A 10s postgresql restart took down transcribe.shadowdao.com-01 for ~17h
because pm2 gave up after 5 fast retries, the entrypoint's trailing
tail -f kept PID 1 alive, and the healthcheck (wget --spider on nginx
port 80) succeeded on the 301-to-https redirect regardless of whether
Node was alive.
Three coordinated fixes to the cnoc image:
- HEALTHCHECK: replace the redirect-passing wget probe with TCP-level
checks on 127.0.0.1:3000 (Node) and :80 (nginx). Tenant-agnostic, no
/ping dependency — catches the exact incident scenario (port 3000
closed when pm2 exits).
- entrypoint.sh: exec pm2 via tini so it becomes PID 1. When pm2
exhausts max_restarts and exits, the container exits and the
unless-stopped restart policy brings it back. Logs are tailed in the
background with -F (logrotate-safe).
- Dockerfile: install tini from EPEL for proper signal forwarding and
zombie reaping of nginx/crond children that reparent to PID 1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Changed healthcheck from hitting Node.js directly on port 3000/ping to
going through Nginx on port 80, ensuring the entire stack is validated.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Changed 'yum groupinstall' to 'dnf group install -y' to match AlmaLinux 9
package manager and ensure non-interactive installation.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add automatic ecosystem.config.js generation from package.json
- Create app directory automatically if missing
- Copy simple-website example when app directory is empty
- Remove redundant default app files from configs/
- Add HAProxy support with proper real IP forwarding
- Configure nginx to trust proxy headers from private networks
- Simplify entrypoint logic - always use /home/$user/app
This makes the container more user-friendly by eliminating the need for
manual PM2 configuration and ensuring the server always has a working app.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove curl from package installation to avoid curl/curl-minimal conflict
- Replace curl with wget in health check and Node.js installation scripts
- wget is already installed and provides same functionality
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
The nginx default.conf is generated dynamically by create-nginx-config.sh
script at runtime, not copied during build.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Dockerfile with AlmaLinux 9 base, Nginx reverse proxy, and PM2
- Support Node.js versions 18, 20, 22 with automated installation
- Implement memory-optimized configuration (256MB minimum, 512MB recommended)
- Add Memcached session storage for development environments
- Create comprehensive documentation (README, USER-GUIDE, MEMORY-GUIDE, CLAUDE.md)
- Include example applications (simple website and REST API)
- Add Gitea CI/CD pipeline for automated multi-version builds
- Provide local development script with helper utilities
- Implement health monitoring, log rotation, and backup systems
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
