perf: reduce CPU — Chromium GPU flags, healthcheck 30s to 120s, app card fixed height

- Chromium kiosk: add --disable-gpu-compositing, --disable-gpu-rasterization, --disable-software-rasterizer, --renderer-process-limit=1 drops GPU process from 64% to 12% CPU - Container healthchecks: 30s to 120s interval in first-boot and reconcile - AppCard: min-height on description so cards dont shift Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 02:42:44 +01:00 · 2026-03-31 02:42:44 +01:00 · 92a429535a
commit 92a429535a
parent e6fe00d61d
4 changed files with 57 additions and 35 deletions
--- a/image-recipe/configs/archipelago-kiosk-launcher.sh
+++ b/image-recipe/configs/archipelago-kiosk-launcher.sh
@ -26,7 +26,29 @@ unclutter -idle 3 -root &

 # Run Chromium as archipelago user in a restart loop
 while true; do
-    sudo -u archipelago env DISPLAY=:0 HOME=/home/archipelago chromium --kiosk       --app=http://localhost/kiosk       --noerrdialogs       --disable-infobars       --disable-translate       --no-first-run       --check-for-update-interval=31536000       --disable-features=TranslateUI       --disable-session-crashed-bubble       --disable-save-password-bubble       --disable-suggestions-service       --disable-component-update       --disable-gpu       --user-data-dir=/home/archipelago/.config/chromium-kiosk
+    sudo -u archipelago env DISPLAY=:0 HOME=/home/archipelago chromium --kiosk \
+      --app=http://localhost/kiosk \
+      --noerrdialogs \
+      --disable-infobars \
+      --disable-translate \
+      --no-first-run \
+      --check-for-update-interval=31536000 \
+      --disable-features=TranslateUI \
+      --disable-session-crashed-bubble \
+      --disable-save-password-bubble \
+      --disable-suggestions-service \
+      --disable-component-update \
+      --disable-gpu \
+      --disable-gpu-compositing \
+      --disable-gpu-rasterization \
+      --disable-software-rasterizer \
+      --num-raster-threads=1 \
+      --renderer-process-limit=1 \
+      --disable-background-networking \
+      --disable-background-timer-throttling \
+      --disable-backgrounding-occluded-windows \
+      --js-flags="--max-old-space-size=128" \
+      --user-data-dir=/home/archipelago/.config/chromium-kiosk
    sleep 3
 done

--- a/neode-ui/src/views/apps/AppCard.vue
+++ b/neode-ui/src/views/apps/AppCard.vue
@ -77,7 +77,7 @@
      </div>
    </div>

-    <p class="text-white/70 text-sm mt-3 mb-3 line-clamp-2">
+    <p class="text-white/70 text-sm mt-3 mb-3 line-clamp-2 min-h-[2.5rem]">
      {{ description }}
    </p>

