From 34547048a15156bf02e34201926e5b09819232e8 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Tue, 13 Jan 2026 15:11:07 +0100 Subject: [PATCH] internal: rework liveness probe and proxy (#19312) Signed-off-by: Jens Langhammer --- internal/web/proxy.go | 6 +++++- internal/web/web.go | 28 ++++++++++++++++------------ 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/internal/web/proxy.go b/internal/web/proxy.go index b8f33267da..9b007e7173 100644 --- a/internal/web/proxy.go +++ b/internal/web/proxy.go @@ -63,7 +63,11 @@ func (ws *WebServer) configureProxy() { rp.ErrorHandler = ws.proxyErrorHandler rp.ModifyResponse = ws.proxyModifyResponse ws.mainRouter.PathPrefix(config.Get().Web.Path).Path("/-/health/live/").HandlerFunc(sentry.SentryNoSample(func(rw http.ResponseWriter, r *http.Request) { - rw.WriteHeader(200) + if ws.upstreamHealthcheck() { + rw.WriteHeader(200) + } else { + rw.WriteHeader(502) + } })) ws.mainRouter.PathPrefix(config.Get().Web.Path).HandlerFunc(sentry.SentryNoSample(func(rw http.ResponseWriter, r *http.Request) { if !ws.g.IsRunning() { diff --git a/internal/web/web.go b/internal/web/web.go index 891ab9d505..3dbcc688b3 100644 --- a/internal/web/web.go +++ b/internal/web/web.go @@ -97,23 +97,27 @@ func NewWebServer() *WebServer { if sp := config.Get().Web.Path; sp != "/" { ws.mainRouter.Path("/").Handler(http.RedirectHandler(sp, http.StatusFound)) } - hcUrl := fmt.Sprintf("%s%s-/health/live/", ws.upstreamURL.String(), config.Get().Web.Path) ws.g = gounicorn.New(func() bool { - req, err := http.NewRequest(http.MethodGet, hcUrl, nil) - if err != nil { - ws.log.WithError(err).Warning("failed to create request for healthcheck") - return false - } - req.Header.Set("User-Agent", "goauthentik.io/router/healthcheck") - res, err := ws.upstreamHttpClient().Do(req) - if err == nil && res.StatusCode >= 200 && res.StatusCode < 300 { - return true - } - return false + return ws.upstreamHealthcheck() }) return ws } +func (ws *WebServer) upstreamHealthcheck() bool { + hcUrl := fmt.Sprintf("%s%s-/health/live/", ws.upstreamURL.String(), config.Get().Web.Path) + req, err := http.NewRequest(http.MethodGet, hcUrl, nil) + if err != nil { + ws.log.WithError(err).Warning("failed to create request for healthcheck") + return false + } + req.Header.Set("User-Agent", "goauthentik.io/router/healthcheck") + res, err := ws.upstreamHttpClient().Do(req) + if err == nil && res.StatusCode >= 200 && res.StatusCode < 300 { + return true + } + return false +} + func (ws *WebServer) prepareKeys() { tmp := os.TempDir() key := base64.StdEncoding.EncodeToString(securecookie.GenerateRandomKey(64))