diff --git a/Dockerfile b/Dockerfile index dad66b7e..c7aa9043 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,8 +26,7 @@ ENV USER= \ BLOCK_MALICIOUS=off \ EXTRA_SUBNETS= ENTRYPOINT /entrypoint.sh -HEALTHCHECK --interval=5m --timeout=5s --start-period=15s --retries=1 \ - CMD [ "$(grep -o "$(wget -qO- https://diagnostic.opendns.com/myip)" /openvpn/target/config.ovpn)" != "" ] || exit 1 +HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \ wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \ https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \ @@ -51,10 +50,10 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \ rm -f /tmp/* COPY unbound.conf /etc/unbound/unbound.conf -COPY entrypoint.sh /entrypoint.sh +COPY entrypoint.sh healthcheck.sh / RUN chown nonrootuser -R /etc/unbound && \ chmod 700 /etc/unbound && \ - chmod 500 /entrypoint.sh && \ + chmod 500 /entrypoint.sh healthcheck.sh && \ chmod 400 \ /etc/unbound/root.hints \ /etc/unbound/root.key \ diff --git a/Dockerfile.arm32v6 b/Dockerfile.arm32v6 index 209bbdd9..8afd8518 100644 --- a/Dockerfile.arm32v6 +++ b/Dockerfile.arm32v6 @@ -26,8 +26,7 @@ ENV USER= \ BLOCK_MALICIOUS=off \ EXTRA_SUBNETS= ENTRYPOINT /entrypoint.sh -HEALTHCHECK --interval=5m --timeout=5s --start-period=15s --retries=1 \ - CMD [ "$(grep -o "$(wget -qO- https://diagnostic.opendns.com/myip)" /openvpn/target/config.ovpn)" != "" ] || exit 1 +HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \ wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \ https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \ @@ -51,10 +50,10 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \ rm -f /tmp/* COPY unbound.conf /etc/unbound/unbound.conf -COPY entrypoint.sh /entrypoint.sh +COPY entrypoint.sh healthcheck.sh / RUN chown nonrootuser -R /etc/unbound && \ chmod 700 /etc/unbound && \ - chmod 500 /entrypoint.sh && \ + chmod 500 /entrypoint.sh healthcheck.sh && \ chmod 400 \ /etc/unbound/root.hints \ /etc/unbound/root.key \ diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 index 3eca610f..ef4cbbe7 100644 --- a/Dockerfile.arm64v8 +++ b/Dockerfile.arm64v8 @@ -26,8 +26,7 @@ ENV USER= \ BLOCK_MALICIOUS=off \ EXTRA_SUBNETS= ENTRYPOINT /entrypoint.sh -HEALTHCHECK --interval=5m --timeout=5s --start-period=15s --retries=1 \ - CMD [ "$(grep -o "$(wget -qO- https://diagnostic.opendns.com/myip)" /openvpn/target/config.ovpn)" != "" ] || exit 1 +HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \ wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \ https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \ @@ -51,10 +50,10 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \ rm -f /tmp/* COPY unbound.conf /etc/unbound/unbound.conf -COPY entrypoint.sh /entrypoint.sh +COPY entrypoint.sh healthcheck.sh / RUN chown nonrootuser -R /etc/unbound && \ chmod 700 /etc/unbound && \ - chmod 500 /entrypoint.sh && \ + chmod 500 /entrypoint.sh healthcheck.sh && \ chmod 400 \ /etc/unbound/root.hints \ /etc/unbound/root.key \ diff --git a/healthcheck.sh b/healthcheck.sh new file mode 100644 index 00000000..c736d81e --- /dev/null +++ b/healthcheck.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +ping -W 1 -w 1 -q -s 8 1.1.1.1 &> /dev/null +status=$? +if [ $status = 0 ]; then + exit 0 +fi +printf "Pinging 1.1.1.1 resulted in error status code $status" +exit 1 \ No newline at end of file