From 73723b5801f6e45f27abcbab1e1743fc6cc1f1d2 Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Thu, 5 Feb 2026 16:53:04 +0000
Subject: [PATCH] fix: Use web entrypoint and bun-based healthchecks

- Change Traefik entrypoint from websecure to web (Cloudflare terminates TLS)
- Replace curl with bun-based healthcheck (curl not in slim image)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 Dockerfile.encryptid         | 2 +-
 docker-compose.encryptid.yml | 8 +++-----
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/Dockerfile.encryptid b/Dockerfile.encryptid
index 5c73c2b..876a11d 100644
--- a/Dockerfile.encryptid
+++ b/Dockerfile.encryptid
@@ -45,7 +45,7 @@ EXPOSE 3000
 
 # Health check
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost:3000/health || exit 1
+  CMD bun -e "fetch('http://localhost:3000/health').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"
 
 # Start server
 CMD ["bun", "run", "src/encryptid/server.ts"]
diff --git a/docker-compose.encryptid.yml b/docker-compose.encryptid.yml
index ea91b30..1340b5b 100644
--- a/docker-compose.encryptid.yml
+++ b/docker-compose.encryptid.yml
@@ -16,17 +16,15 @@ services:
       # Traefik auto-discovery
       - "traefik.enable=true"
       - "traefik.http.routers.encryptid.rule=Host(`encryptid.jeffemmett.com`)"
-      - "traefik.http.routers.encryptid.entrypoints=websecure"
-      - "traefik.http.routers.encryptid.tls=true"
+      - "traefik.http.routers.encryptid.entrypoints=web"
       - "traefik.http.services.encryptid.loadbalancer.server.port=3000"
       # Also serve from root domain for .well-known
       - "traefik.http.routers.encryptid-wellknown.rule=Host(`jeffemmett.com`) && PathPrefix(`/.well-known/webauthn`)"
-      - "traefik.http.routers.encryptid-wellknown.entrypoints=websecure"
-      - "traefik.http.routers.encryptid-wellknown.tls=true"
+      - "traefik.http.routers.encryptid-wellknown.entrypoints=web"
     networks:
       - traefik-public
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
+      test: ["CMD", "bun", "-e", "fetch('http://localhost:3000/health').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"]
       interval: 30s
       timeout: 10s
       retries: 3