ env variables (RABBITMQ_DEFAULT_USER/PASS/VHOST/ERLANG_COOKIE)
- Added TAIGA_HOSTNAME for backend service

See: https://chatgpt.com/share/68da9d6b-b164-800f-bcb7-410b40219a1e
---
 roles/web-app-nextcloud/config/main.yml       |  4 +-
 .../templates/docker-compose.yml.j2           |  4 +-
 .../templates/nginx/docker.conf.j2            | 18 ++++---
 roles/web-app-nextcloud/vars/main.yml         |  1 +
 .../templates/docker-compose.yml.j2           | 52 +++++++++++++++++--
 roles/web-app-taiga/templates/env.j2          |  8 +--
 roles/web-app-taiga/vars/main.yml             |  1 +
 roles/web-app-wordpress/config/main.yml       |  2 +-
 8 files changed, 70 insertions(+), 20 deletions(-)

diff --git a/roles/web-app-nextcloud/config/main.yml b/roles/web-app-nextcloud/config/main.yml
index 0a27cdb9..d8b1d213 100644
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -54,8 +54,8 @@ docker:
       backup:
         no_stop_required:   false
       turn_server:
-        onboard_enabled:    true
-        standalone_enabled: true
+        onboard_enabled:    true # Deactivated because standalone turnserver works with  Big Blue Button, so I assume that the nextcloud internal turnserver has it's isssues
+        standalone_enabled: false
       network_mode:         host
     whiteboard:
       name:                 "nextcloud-whiteboard"
diff --git a/roles/web-app-nextcloud/templates/docker-compose.yml.j2 b/roles/web-app-nextcloud/templates/docker-compose.yml.j2
index 51e65583..1ae6882f 100644
--- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2
@@ -37,7 +37,7 @@
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
         ipv4_address: 192.168.102.69
 
-{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
+{% if NEXTCLOUD_TALK_SIGNALING_ENABLED | bool %}
   talk:
 {% set container_port = NEXTCLOUD_TALK_SIGNALING_PORT %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
@@ -46,7 +46,7 @@
     container_name: {{ NEXTCLOUD_TALK_CONTAINER }}
     init: true
     network_mode: {{ NEXTCLOUD_TALK_NETWORK_MODE }}
-{% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' %}
+{% if NEXTCLOUD_TALK_NETWORK_MODE == 'bridge' and NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
     ports:
       - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}/tcp
       - {{ networks.internet.ip4 }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}:{{ NEXTCLOUD_TALK_TURN_ONBOARD_PORT }}/udp
diff --git a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2 b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2
index 2241fbfa..676c5173 100644
--- a/roles/web-app-nextcloud/templates/nginx/docker.conf.j2
+++ b/roles/web-app-nextcloud/templates/nginx/docker.conf.j2
@@ -192,18 +192,20 @@ http {
             proxy_read_timeout 3600;
         }
 
-{% if NEXTCLOUD_TALK_TURN_ONBOARD_ENABLED | bool %}
+{% if NEXTCLOUD_TALK_SIGNALING_ENABLED | bool %}
         location {{ NEXTCLOUD_TALK_SIGNALING_LOCATION }} {
 {% if NEXTCLOUD_TALK_NETWORK_MODE == 'host' %}
-            proxy_pass http://host.docker.internal:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
+            proxy_pass          http://host.docker.internal:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
 {% else %}
-            proxy_pass http://talk:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
+            proxy_pass          http://talk:{{ NEXTCLOUD_TALK_SIGNALING_PORT }}/;
 {% endif %}
-            proxy_http_version 1.1;
-            proxy_set_header   Host              $host;
-            proxy_set_header   Upgrade           $http_upgrade;
-            proxy_set_header   Connection        "upgrade";
-            proxy_read_timeout 3600;
+            proxy_http_version  1.1;
+            proxy_set_header    Host              $host;
+            proxy_set_header    Upgrade           $http_upgrade;
+            proxy_set_header    Connection        "upgrade";
+            proxy_read_timeout  3600;
+            proxy_buffering     off;
+            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
         }
 {% endif %}
 
diff --git a/roles/web-app-nextcloud/vars/main.yml b/roles/web-app-nextcloud/vars/main.yml
index 11f4fbdb..b3909f3c 100644
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@@ -73,6 +73,7 @@ NEXTCLOUD_TALK_SIGNALING_SECRET:      "{{ applications | get_app_conf(applicatio
 NEXTCLOUD_TALK_SIGNALING_LOCATION:    "/standalone-signaling/"
 NEXTCLOUD_TALK_SIGNALING_PORT:        "8081"
 NEXTCLOUD_TALK_SIGNALING_URL:         "{{ [ NEXTCLOUD_URL, NEXTCLOUD_TALK_SIGNALING_LOCATION ] | url_join }}"
+NEXTCLOUD_TALK_SIGNALING_ENABLED:     "{{ NEXTCLOUD_TALK_PLUGIN_ENABLED }}"
 
