Docker health check on private, non-exposed port

lukecarr · June 24, 2021, 6:38pm

I’m looking to deploy ORY Oathkeeper on Render as a web service, sat in front of HTTP APIs running as private services.

ORY Oathkeeper exposes ports 4455 and 4456. Port 4455 is used as the proxy port; I’ve managed to configure this correctly as the exposed port by setting the “PORT” env var to 4455. Port 4456 is used as an administrative/management API, and should not be exposed publicly under any circumstances (as it has no authentication).

The port 4456 API also has a health check route accessible at “GET /health/ready”. Ideally, I’d like to configure my Docker web service to use this route (":4456/health/ready") as the health check path, without exposing the service on port 4456.

Is this something that’s achievable on Render?

danielle · June 25, 2021, 8:57pm

Hey there @lukecarr ,

It’s not possible to change the port that the health check is run against. However, I think you could achieve what you’re trying to do by having the public health check endpoint reach out to the private one and only return a 200 once the private port returns a successful response.

Topic		Replies	Views
Health endpoint for private services	3	725	March 1, 2022
Private network downtime during deploy	4	300	July 21, 2023
Health check for Docker container not running gunicorn, nginx	3	1187	September 4, 2022
How ports and https are handled for Docker deploy	7	16074	July 10, 2021
Add Health checks to Private and Workers	2	341	February 20, 2024

Docker health check on private, non-exposed port

Related topics