Add custom Nginx entrypoint to wait for Wazuh upstreams before start #2050
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
|
Hello I reviewed your pull request, and we're not currently planning any changes to the Nginx configuration we deployed. However, I tested the script, and it's generating errors. When starting the Wazuh stack, the Nginx container generates the following log and end the execution: WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Get:1 http://deb.debian.org/debian trixie InRelease [140 kB]
Get:2 http://deb.debian.org/debian trixie-updates InRelease [47.3 kB]
Get:3 http://deb.debian.org/debian-security trixie-security InRelease [43.4 kB]
Get:4 http://deb.debian.org/debian trixie/main amd64 Packages [9670 kB]
Get:5 http://deb.debian.org/debian trixie-updates/main amd64 Packages [5412 B]
Get:6 http://deb.debian.org/debian-security trixie-security/main amd64 Packages [93.7 kB]
Fetched 10.0 MB in 5s (2212 kB/s)
Reading package lists...
Building dependency tree...
Reading state information...
All packages are up to date.
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
Installing:
netcat-openbsd
Summary:
Upgrading: 0, Installing: 1, Removing: 0, Not Upgrading: 0
Download size: 42.5 kB
Space needed: 112 kB / 81.6 GB available
Get:1 http://deb.debian.org/debian trixie/main amd64 netcat-openbsd amd64 1.229-1 [42.5 kB]
debconf: unable to initialize frontend: Dialog
debconf: (TERM is not set, so the dialog frontend is not usable.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC entries checked: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.40.1 /usr/local/share/perl/5.40.1 /usr/lib/x86_64-linux-gnu/perl5/5.40 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.40 /usr/share/perl/5.40 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 8, <STDIN> line 1.)
debconf: falling back to frontend: Teletype
debconf: unable to initialize frontend: Teletype
debconf: (This frontend requires a controlling tty.)
debconf: falling back to frontend: Noninteractive
Fetched 42.5 kB in 0s (104 kB/s)
Selecting previously unselected package netcat-openbsd.
(Reading database ... 6699 files and directories currently installed.)
Preparing to unpack .../netcat-openbsd_1.229-1_amd64.deb ...
Unpacking netcat-openbsd (1.229-1) ...
Setting up netcat-openbsd (1.229-1) ...
update-alternatives: using /bin/nc.openbsd to provide /bin/nc (nc) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/man1/nc.1.gz because associated file /usr/share/man/man1/nc_openbsd.1.gz (of link group nc) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/netcat.1.gz because associated file /usr/share/man/man1/nc_openbsd.1.gz (of link group nc) doesn't existIf you want to add this functionality to your deployment, it's recommended that you create your custom image with those changes and add it to your deployment. Thank you very much for your work. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces a custom Nginx startup script that ensures Wazuh upstream nodes are reachable before Nginx begins serving traffic.
The change improves reliability during multi-node deployments, avoiding potential startup race conditions between Nginx and Wazuh services.
Changes
Added
nginx-entrypoint-check.shscript:Waits for connectivity to:
wazuh-master:1514wazuh-worker:1514Starts Nginx only after both are reachable.
Updated multi-node/docker-compose.yml:
Mounted the script into the Nginx container.
Added runtime installation of netcat-openbsd (required for network checks).
Adjusted container command to execute the custom entrypoint.
Future Improvements
I can move the netcat-openbsd installation to a build-time step in a custom Nginx image for faster and more deterministic startup. Additionally, replacing apt update at runtime with a prebuilt image for production use.