From ebf0cef17365851d4f4816caf7b9f51c4c3ca1eb Mon Sep 17 00:00:00 2001 From: Klaus Meyer Date: Wed, 27 May 2026 21:34:37 +0200 Subject: [PATCH 1/3] Use rails default health check mechanism --- Gemfile | 1 - Gemfile.lock | 3 --- config/environments/production.rb | 4 ++-- config/initializers/health_check.rb | 10 ---------- config/routes.rb | 4 +++- 5 files changed, 5 insertions(+), 17 deletions(-) delete mode 100644 config/initializers/health_check.rb diff --git a/Gemfile b/Gemfile index e677d73..a14ab6f 100644 --- a/Gemfile +++ b/Gemfile @@ -69,7 +69,6 @@ gem "devise", "~> 5.0" gem "devise-bootstrap-views", "~> 1.1" gem "kaminari", "~> 1.1" gem "tvdb2", github: "pioz/tvdb2", ref: "e720ffb" -gem "health_check", "~> 3.1" gem "aws-sdk-s3", require: false gem "ruby-vips", "~> 2.3" diff --git a/Gemfile.lock b/Gemfile.lock index f0ab982..211c2ed 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -147,8 +147,6 @@ GEM ffi (1.17.4) globalid (1.3.0) activesupport (>= 6.1) - health_check (3.1.0) - railties (>= 5.0) httparty (0.24.0) csv mini_mime (>= 1.0.0) @@ -381,7 +379,6 @@ DEPENDENCIES devise-bootstrap-views (~> 1.1) dotenv-rails (~> 3.0) factory_bot_rails (~> 6.0) - health_check (~> 3.1) image_processing (~> 2.0) importmap-rails json_spec (~> 1.1) diff --git a/config/environments/production.rb b/config/environments/production.rb index fe0826d..4708e84 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -83,7 +83,7 @@ # "example.com", # Allow requests from example.com # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` # ] - # + # Skip DNS rebinding protection for the default health check endpoint. - # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } + config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end diff --git a/config/initializers/health_check.rb b/config/initializers/health_check.rb deleted file mode 100644 index 5414067..0000000 --- a/config/initializers/health_check.rb +++ /dev/null @@ -1,10 +0,0 @@ -HealthCheck.setup do |config| - config.uri = "health" - config.standard_checks = [] - config.full_checks = [ "database", "migrations", "postgres_write" ] - - config.add_custom_check("postgres_write") do - readonly = ActiveRecord::Base.connection.execute("SELECT pg_is_in_recovery() AS readonly").first.fetch("readonly", false) - readonly ? "Database is in read-only mode" : "" - end -end diff --git a/config/routes.rb b/config/routes.rb index 10b49e5..753ed6c 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,7 +1,9 @@ Rails.application.routes.draw do root to: "home#index" - get :ping, to: ->(env) { [ "200", { "Content-Type" => "text/plain" }, [ "pong" ] ] } + # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500. + # Can be used by load balancers and uptime monitors to verify that the app is live. + get "up" => "rails/health#show", as: :rails_health_check resources :activities, only: [ :index ] From b20f854e398017114c86164ec2bf36c59852b578 Mon Sep 17 00:00:00 2001 From: Klaus Meyer Date: Wed, 27 May 2026 21:35:42 +0200 Subject: [PATCH 2/3] Use rails default Dockerfile & Thruster --- Dockerfile | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 673dc71..a6e5938 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,8 @@ # check=error=true # This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand: -# docker build -t dinnertime . -# docker run -d -p 80:80 -e RAILS_MASTER_KEY= --name dinnertime dinnertime +# docker build -t filamentory_rails . +# docker run -d -p 80:80 -e RAILS_MASTER_KEY= --name filamentory_rails filamentory_rails # For a containerized dev environment, see Dev Containers: https://guides.rubyonrails.org/getting_started_with_devcontainer.html @@ -16,33 +16,33 @@ WORKDIR /rails # Install base packages RUN apt-get update -qq && \ - apt-get install --no-install-recommends -y curl libjemalloc2 libvips postgresql-client && \ - ln -s /usr/lib/$(uname -m)-linux-gnu/libjemalloc.so.2 /usr/local/lib/libjemalloc.so && \ - rm -rf /var/lib/apt/lists /var/cache/apt/archives + apt-get install --no-install-recommends -y curl libjemalloc2 libvips postgresql-client && \ + ln -s /usr/lib/$(uname -m)-linux-gnu/libjemalloc.so.2 /usr/local/lib/libjemalloc.so && \ + rm -rf /var/lib/apt/lists /var/cache/apt/archives # Set production environment variables and enable jemalloc for reduced memory usage and latency. ENV RAILS_ENV="production" \ - BUNDLE_DEPLOYMENT="1" \ - BUNDLE_PATH="/usr/local/bundle" \ - BUNDLE_WITHOUT="development" \ - LD_PRELOAD="/usr/local/lib/libjemalloc.so" + BUNDLE_DEPLOYMENT="1" \ + BUNDLE_PATH="/usr/local/bundle" \ + BUNDLE_WITHOUT="development" \ + LD_PRELOAD="/usr/local/lib/libjemalloc.so" # Throw-away build stage to reduce size of final image FROM base AS build # Install packages needed to build gems RUN apt-get update -qq && \ - apt-get install --no-install-recommends -y build-essential git libpq-dev libyaml-dev pkg-config python-is-python3 && \ - rm -rf /var/lib/apt/lists /var/cache/apt/archives + apt-get install --no-install-recommends -y build-essential git libpq-dev libvips libyaml-dev pkg-config && \ + rm -rf /var/lib/apt/lists /var/cache/apt/archives # Install application gems COPY vendor/* ./vendor/ COPY Gemfile Gemfile.lock ./ RUN bundle install && \ - rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \ - # -j 1 disable parallel compilation to avoid a QEMU bug: https://github.com/rails/bootsnap/issues/495 - bundle exec bootsnap precompile -j 1 --gemfile + rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \ + # -j 1 disable parallel compilation to avoid a QEMU bug: https://github.com/rails/bootsnap/issues/495 + bundle exec bootsnap precompile -j 1 --gemfile # Copy application code COPY . . @@ -54,12 +54,15 @@ RUN bundle exec bootsnap precompile -j 1 app/ lib/ # Precompiling assets for production without requiring secret RAILS_MASTER_KEY RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile + + + # Final stage for app image FROM base # Run and own only the runtime files as a non-root user for security RUN groupadd --system --gid 1000 rails && \ - useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash + useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash USER 1000:1000 # Copy built artifacts: gems, application From a50ec9052bb6e7e52c86f30ec399aeac4ee345f3 Mon Sep 17 00:00:00 2001 From: Klaus Meyer Date: Wed, 27 May 2026 21:43:05 +0200 Subject: [PATCH 3/3] Fix copy & paste leftover --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a6e5938..d02faee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,8 @@ # check=error=true # This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand: -# docker build -t filamentory_rails . -# docker run -d -p 80:80 -e RAILS_MASTER_KEY= --name filamentory_rails filamentory_rails +# docker build -t whatchy_rails . +# docker run -d -p 80:80 -e RAILS_MASTER_KEY= --name whatchy_rails whatchy_rails # For a containerized dev environment, see Dev Containers: https://guides.rubyonrails.org/getting_started_with_devcontainer.html