From a3bfa2d77ae71bad4da5fe2789c94575069755a9 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Tue, 15 Jan 2019 14:40:28 +0100
Subject: [PATCH] Changed healthcheck to only ping 1.1.1.1 to check
 connectivity

This is because your VPN public IP might not be the VPN server entrance IP address, resulting in the container being unhealthy most of the time.
---
 Dockerfile         | 7 +++----
 Dockerfile.arm32v6 | 7 +++----
 Dockerfile.arm64v8 | 7 +++----
 healthcheck.sh     | 9 +++++++++
 4 files changed, 18 insertions(+), 12 deletions(-)
 create mode 100644 healthcheck.sh

diff --git a/Dockerfile b/Dockerfile
index dad66b7e..c7aa9043 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,8 +26,7 @@ ENV USER= \
     BLOCK_MALICIOUS=off \
     EXTRA_SUBNETS=
 ENTRYPOINT /entrypoint.sh
-HEALTHCHECK --interval=5m --timeout=5s --start-period=15s --retries=1 \
-            CMD [ "$(grep -o "$(wget -qO- https://diagnostic.opendns.com/myip)" /openvpn/target/config.ovpn)" != "" ] || exit 1
+HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
 RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
     wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \
             https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \
@@ -51,10 +50,10 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab
     tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
     rm -f /tmp/*
 COPY unbound.conf /etc/unbound/unbound.conf
-COPY entrypoint.sh /entrypoint.sh
+COPY entrypoint.sh healthcheck.sh /
 RUN chown nonrootuser -R /etc/unbound && \
     chmod 700 /etc/unbound && \
-    chmod 500 /entrypoint.sh && \
+    chmod 500 /entrypoint.sh healthcheck.sh && \
     chmod 400 \
         /etc/unbound/root.hints \
         /etc/unbound/root.key \
diff --git a/Dockerfile.arm32v6 b/Dockerfile.arm32v6
index 209bbdd9..8afd8518 100644
--- a/Dockerfile.arm32v6
+++ b/Dockerfile.arm32v6
@@ -26,8 +26,7 @@ ENV USER= \
     BLOCK_MALICIOUS=off \
     EXTRA_SUBNETS=
 ENTRYPOINT /entrypoint.sh
-HEALTHCHECK --interval=5m --timeout=5s --start-period=15s --retries=1 \
-            CMD [ "$(grep -o "$(wget -qO- https://diagnostic.opendns.com/myip)" /openvpn/target/config.ovpn)" != "" ] || exit 1
+HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
 RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
     wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \
             https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \
@@ -51,10 +50,10 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab
     tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
     rm -f /tmp/*
 COPY unbound.conf /etc/unbound/unbound.conf
-COPY entrypoint.sh /entrypoint.sh
+COPY entrypoint.sh healthcheck.sh /
 RUN chown nonrootuser -R /etc/unbound && \
     chmod 700 /etc/unbound && \
-    chmod 500 /entrypoint.sh && \
+    chmod 500 /entrypoint.sh healthcheck.sh && \
     chmod 400 \
         /etc/unbound/root.hints \
         /etc/unbound/root.key \
diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8
index 3eca610f..ef4cbbe7 100644
--- a/Dockerfile.arm64v8
+++ b/Dockerfile.arm64v8
@@ -26,8 +26,7 @@ ENV USER= \
     BLOCK_MALICIOUS=off \
     EXTRA_SUBNETS=
 ENTRYPOINT /entrypoint.sh
-HEALTHCHECK --interval=5m --timeout=5s --start-period=15s --retries=1 \
-            CMD [ "$(grep -o "$(wget -qO- https://diagnostic.opendns.com/myip)" /openvpn/target/config.ovpn)" != "" ] || exit 1
+HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /healthcheck.sh
 RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptables unbound unzip && \
     wget -q https://www.privateinternetaccess.com/openvpn/openvpn.zip \
             https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip \
@@ -51,10 +50,10 @@ RUN apk add -q --progress --no-cache --update openvpn wget ca-certificates iptab
     tar -cjf /etc/unbound/blocks-malicious.bz2 blocks-malicious.conf && \
     rm -f /tmp/*
 COPY unbound.conf /etc/unbound/unbound.conf
-COPY entrypoint.sh /entrypoint.sh
+COPY entrypoint.sh healthcheck.sh /
 RUN chown nonrootuser -R /etc/unbound && \
     chmod 700 /etc/unbound && \
-    chmod 500 /entrypoint.sh && \
+    chmod 500 /entrypoint.sh healthcheck.sh && \
     chmod 400 \
         /etc/unbound/root.hints \
         /etc/unbound/root.key \
diff --git a/healthcheck.sh b/healthcheck.sh
new file mode 100644
index 00000000..c736d81e
--- /dev/null
+++ b/healthcheck.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+ping -W 1 -w 1 -q -s 8 1.1.1.1 &> /dev/null
+status=$?
+if [ $status = 0 ]; then
+  exit 0
+fi
+printf "Pinging 1.1.1.1 resulted in error status code $status"
+exit 1
\ No newline at end of file