--- a/scripts/first-boot-containers.sh
+++ b/scripts/first-boot-containers.sh
@ -274,7 +274,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -qE 'bitcoin-knots|arch
    log "  Large disk (${DISK_GB}GB) — enabling txindex"
  fi
  if $DOCKER run -d --name bitcoin-knots --restart unless-stopped \
-    --health-cmd="bitcoin-cli -rpcuser=\$BITCOIN_RPC_USER -rpcpassword=\$BITCOIN_RPC_PASS getblockchaininfo || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="bitcoin-cli -rpcuser=\$BITCOIN_RPC_USER -rpcpassword=\$BITCOIN_RPC_PASS getblockchaininfo || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit bitcoin-knots) --network archy-net \
    --cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
    --security-opt no-new-privileges:true \
@ -316,7 +316,7 @@ if ! $DOCKER ps -a --format '{{.Names}}' 2>/dev/null | grep -qE 'archy-mempool-d
  log "Creating mysql-mempool..."
  mkdir -p /var/lib/archipelago/mysql-mempool
  $DOCKER run -d --name archy-mempool-db --restart unless-stopped \
-    --health-cmd="mariadb -uroot -e 'SELECT 1' || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="mariadb -uroot -e 'SELECT 1' || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit archy-mempool-db) --network archy-net \
    -v /var/lib/archipelago/mysql-mempool:/var/lib/mysql \
    -e MYSQL_DATABASE=mempool -e MYSQL_USER=mempool -e "MYSQL_PASSWORD=$MEMPOOL_DB_PASS" \
@ -336,7 +336,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q electrumx; then
    log "Creating electrumx..."
    mkdir -p /var/lib/archipelago/electrumx
    $DOCKER run -d --name electrumx --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:8000/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:8000/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      --memory=$(mem_limit electrumx) --network archy-net \
      -p 50001:50001 -v /var/lib/archipelago/electrumx:/data \
      -e "DAEMON_URL=http://$BITCOIN_RPC_USER:$BITCOIN_RPC_PASS@bitcoin-knots:8332/" \
@ -351,7 +351,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q mempool-api; then
  log "Creating mempool-api..."
  mkdir -p /var/lib/archipelago/mempool
  $DOCKER run -d --name mempool-api --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:8999/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:8999/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit mempool-api) --network archy-net \
    -p 8999:8999 -v /var/lib/archipelago/mempool:/data \
    -e MEMPOOL_BACKEND=electrum -e ELECTRUM_HOST=electrumx -e ELECTRUM_PORT=50001 \
@ -366,7 +366,7 @@ track_container "mempool-api"
 if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -qE 'archy-mempool-web|mempool-web'; then
  log "Creating mempool frontend..."
  $DOCKER run -d --name archy-mempool-web --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:8080/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:8080/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit archy-mempool-web) --network archy-net \
    -p 4080:8080 -e FRONTEND_HTTP_PORT=8080 -e BACKEND_MAINNET_HTTP_HOST=mempool-api \
    "$MEMPOOL_WEB_IMAGE" 2>>"$LOG" || true
@ -378,16 +378,16 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q electrs-ui; then
  if $DOCKER images --format '{{.Repository}}:{{.Tag}}' 2>/dev/null | grep -q 'electrs-ui'; then
    log "Starting ElectrumX UI from pre-built image..."
    $DOCKER run -d --name archy-electrs-ui --network host --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      localhost/electrs-ui:local 2>>"$LOG" || \
    $DOCKER run -d --name archy-electrs-ui --network host --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      electrs-ui:local 2>>"$LOG" || true
  elif [ -d /opt/archipelago/docker/electrs-ui ]; then
    log "Building and starting ElectrumX UI from source..."
    $DOCKER build -t electrs-ui:local /opt/archipelago/docker/electrs-ui 2>>"$LOG" && \
    $DOCKER run -d --name archy-electrs-ui --network host --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      electrs-ui:local 2>>"$LOG" || true
  else
    log "ElectrumX UI: no image or source found, skipping"
@ -399,7 +399,7 @@ if ! $DOCKER ps -a --format '{{.Names}}' 2>/dev/null | grep -qE 'archy-btcpay-db
  log "Creating PostgreSQL for BTCPay..."
  mkdir -p /var/lib/archipelago/postgres-btcpay
  $DOCKER run -d --name archy-btcpay-db --restart unless-stopped \
-    --health-cmd="pg_isready -U postgres || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="pg_isready -U postgres || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit archy-btcpay-db) --network archy-net \
    -v /var/lib/archipelago/postgres-btcpay:/var/lib/postgresql/data \
    -e POSTGRES_DB=btcpay -e POSTGRES_USER=btcpay -e "POSTGRES_PASSWORD=$BTCPAY_DB_PASS" \
@ -420,7 +420,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q archy-nbxplorer; the
    log "Creating NBXplorer..."
    mkdir -p /var/lib/archipelago/nbxplorer
    $DOCKER run -d --name archy-nbxplorer --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:32838/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:32838/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      --memory=$(mem_limit archy-nbxplorer) --network archy-net \
      -p 32838:32838 -v /var/lib/archipelago/nbxplorer:/data \
      -e NBXPLORER_DATADIR=/data -e NBXPLORER_NETWORK=mainnet -e NBXPLORER_CHAINS=btc \
@ -436,7 +436,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q btcpay-server; then
  log "Creating BTCPay Server..."
  mkdir -p /var/lib/archipelago/btcpay
  $DOCKER run -d --name btcpay-server --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:49392/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:49392/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit btcpay-server) --network archy-net \
