lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/apps/indeedhub/manifest.yml
archipelago e2a012d086 fix(indeedhub): frontend health = tcp:7777 not http GET / (stops reconcile churn) 
On the loaded .198 the frontend churned (created → "unhealthy" → reconciler
recreates → loop). The http health check fetched / through nginx (SPA +
sub_filter) and false-failed under node load; the reconciler then treated the
frontend as wedged and recreated it. nginx binds 7777 at startup, so a tcp
liveness check passes immediately and stays green under load while still
catching a real "nginx not listening" failure. Generous retries/start_period.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-22 03:39:26 -04:00

105 lines
3.7 KiB
YAML
Raw Blame History

app:
id: indeedhub
name: IndeeHub
version: "1.0.0"
description: Bitcoin documentary streaming platform featuring God Bless Bitcoin and other educational content about Bitcoin, sovereignty, and decentralized technology. Sign in with your Nostr identity.
category: community
# The user-facing launcher (app_id "indeedhub"). Container is named "indeedhub"
# (matches the runtime's per-app references + the live container, so the
# orchestrator adopts it). Its nginx (listen 7777) proxies to the backends by
# their short aliases on indeedhub-net: api:4000, minio:9000, relay:8080.
container_name: indeedhub
container:
image: 146.59.87.168:3000/lfg2025/indeedhub:1.0.0
pull_policy: if-not-present
network: indeedhub-net
dependencies:
- app_id: indeedhub-api
- storage: 1Gi
resources:
memory_limit: 512Mi
disk_limit: 1Gi
security:
# nginx master runs as root and drops workers to the nginx user (uid/gid
# 101) — needs SET{UID,GID}; CHOWN + DAC_OVERRIDE let it own + write the
# proxy cache under the tmpfs /var/cache/nginx. The orchestrator does
# --cap-drop=ALL, so (unlike the legacy `podman run` default caps) these
# must be declared or nginx workers die with "setgid(101) failed".
capabilities: [CHOWN, DAC_OVERRIDE, SETGID, SETUID]
readonly_root: false
network_policy: isolated
ports:
- host: 7778
container: 7777
protocol: tcp # Web UI. Port 7777 on the host is reserved for the Nostr relay.
# Writable scratch the baked nginx needs; matches the legacy installer's
# --tmpfs /run + /var/cache/nginx.
volumes:
- type: tmpfs
target: /run
options: [rw, nosuid, nodev, size=16m]
- type: tmpfs
target: /var/cache/nginx
options: [rw, nosuid, nodev, size=32m]
environment: []
# Defensive + idempotent. The current indeedhub:1.0.0 image already bakes the
# iframe-friendly nginx (X-Frame-Options omitted, nostr-provider.js present +
# <script> injected), so these are mostly no-ops on that tag — but they keep
# the app iframe-loadable + the provider script fresh for any image build that
# predates the bake. copy_from_host pulls /opt/archipelago/web-ui/nostr-provider.js
# (kept current by frontend OTA releases). Replaces the legacy hardcoded
# patch_indeedhub_nostr_provider() Rust hook.
hooks:
post_install:
- exec: ["sed", "-i", "/X-Frame-Options/d", "/etc/nginx/conf.d/default.conf"]
- copy_from_host:
src: "web-ui/nostr-provider.js"
dest: "/usr/share/nginx/html/nostr-provider.js"
- exec: ["sh", "-c", "grep -q nostr-provider /etc/nginx/conf.d/default.conf || sed -i 's#</head>#<script src=\"/nostr-provider.js\"></script></head>#' /etc/nginx/conf.d/default.conf"]
- exec: ["nginx", "-s", "reload"]
# TCP liveness on the nginx port, NOT an http GET of /. nginx binds 7777 at
# startup (before workers), so this passes immediately and stays green under
# load. An http check of / runs the SPA + sub_filter and false-fails when the
# node is busy → the reconciler then treats the frontend as wedged and
# recreates it in a loop (observed churning the frontend on the loaded .198).
health_check:
type: tcp
endpoint: localhost:7777
interval: 30s
timeout: 5s
retries: 5
start_period: 30s
interfaces:
main:
name: Web UI
description: Stream Bitcoin documentaries with Nostr identity
type: ui
port: 7778
protocol: http
path: /
metadata:
author: Indeehub Team
icon: /assets/img/app-icons/indeedhub.png
website: https://indeedhub.com
repo: https://github.com/indeedhub/indeedhub
license: MIT
tags:
- bitcoin
- documentary
- streaming
- media
- education
- nostr
Reference in New Issue View Git Blame Copy Permalink