diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f3d8131..8d7f094 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -872,8 +872,8 @@ jobs: sleep 2 # Give Nginx a moment to fully apply reload ROUTE_STATUS=$(docker run --rm --network api_network \ - curlimages/curl:8.7.1 -s -o /dev/null -w "%{http_code}" \ - --max-time 10 http://nginx/health 2>/dev/null || echo "000") + curlimages/curl:8.7.1 -sk -o /dev/null -w "%{http_code}" \ + --max-time 10 https://nginx/health 2>/dev/null || echo "000") if [ "$ROUTE_STATUS" = "200" ]; then echo "✓ Nginx routing verified via in-network check (HTTP $ROUTE_STATUS)" @@ -990,9 +990,9 @@ jobs: echo "=== Checking /health via VPS (API_HOSTNAME=$API_HOSTNAME) ===" for i in $(seq 1 30); do echo "---- Attempt $i ----" - # Phase 1: in-network (source of truth) + # Phase 1: in-network (source of truth) via HTTPS with -k INNET_BODY=$(docker run --rm --network api_network \ - curlimages/curl:8.7.1 -s --max-time 5 http://nginx/health 2>/dev/null || echo "") + curlimages/curl:8.7.1 -sk --max-time 5 https://nginx/health 2>/dev/null || echo "") if echo "$INNET_BODY" | grep -q '"status":"ok"'; then echo "✓ /health OK via in-network (attempt $i)" exit 0 @@ -1031,9 +1031,9 @@ jobs: echo "=== Final health check via public endpoint (API_HOSTNAME=$API_HOSTNAME) ===" for i in $(seq 1 10); do echo "---- Attempt $i ----" - # Phase 1: in-network (source of truth) + # Phase 1: in-network (source of truth) via HTTPS with -k INNET_BODY=$(docker run --rm --network api_network \ - curlimages/curl:8.7.1 -s --max-time 5 http://nginx/health 2>/dev/null || echo "") + curlimages/curl:8.7.1 -sk --max-time 5 https://nginx/health 2>/dev/null || echo "") if echo "$INNET_BODY" | grep -q '"status":"ok"'; then echo "✓ /health OK via in-network (attempt $i)" exit 0 diff --git a/scripts/deploy-bluegreen.sh b/scripts/deploy-bluegreen.sh index fd494f7..b85354e 100644 --- a/scripts/deploy-bluegreen.sh +++ b/scripts/deploy-bluegreen.sh @@ -274,8 +274,9 @@ _ft_check_external_ready() { # Phase 1 — in-network routing (source of truth). # Hits nginx directly via Docker bridge; validates full nginx→api routing path. + # HTTPS with -k (skip cert) because nginx redirects HTTP to HTTPS. local _p1_body - _p1_body=$(_ft_net_curl_out "nginx" -s --max-time 5 "http://nginx/health" 2>/dev/null || echo "") + _p1_body=$(docker run --rm --network api_network curlimages/curl:8.7.1 -sk --max-time 5 "https://nginx/health" 2>/dev/null || echo "") if echo "$_p1_body" | grep -q '"status":"ok"' 2>/dev/null; then unset _p1_body set -x @@ -999,8 +1000,8 @@ sleep 2 _ft_log "msg='post-switch nginx routing verification (in-network)'" _POST_SWITCH_OK=false for _ps in 1 2 3 4 5; do - if _ft_net_curl "nginx" \ - -sf --max-time 5 "http://nginx/health"; then + if docker run --rm --network api_network curlimages/curl:8.7.1 \ + -sk --max-time 5 "https://nginx/health" >/dev/null 2>&1; then _POST_SWITCH_OK=true break fi @@ -1044,8 +1045,9 @@ _PUB_STATUS="000" # Phase 1 — in-network routing (source of truth for rollback decision). # Validates full nginx→api-:3000 path inside Docker bridge network. +# HTTPS with -k (skip cert) because nginx redirects HTTP to HTTPS. for _attempt in 1 2 3; do - _P1_BODY=$(_ft_net_curl_out "nginx" -s --max-time 10 "http://nginx/ready" 2>/dev/null || echo "") + _P1_BODY=$(docker run --rm --network api_network curlimages/curl:8.7.1 -sk --max-time 10 "https://nginx/ready" 2>/dev/null || echo "") if echo "$_P1_BODY" | grep -q '"status":"ready"' 2>/dev/null; then _PUB_PASSED=true _PUB_STATUS="200-innet"