    --cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
    --security-opt no-new-privileges:true \
@ -489,7 +489,7 @@ LNDCONF
    log "LND config created (rpcauth credentials, Tor via system)"
  fi
  $DOCKER run -d --name lnd --restart unless-stopped \
-    --health-cmd="curl -sf --insecure https://localhost:8080/v1/getinfo || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf --insecure https://localhost:8080/v1/getinfo || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit lnd) --network archy-net \
    --cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
    --security-opt no-new-privileges:true \
@ -504,7 +504,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q fedimint; then
  log "Creating Fedimint..."
  mkdir -p /var/lib/archipelago/fedimint
  $DOCKER run -d --name fedimint --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:8174/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:8174/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit fedimint) --network archy-net \
    --cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
    --security-opt no-new-privileges:true \
@ -529,7 +529,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q fedimint-gateway; th
  if $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q '^lnd$' && [ -f "$LND_CERT" ] && [ -f "$LND_MACAROON" ]; then
    log "  LND detected — using lnd mode"
    $DOCKER run -d --name fedimint-gateway --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:8175/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:8175/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      --memory=$(mem_limit fedimint-gateway) --network archy-net \
      --cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
      --security-opt no-new-privileges:true \
@ -546,7 +546,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q fedimint-gateway; th
  else
    log "  No LND found — using ldk (built-in Lightning)"
    $DOCKER run -d --name fedimint-gateway --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:8175/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:8175/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      --memory=$(mem_limit fedimint-gateway) --network archy-net \
      --cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
      --security-opt no-new-privileges:true \
@ -575,7 +575,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -qE 'homeassistant|home
  log "Creating Home Assistant..."
  mkdir -p /var/lib/archipelago/home-assistant
  $DOCKER run -d --name homeassistant --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:8123/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:8123/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit homeassistant) \
    --cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
    --security-opt no-new-privileges:true \
@ -591,7 +591,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q grafana; then
  mkdir -p /var/lib/archipelago/grafana
  chown 472:472 /var/lib/archipelago/grafana 2>/dev/null || true
  $DOCKER run -d --name grafana --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:3000/api/health || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:3000/api/health || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit grafana) \
    --cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID \
    --security-opt no-new-privileges:true \
@ -605,7 +605,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q uptime-kuma; then
  log "Creating Uptime Kuma..."
  mkdir -p /var/lib/archipelago/uptime-kuma
  $DOCKER run -d --name uptime-kuma --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:3001/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:3001/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit uptime-kuma) \
    --cap-drop ALL --cap-add CHOWN --cap-add FOWNER --cap-add SETUID --cap-add SETGID \
    --security-opt no-new-privileges:true \
@ -618,7 +618,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q jellyfin; then
  log "Creating Jellyfin..."
  mkdir -p /var/lib/archipelago/jellyfin/config /var/lib/archipelago/jellyfin/cache
  $DOCKER run -d --name jellyfin --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:8096/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:8096/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit jellyfin) \
    --cap-drop ALL --security-opt no-new-privileges:true \
    -p 8096:8096 \
@ -631,7 +631,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q photoprism; then
  log "Creating PhotoPrism..."
  mkdir -p /var/lib/archipelago/photoprism
  $DOCKER run -d --name photoprism --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:2342/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:2342/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit photoprism) \
    --cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID \
    --security-opt no-new-privileges:true \
@ -644,7 +644,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q ollama; then
  log "Creating Ollama..."
  mkdir -p /var/lib/archipelago/ollama
  $DOCKER run -d --name ollama --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:11434/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:11434/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit ollama) \
    --cap-drop ALL --security-opt no-new-privileges:true \
    --read-only --tmpfs /tmp:rw,noexec,nosuid,size=256m --tmpfs /run:rw,noexec,nosuid,size=64m \
@ -656,7 +656,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q vaultwarden; then
  log "Creating Vaultwarden..."
  mkdir -p /var/lib/archipelago/vaultwarden
  $DOCKER run -d --name vaultwarden --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit vaultwarden) \
