Exposing metrics endpoint from Docker container

[ElectricWeasel]

Current design for entrypoint in Docker image rely on unix socket as a control interface, but that limit an access to metrics as well. Without heavy rework on pkg/docker/docker-entrypoint.sh is not possible to query for Unit performance from outside i.e. writing check for DataDog Agent.
As intermediate solution rewrite docker-entrypoint.sh to allow optionally TCP control socket (leaving securing it to end user) could resolve my problem. Eventually listening on two interfaces simultaneously TCP/UNIX?

Permanent solution mentioned in:
#1315
#1319 (comment)

Regards
Rafał

[avahahn]

Hello Rafal!

If you use the unitctl cli to start a new instance similarly to this:

unitctl instances new 127.0.0.1:<port> <path to application> <unit docker image tag>

You will end up with a docker container of your choosing serving unit's control API on a port of your choosing. Your application will also be mounted at /www in the resulting container.

For more information on unitctl see the unitctl readme and our releases page.

Does this work for your use case?

[ElectricWeasel]

Hi Ava!

We are using Unit Docker image as drop-in replacement for php_fpm in Docker Swarm stack. I need bunch of variables, mounts and docker-compose services as well so isn't realistic to use unitctl for deployment. I think rewriting entrypoint script to allow optionally use curl on tcp control socket will be enough.

Regards
Rafał

[callahad]

We should be able to make that happen - also happy to review a pull request if you have spare cycles before we do :)

[javorszky]

You can already achieve this by overwriting the command in the docker compose definition for the service. In one of my compose files I use this:

services:
  unitwasm:
    image: unit:1.33.0-wasm
    command: ["unitd", "--no-daemon", "--control", "0.0.0.0:5993"]
    ports:
      - '5993:5993'
    volumes:

Bear in mind that using 0.0.0.0 for control socket might be potentially unsafe, so take care of binding the daemon to the correct / appropriate IP address and port number. In docker desktop you can check what is configured if you go to Settings -> Resources -> Network, and you should see an IP address and bitmask combo there:

Let me know if you have further questions!

[ElectricWeasel]

Works as a charm! I got under impression that curl from entrypoint won't work with changed control socket but obviously I was wrong - final bash exec "$@" is called at last as executed command with all passed parameters...

Regards
Rafał