diff --git a/backend/Dockerfile b/backend/Dockerfile index 964cbb9..fd4f87c 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -10,7 +10,8 @@ RUN apt-get update \ # exact crate versions CI tested. Without Cargo.lock + the flag, cargo # would silently resolve fresh on every image build. COPY Cargo.toml Cargo.lock ./ -RUN mkdir src && echo "fn main() {}" > src/main.rs && echo "" > src/lib.rs \ +RUN mkdir -p src/bin && echo "fn main() {}" > src/main.rs && echo "" > src/lib.rs \ + && echo "fn main() {}" > src/bin/crawler.rs \ && cargo build --locked --release \ && rm -rf src @@ -18,7 +19,10 @@ COPY src ./src COPY migrations ./migrations RUN touch src/main.rs src/lib.rs && cargo build --locked --release -FROM debian:bookworm-slim +FROM debian:trixie-slim +# Runtime base must match the builder's Debian release: `rust:1-slim` tracks +# trixie (glibc 2.41), so a bookworm runtime (glibc 2.36) can't run the +# binary ("GLIBC_2.39 not found"). Keep these two in lockstep on bumps. # `curl` is for the container HEALTHCHECK; `ca-certificates` is for # outbound HTTPS (crawler covers/pages). RUN apt-get update \ diff --git a/frontend/Dockerfile b/frontend/Dockerfile index dcca067..33f3824 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -24,10 +24,12 @@ COPY --from=builder --chown=node:node /app/package.json ./ USER node EXPOSE 3000 -# Alpine's busybox `wget` is the canonical lightweight HTTP probe. -# `--spider` doesn't follow redirects; `node build` serves a 200 on -# `/` for the homepage so this works without a dedicated /health. +# Alpine's busybox `wget` is the canonical lightweight HTTP probe. Probe +# 127.0.0.1, not `localhost`: musl resolves `localhost` to IPv6 ::1 first, +# but the Node server binds IPv4 0.0.0.0 only, so a localhost probe gets +# "connection refused" and the container is wrongly marked unhealthy. Use a +# GET (`-O /dev/null`) since `node build` serves 200 on `/`. HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ - CMD wget -q --spider http://localhost:3000/ || exit 1 + CMD wget -q -O /dev/null http://127.0.0.1:3000/ || exit 1 CMD ["node", "build"]