 #### Talk Turn (Onboard)
 NEXTCLOUD_TALK_TURN_ONBOARD_PORT:             "{{ ports.public.stun_turn[application_id] }}"
diff --git a/roles/web-app-taiga/templates/docker-compose.yml.j2 b/roles/web-app-taiga/templates/docker-compose.yml.j2
index 0fb58825..2ec575f0 100644
--- a/roles/web-app-taiga/templates/docker-compose.yml.j2
+++ b/roles/web-app-taiga/templates/docker-compose.yml.j2
@@ -3,7 +3,14 @@
 {% set service_name = TAIGA_SERVICE %}
   {{ service_name }}:
     container_name: {{ TAIGA_CONTAINER }}
+    hostname:       {{ TAIGA_HOSTNAME }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
+    healthcheck:
+      test: ["CMD", "python", "-c", "import socket; socket.create_connection(('127.0.0.1',8000),5).close()"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 40s
     image: "{{ TAIGA_DOCKER_IMAGE_BACKEND }}:{{ TAIGA_VERSION }}"
     volumes:
       # These volumens will be used by taiga-back and taiga-async.
@@ -31,6 +38,12 @@
   {{ service_name }}:
     container_name: {{ TAIGA_CONTAINER }}-{{ service_name }}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
+    healthcheck:
+      test: ["CMD-SHELL", "tr '\\0' ' ' </proc/1/cmdline | grep -qi celery"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 60s
     image: "{{ TAIGA_DOCKER_IMAGE_BACKEND }}:{{ TAIGA_VERSION }}"
     entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
     volumes:
@@ -65,6 +78,12 @@
     volumes:
       - async-rabbitmq-data:/var/lib/rabbitmq
 {% include 'roles/docker-container/templates/base.yml.j2' %}
+    healthcheck:
+      test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
       taiga:
 
@@ -73,6 +92,12 @@
     container_name: {{ TAIGA_CONTAINER }}-{{ service_name }}
     image: "{{TAIGA_DOCKER_IMAGE_FRONTEND}}:{{ TAIGA_VERSION }}"
 {% include 'roles/docker-container/templates/base.yml.j2' %}
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/ >/dev/null || curl -fsS http://127.0.0.1/ >/dev/null"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
       taiga:
 #    volumes:
@@ -83,6 +108,12 @@
     container_name: {{ TAIGA_CONTAINER }}-{{ service_name }}
     image: taigaio/taiga-events:latest
 {% include 'roles/docker-container/templates/base.yml.j2' %}
+    healthcheck:
+      test: ["CMD-SHELL", "nc -z 127.0.0.1 8888"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
       taiga:
     depends_on:
@@ -97,7 +128,12 @@
     volumes:
       - events-rabbitmq-data:/var/lib/rabbitmq
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-
+    healthcheck:
+      test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
       taiga:
 
@@ -106,7 +142,12 @@
     container_name: {{ TAIGA_CONTAINER }}-{{ service_name }}
     image: taigaio/taiga-protected:latest
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-
+    healthcheck:
+      test: ["CMD", "python", "-c", "import socket; socket.create_connection(('127.0.0.1',8003),5).close()"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
       taiga:
 
@@ -121,7 +162,12 @@
       - static-data:/taiga/static
       - media-data:/taiga/media
 {% include 'roles/docker-container/templates/base.yml.j2' %}
-
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/ >/dev/null || curl -fsS http://127.0.0.1/ >/dev/null"]
+      interval: 30s
+      timeout: 5s
+      retries: 5
+      start_period: 20s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
       taiga:
     depends_on:
diff --git a/roles/web-app-taiga/templates/env.j2 b/roles/web-app-taiga/templates/env.j2
index 0f4f3d33..78ea5de1 100644
--- a/roles/web-app-taiga/templates/env.j2
+++ b/roles/web-app-taiga/templates/env.j2
@@ -33,10 +33,10 @@ RABBITMQ_PASS=taiga
 RABBITMQ_VHOST=taiga
 
 # Taiga's RabbitMQ settings - Variables to leave messages for the realtime and asynchronous events
-RABBITMQ_DEFAULT_RABBITMQ_USER  =   taiga  # user to connect to RabbitMQ
-RABBITMQ_DEFAULT_RABBITMQ_PASS  =   taiga  # RabbitMQ user's password
-RABBITMQ_DEFAULT_RABBITMQ_VHOST =   taiga  # RabbitMQ container name
-RABBITMQ_ERLANG_COOKIE          =   secret-erlang-cookie  # unique value shared by any connected instance of RabbitMQ
+RABBITMQ_DEFAULT_USER  =   taiga  # user to connect to RabbitMQ
+RABBITMQ_DEFAULT_PASS  =   taiga  # RabbitMQ user's password
+RABBITMQ_DEFAULT_VHOST =   taiga  # RabbitMQ container name
+RABBITMQ_ERLANG_COOKIE =   secret-erlang-cookie  # unique value shared by any connected instance of RabbitMQ
 
 # Taiga's Attachments - Variable to define how long the attachments will be accesible
 ATTACHMENTS_MAX_AG  =   360  # token expiration date (in seconds)
diff --git a/roles/web-app-taiga/vars/main.yml b/roles/web-app-taiga/vars/main.yml
index 6f23ed8b..f7396414 100644
--- a/roles/web-app-taiga/vars/main.yml
+++ b/roles/web-app-taiga/vars/main.yml
@@ -36,6 +36,7 @@ TAIGA_VERSION:                  "{{ applications | get_app_conf(application_id,
 
 ### Backend
 TAIGA_SERVICE:                  "{{ entity_name }}"
+TAIGA_HOSTNAME:                 "taiga-back"
 TAIGA_CONTAINER:                "{{ entity_name }}"
 TAIGA_VOLUME_MEDIA:             "/taiga-back/media"
 TAIGA_VOLUME_STATIC:            "/taiga-back/static"
diff --git a/roles/web-app-wordpress/config/main.yml b/roles/web-app-wordpress/config/main.yml
index 816c7b53..e222866f 100644
--- a/roles/web-app-wordpress/config/main.yml
+++ b/roles/web-app-wordpress/config/main.yml
@@ -53,7 +53,7 @@ docker:
       backup:
         no_stop_required: true
   volumes: 
-    data:               wordpress_data
+    data:                 wordpress_data
 rbac:
   roles:
     subscriber: