Detect external DB/Redis via flags; sanitize URLs

Improve entrypoint handling for external services and startup wrappers. entrypoint.sh now more robustly parses REDIS_URL (handles optional :password@host) and masks credentials when printing DATABASE_URL/REDIS_URL. It exports USE_EXTERNAL_POSTGRES and USE_EXTERNAL_REDIS so supervisor wrappers can decide behavior without re-parsing URLs. The temporary PostgreSQL shutdown was moved to after Prisma migrations and a warning was added when pushing schema to an external DB. postgres-start.sh and redis-start.sh were simplified to check the USE_EXTERNAL_* flags and sleep if an external service is configured. Also cleaned up formatting of the PostgreSQL ownership error message.
2026-06-02 20:30:10 +00:00 · 2026-02-12 15:59:09 -05:00
parent a145dc9877
commit 6f0d71ee9b
3 changed files with 58 additions and 78 deletions
@@ -172,8 +172,13 @@ if [ -n "$DATABASE_URL" ]; then
 fi
 if [ -n "$REDIS_URL" ]; then
-    REDIS_HOST=$(echo "$REDIS_URL" | sed -n 's|redis://\([^:@]*@\)\?\([^:/]*\).*|\2|p')
+    # Extract host from REDIS_URL - handles both redis://host:port and redis://:password@host:port
-    if [ "$REDIS_HOST" != "127.0.0.1" ] && [ "$REDIS_HOST" != "localhost" ]; then
+    if echo "$REDIS_URL" | grep -q '@'; then
        REDIS_HOST=$(echo "$REDIS_URL" | sed -n 's|.*@\([^:/]*\).*|\1|p')
    else
        REDIS_HOST=$(echo "$REDIS_URL" | sed -n 's|redis://\([^:/]*\).*|\1|p')
    fi
    if [ -n "$REDIS_HOST" ] && [ "$REDIS_HOST" != "127.0.0.1" ] && [ "$REDIS_HOST" != "localhost" ]; then
        USE_EXTERNAL_REDIS=true
        echo "ℹ️  External Redis detected at $REDIS_HOST"
    fi
@@ -192,33 +197,33 @@ if [ "$USE_EXTERNAL_POSTGRES" = "false" ]; then
    # PostgreSQL directories - owned by postgres user, group accessible
    if ! chown -R postgres:postgres "$PGDATA" /var/run/postgresql 2>/dev/null; then
-    echo ""
+        echo ""
-    echo "❌ ERROR: Failed to set ownership on PostgreSQL directories"
+        echo "❌ ERROR: Failed to set ownership on PostgreSQL directories"
-    echo ""
+        echo ""
-    echo "   This usually happens when using bind mounts on incompatible filesystems."
+        echo "   This usually happens when using bind mounts on incompatible filesystems."
-    echo ""
+        echo ""
-    echo "   Common causes:"
+        echo "   Common causes:"
-    echo "   - WSL2: Project on Windows filesystem (/mnt/c/...)"
+        echo "   - WSL2: Project on Windows filesystem (/mnt/c/...)"
-    echo "   - NFS/CIFS: Mount without proper permission support"
+        echo "   - NFS/CIFS: Mount without proper permission support"
-    echo ""
+        echo ""
-    echo "   Solutions:"
+        echo "   Solutions:"
-    echo ""
+        echo ""
-    echo "   1. Use Docker named volumes (recommended for WSL2):"
+        echo "   1. Use Docker named volumes (recommended for WSL2):"
-    echo "      In docker-compose.yml, change:"
+        echo "      In docker-compose.yml, change:"
-    echo "        - ./pgdata:/var/lib/postgresql/data"
+        echo "        - ./pgdata:/var/lib/postgresql/data"
-    echo "      To:"
+        echo "      To:"
-    echo "        - pgdata:/var/lib/postgresql/data"
+        echo "        - pgdata:/var/lib/postgresql/data"
-    echo "      Then add at bottom:"
+        echo "      Then add at bottom:"
-    echo "        volumes:"
+        echo "        volumes:"
-    echo "          pgdata:"
+        echo "          pgdata:"
-    echo ""
+        echo ""
-    echo "   2. Move project to Linux filesystem (WSL2):"
+        echo "   2. Move project to Linux filesystem (WSL2):"
-    echo "      mkdir -p ~/readmeabook && cd ~/readmeabook"
+        echo "      mkdir -p ~/readmeabook && cd ~/readmeabook"
-    echo "      # Copy docker-compose.yml and restart"
+        echo "      # Copy docker-compose.yml and restart"
-    echo ""
+        echo ""
-    echo "   3. Pre-create directories with correct ownership:"
+        echo "   3. Pre-create directories with correct ownership:"
-    echo "      mkdir -p pgdata redis config cache"
+        echo "      mkdir -p pgdata redis config cache"
-    echo "      # Let Docker create them on first run"
+        echo "      # Let Docker create them on first run"
        echo ""
        exit 1
    fi
@@ -336,9 +341,6 @@ EOF
        echo "✅ Database user and permissions verified"
    fi
    # Stop PostgreSQL (supervisord will start it via wrapper)
    echo "🔧 Stopping temporary PostgreSQL instance..."
    su - postgres -c "/usr/lib/postgresql/16/bin/pg_ctl -D $PGDATA stop -m fast"
 fi
 # ============================================================================
@@ -352,7 +354,7 @@ if [ "$USE_EXTERNAL_POSTGRES" = "false" ]; then
    echo "✅ Using internal PostgreSQL (127.0.0.1:5432)"
 else
    # DATABASE_URL already set by user - do not modify
-    echo "✅ Using external DATABASE_URL: ${DATABASE_URL%%@*}@***"
+    echo "✅ Using external DATABASE_URL: $(echo "$DATABASE_URL" | sed 's|//.*@|//***@|')"
 fi
 if [ "$USE_EXTERNAL_REDIS" = "false" ]; then
@@ -360,7 +362,7 @@ if [ "$USE_EXTERNAL_REDIS" = "false" ]; then
    echo "✅ Using internal Redis (127.0.0.1:6379)"
 else
    # REDIS_URL already set by user - do not modify
-    echo "✅ Using external REDIS_URL: ${REDIS_URL}"
+    echo "✅ Using external REDIS_URL: $(echo "$REDIS_URL" | sed 's|//.*@|//***@|')"
 fi
 export NODE_ENV="production"
@@ -372,6 +374,8 @@ export HOSTNAME="0.0.0.0"
 cat > /etc/environment <<EOF
 DATABASE_URL=$DATABASE_URL
 REDIS_URL=$REDIS_URL
 USE_EXTERNAL_POSTGRES=$USE_EXTERNAL_POSTGRES
 USE_EXTERNAL_REDIS=$USE_EXTERNAL_REDIS
 JWT_SECRET=$JWT_SECRET
 JWT_REFRESH_SECRET=$JWT_REFRESH_SECRET
 CONFIG_ENCRYPTION_KEY=$CONFIG_ENCRYPTION_KEY
@@ -391,10 +395,20 @@ echo "✅ Environment configured"
 # ============================================================================
 # RUN PRISMA MIGRATIONS
 # ============================================================================
 if [ "$USE_EXTERNAL_POSTGRES" = "true" ]; then
    echo "⚠️  Running schema sync against EXTERNAL database - prisma db push --accept-data-loss"
    echo "   This runs on every container start. Ensure your external database is backed up."
 fi
 echo "🔄 Running Prisma migrations..."
 cd /app
 su - node -c "cd /app && DATABASE_URL='$DATABASE_URL' npx prisma db push --skip-generate --accept-data-loss" || echo "⚠️  Migrations may have failed, continuing..."
 # Stop internal PostgreSQL (supervisord will restart it via wrapper)
 if [ "$USE_EXTERNAL_POSTGRES" = "false" ]; then
    echo "🔧 Stopping temporary PostgreSQL instance..."
    su - postgres -c "/usr/lib/postgresql/16/bin/pg_ctl -D $PGDATA stop -m fast"
 fi
 # ============================================================================
 # DISPLAY STARTUP INFO
 # ============================================================================
@@ -1,10 +1,7 @@
 #!/bin/bash
 # PostgreSQL startup wrapper for unified container
-# Smart supervisor: detects external PostgreSQL and sleeps instead of starting local instance
+# Checks USE_EXTERNAL_POSTGRES flag (set by entrypoint) to decide whether
-#
+# to start the local instance or sleep to keep supervisord happy.
 # Behavior:
 # - If DATABASE_URL points to external host (not 127.0.0.1/localhost), sleep infinity
 # - Otherwise, start local PostgreSQL instance
 set -e
@@ -15,25 +12,10 @@ if [ -f /etc/environment ]; then
    set +a
 fi
-echo "[PostgreSQL] Checking for external database configuration..."
+if [ "$USE_EXTERNAL_POSTGRES" = "true" ]; then
-
+    echo "[PostgreSQL] External database configured - skipping local instance"
-# Extract host from DATABASE_URL
+    exec sleep infinity
 # Format: postgresql://user:pass@host:port/db
 if [ -n "$DATABASE_URL" ]; then
    # Extract the host part (between @ and :port or /)
    DB_HOST=$(echo "$DATABASE_URL" | sed -n 's|.*@\([^:/]*\).*|\1|p')
    echo "[PostgreSQL] Detected DATABASE_URL host: $DB_HOST"
    # Check if host is external (not localhost or 127.0.0.1)
    if [ "$DB_HOST" != "127.0.0.1" ] && [ "$DB_HOST" != "localhost" ]; then
        echo "[PostgreSQL] ✅ External PostgreSQL detected at $DB_HOST"
        echo "[PostgreSQL] Skipping local PostgreSQL startup - sleeping to keep supervisord happy"
        exec sleep infinity
    fi
 fi
 echo "[PostgreSQL] Starting local PostgreSQL server..."
 # Start PostgreSQL as postgres user
 exec /usr/lib/postgresql/16/bin/postgres -D /var/lib/postgresql/data
@@ -1,10 +1,7 @@
 #!/bin/bash
 # Redis startup wrapper for unified container
-# Smart supervisor: detects external Redis and sleeps instead of starting local instance
+# Checks USE_EXTERNAL_REDIS flag (set by entrypoint) to decide whether
-#
+# to start the local instance or sleep to keep supervisord happy.
 # Behavior:
 # - If REDIS_URL points to external host (not 127.0.0.1/localhost), sleep infinity
 # - Otherwise, start local Redis instance
 #
 # Uses gosu to ensure correct PUID:PGID for file operations
 #
@@ -21,22 +18,9 @@ if [ -f /etc/environment ]; then
    set +a
 fi
-echo "[Redis] Checking for external Redis configuration..."
+if [ "$USE_EXTERNAL_REDIS" = "true" ]; then
-
+    echo "[Redis] External Redis configured - skipping local instance"
-# Extract host from REDIS_URL
+    exec sleep infinity
 # Format: redis://host:port or redis://:password@host:port
 if [ -n "$REDIS_URL" ]; then
    # Extract the host part (between :// or @, and :port or end)
    REDIS_HOST=$(echo "$REDIS_URL" | sed -n 's|redis://\([^:@]*@\)\?\([^:/]*\).*|\2|p')
    echo "[Redis] Detected REDIS_URL host: $REDIS_HOST"
    # Check if host is external (not localhost or 127.0.0.1)
    if [ "$REDIS_HOST" != "127.0.0.1" ] && [ "$REDIS_HOST" != "localhost" ]; then
        echo "[Redis] ✅ External Redis detected at $REDIS_HOST"
        echo "[Redis] Skipping local Redis startup - sleeping to keep supervisord happy"
        exec sleep infinity
    fi
 fi
 echo "[Redis] Starting local Redis server..."