enh(shopware): improve healthchecks and proxy configuration

Removed obsolete EXPOSE/healthcheck from Dockerfile and added robust service-specific healthchecks: - web: HTTP robots.txt check - worker/scheduler: php -v runtime check - opensearch: cluster health API check Added TRUSTED_PROXIES=* for proxy-aware headers and centralized OPENSEARCH_PORT in vars. Context: discussed implementation details in ChatGPT conversation on 2025-11-06 — https://chatgpt.com/share/690c9fb3-79f4-800f-bbdf-ea370c8f142c
2025-11-07 13:48:00 +00:00 · 2025-11-06 14:17:00 +01:00
parent 0c16f9c43c
commit d66ad37c5d
4 changed files with 34 additions and 13 deletions
--- a/roles/web-app-shopware/templates/Dockerfile.j2
+++ b/roles/web-app-shopware/templates/Dockerfile.j2
@@ -85,8 +85,3 @@ RUN set -eux; \

 # Drop back to the app user
 USER www-data
-
-# Expose internal port & add a lightweight healthcheck
-EXPOSE 8000
-HEALTHCHECK --interval=30s --timeout=5s --retries=5 --start-period=20s \
-  CMD php -r '$s=@fsockopen("127.0.0.1", 8000, $e, $t, 3); if(!$s) exit(1); fclose($s);'
--- a/roles/web-app-shopware/templates/docker-compose.yml.j2
+++ b/roles/web-app-shopware/templates/docker-compose.yml.j2
@@ -42,9 +42,13 @@ x-environment: &shopware
    depends_on:
      init:
        condition: service_completed_successfully
-{% filter indent(4) %}
-    {% include 'roles/docker-container/templates/healthcheck/http.yml.j2' %}
-{% endfilter %}
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider http://127.0.0.1:{{ container_port }}/robots.txt || wget -q --spider http://127.0.0.1:{{ container_port }}/ || exit 1"]
+      interval: 30s
+      timeout: 5s
+      retries: 10
+      start_period: 120s
+

 {% include 'roles/docker-container/templates/networks.yml.j2' %}

@@ -64,6 +68,12 @@ x-environment: &shopware
 # @todo Activate for swarm deploy
 #    deploy:
 #      replicas: {{ SHOPWARE_WORKER_REPLICAS }}
+    healthcheck:
+      test: ["CMD", "php", "-v"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s

 {% include 'roles/docker-container/templates/networks.yml.j2' %}

@@ -80,6 +90,13 @@ x-environment: &shopware
    depends_on:
      init:
        condition: service_completed_successfully
+    healthcheck:
+      test: ["CMD", "php", "-v"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+

 {% include 'roles/docker-container/templates/networks.yml.j2' %}

@@ -99,6 +116,12 @@ x-environment: &shopware
    depends_on:
      init:
        condition: service_completed_successfully
+    healthcheck:
+      test: ["CMD-SHELL", "curl -fsSL http://127.0.0.1:{{ SHOPWARE_OPENSEARCH_PORT }}/_cluster/health || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 60s
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
 {% endif %}

--- a/roles/web-app-shopware/templates/env.j2
+++ b/roles/web-app-shopware/templates/env.j2
@@ -5,7 +5,7 @@ APP_DEBUG="{{ MODE_DEBUG | ternary(1, 0) }}"

 # Shopware
 APP_ENV={{ 'dev' if (ENVIRONMENT | lower) == 'development' else 'prod' }}
-#TRUSTED_PROXIES=127.0.0.1
+TRUSTED_PROXIES=*
 INSTANCE_ID={{ application_id }}

 # Database
@@ -22,10 +22,10 @@ CACHE_URL="file://cache"

 {% if SHOPWARE_OPENSEARCH_ENABLED %}
 # Search
-ELASTICSEARCH_URL="http://opensearch:9200"
-OPENSEARCH_URL="http://opensearch:9200"
+ELASTICSEARCH_URL="http://opensearch:{{ SHOPWARE_OPENSEARCH_PORT }}"
+OPENSEARCH_URL="http://opensearch:{{ SHOPWARE_OPENSEARCH_PORT }}"
 OPENSEARCH_HOST="opensearch"
-OPENSEARCH_PORT_NUMBER="9200"
+OPENSEARCH_PORT_NUMBER="{{ SHOPWARE_OPENSEARCH_PORT }}"
 OPENSEARCH_INITIAL_ADMIN_PASSWORD="{{ users.administrator.password }}"
 {% endif %}

--- a/roles/web-app-shopware/vars/main.yml
+++ b/roles/web-app-shopware/vars/main.yml
@@ -28,9 +28,12 @@ SHOPWARE_WORKER_ENTRYPOINT:     "{{ applications | get_app_conf(application_id,
 SHOPWARE_SCHED_ENTRYPOINT:      "{{ applications | get_app_conf(application_id, 'docker.services.scheduler.entrypoint') }}"
 SHOPWARE_WORKER_REPLICAS:       "{{ applications | get_app_conf(application_id, 'docker.services.worker.replicas') }}"

-# Search/Cache
+# Redis Cache
 SHOPWARE_REDIS_ENABLED:               "{{ applications | get_app_conf(application_id, 'docker.services.redis.enabled') }}"
 SHOPWARE_REDIS_ADDRESS:               "redis:6379"
+
+# Opensearch
+SHOPWARE_OPENSEARCH_PORT:             "9200"
 SHOPWARE_OPENSEARCH_ENABLED:          "{{ applications | get_app_conf(application_id, 'docker.services.opensearch.enabled') }}"
 SHOPWARE_OPENSEARCH_IMAGE:            "{{ applications | get_app_conf(application_id, 'docker.services.opensearch.image') }}"
 SHOPWARE_OPENSEARCH_VERSION:          "{{ applications | get_app_conf(application_id, 'docker.services.opensearch.version') }}"