Docker health check on private, non-exposed port

I’m looking to deploy ORY Oathkeeper on Render as a web service, sat in front of HTTP APIs running as private services.

ORY Oathkeeper exposes ports 4455 and 4456. Port 4455 is used as the proxy port; I’ve managed to configure this correctly as the exposed port by setting the “PORT” env var to 4455. Port 4456 is used as an administrative/management API, and should not be exposed publicly under any circumstances (as it has no authentication).

The port 4456 API also has a health check route accessible at “GET /health/ready”. Ideally, I’d like to configure my Docker web service to use this route (":4456/health/ready") as the health check path, without exposing the service on port 4456.

Is this something that’s achievable on Render?

Hey there @lukecarr ,

It’s not possible to change the port that the health check is run against. However, I think you could achieve what you’re trying to do by having the public health check endpoint reach out to the private one and only return a 200 once the private port returns a successful response.