    --cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add NET_BIND_SERVICE \
    --security-opt no-new-privileges:true \
@ -668,7 +668,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q nextcloud; then
  log "Creating Nextcloud..."
  mkdir -p /var/lib/archipelago/nextcloud
  $DOCKER run -d --name nextcloud --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit nextcloud) \
    --cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
    --security-opt no-new-privileges:true \
@ -679,7 +679,7 @@ track_container "nextcloud"
 if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q searxng; then
  log "Creating SearXNG..."
  $DOCKER run -d --name searxng --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:8080/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:8080/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit searxng) \
    --cap-drop ALL --security-opt no-new-privileges:true \
    --read-only --tmpfs /tmp:rw,noexec,nosuid,size=256m --tmpfs /run:rw,noexec,nosuid,size=64m \
@ -690,7 +690,7 @@ track_container "searxng"
 if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q onlyoffice; then
  log "Creating OnlyOffice..."
  $DOCKER run -d --name onlyoffice --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit onlyoffice) \
    --cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
    --security-opt no-new-privileges:true \
@ -702,7 +702,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q filebrowser; then
  log "Creating File Browser..."
  mkdir -p /var/lib/archipelago/filebrowser /var/lib/archipelago/filebrowser-data
  $DOCKER run -d --name filebrowser --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit filebrowser) \
    --cap-drop ALL --security-opt no-new-privileges:true \
    --read-only --tmpfs=/tmp:rw,noexec,nosuid,size=256m --tmpfs=/run:rw,noexec,nosuid,size=64m \
@ -717,7 +717,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q nginx-proxy-manager;
  log "Creating Nginx Proxy Manager..."
  mkdir -p /var/lib/archipelago/nginx-proxy-manager/data /var/lib/archipelago/nginx-proxy-manager/letsencrypt
  $DOCKER run -d --name nginx-proxy-manager --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:81/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:81/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit nginx-proxy-manager) \
    --cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add NET_BIND_SERVICE \
    --security-opt no-new-privileges:true \
@ -731,7 +731,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q portainer; then
  log "Creating Portainer..."
  mkdir -p /var/lib/archipelago/portainer
  $DOCKER run -d --name portainer --restart unless-stopped \
-    --health-cmd="curl -sf http://localhost:9000/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="curl -sf http://localhost:9000/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit portainer) \
    --cap-drop ALL --cap-add CHOWN --cap-add SETUID --cap-add SETGID --cap-add DAC_OVERRIDE \
    --security-opt no-new-privileges:true \
@ -746,7 +746,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q tailscale; then
  mkdir -p /var/lib/archipelago/tailscale
  # Tailscale needs NET_ADMIN + NET_RAW + TUN device (no --privileged)
  $DOCKER run -d --name tailscale --restart unless-stopped \
-    --health-cmd="tailscale status || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+    --health-cmd="tailscale status || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
    --memory=$(mem_limit tailscale) \
    --network host \
    --cap-drop=ALL \
@ -770,7 +770,7 @@ if $DOCKER images --format '{{.Repository}}:{{.Tag}}' 2>/dev/null | grep -q 'nos
    log "Creating nostr-rs-relay..."
    mkdir -p /var/lib/archipelago/nostr-rs-relay
    $DOCKER run -d --name nostr-rs-relay --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:8080/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:8080/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      --memory=$(mem_limit nostr-rs-relay) \
      -p 7047:7047 -v /var/lib/archipelago/nostr-rs-relay:/data \
      "${NOSTR_RS_RELAY_IMAGE}" 2>>"$LOG" || true
@ -781,7 +781,7 @@ if $DOCKER images --format '{{.Repository}}:{{.Tag}}' 2>/dev/null | grep -q 'str
    log "Creating strfry..."
    mkdir -p /var/lib/archipelago/strfry
    $DOCKER run -d --name strfry --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:7777/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:7777/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      --memory=$(mem_limit strfry) \
      -p 7777:7777 -v /var/lib/archipelago/strfry:/data \
      "${STRFRY_IMAGE}" 2>>"$LOG" || true
@ -801,7 +801,7 @@ if ! $DOCKER ps --format '{{.Names}}' 2>/dev/null | grep -q indeedhub; then
  if [ -n "$INDEEDHUB_IMAGE" ]; then
    log "Creating Indeehub from $INDEEDHUB_IMAGE..."
    $DOCKER run -d --name indeedhub --restart unless-stopped \
-      --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 \
+      --health-cmd="curl -sf http://localhost:80/ || exit 1" --health-interval=120s --health-timeout=5s --health-retries=3 \
      --memory=$(mem_limit indeedhub) \
      --cap-drop ALL --security-opt no-new-privileges:true \
      --read-only --tmpfs /tmp:rw,noexec,nosuid,size=64m --tmpfs /app/.next/cache:rw,noexec,nosuid,size=128m \
--- a/scripts/reconcile-containers.sh
+++ b/scripts/reconcile-containers.sh
@ -156,7 +156,7 @@ build_run_cmd() {

  # Health check
  if [ -n "$SPEC_HEALTH_CMD" ]; then
-    cmd+=" --health-cmd=\"$SPEC_HEALTH_CMD\" --health-interval=30s --health-timeout=5s --health-retries=3"
+    cmd+=" --health-cmd=\"$SPEC_HEALTH_CMD\" --health-interval=120s --health-timeout=10s --health-retries=3"
  fi

  # Ports