Skip to content

Stopped logging Docker healthcheck pings in dev#28981

Draft
9larsons wants to merge 1 commit into
mainfrom
skip-healthcheck-log
Draft

Stopped logging Docker healthcheck pings in dev#28981
9larsons wants to merge 1 commit into
mainfrom
skip-healthcheck-log

Conversation

@9larsons

Copy link
Copy Markdown
Contributor

Summary

  • Filtered Docker's healthcheck pings out of Ghost's request log so steady-state pnpm dev access logs only show real traffic.
  • Two changes:
    • compose.dev.yaml: ghost-dev healthcheck now sends User-Agent: GhostDockerHealthcheck/1.0 (Node's global fetch defaults to User-Agent: node, too generic to filter on safely).
    • ghost/core/core/server/web/parent/middleware/log-request.js: when the UA matches that exact string, skip both response listeners and next() immediately.

Why

The ghost-dev container runs a healthcheck against GET / every 30s. In steady-state dev that's the dominant access-log line — ~120 INFO "GET /" 200 ... entries per hour that bury real HTTP traffic when you're trying to see what the admin / portal / a curl is actually doing.

Verification

  • New unit test (test/unit/server/web/parent/middleware/log-request.test.js) covers four paths via supertest: normal request logged, exact healthcheck UA skipped, near-miss UA (GhostDockerHealthcheck/2.0) still logged, generic node UA still logged. 4/4 passing.
  • Lint clean on both touched files.
  • Skipped end-to-end docker verification: another worktree owned the running ghost-dev stack and I didn't want to clobber an active session. To verify manually after merge:
    1. pnpm dev:daemon from a fresh shell, wait 90s.
    2. docker logs ghost-dev --since 90s | grep "GET /" — should have no healthcheck lines.
    3. curl -A "GhostDockerHealthcheck/1.0" http://localhost:2368/ — should NOT appear in the log.
    4. curl http://localhost:2368/ — should appear in the log.

Test plan

  • pnpm dev:daemon, wait 90s, confirm docker logs ghost-dev | grep "GET /" has no healthcheck lines.
  • Manual probes with the two UAs above behave as expected.
no ref

- the ghost-dev container's healthcheck runs every 30s, producing ~120 access-log lines/hour that buried real HTTP traffic in dev
- gave the compose healthcheck a distinctive UA (GhostDockerHealthcheck/1.0) and filtered it in the request-log middleware
- node's global fetch defaults to 'User-Agent: node', too generic to filter on safely, so a custom UA was required
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

The Docker healthcheck command in compose.dev.yaml is updated to send a custom user-agent header (GhostDockerHealthcheck/1.0) with its fetch request. The log-request middleware gains a HEALTHCHECK_USER_AGENT constant and an early-exit guard that calls next() immediately—bypassing all timing and logging setup—when the incoming request's user-agent exactly matches that value. A new unit test file validates logging behavior for the exact healthcheck UA, similar but non-matching UAs, and other common UAs.

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly states the main change: Docker healthcheck pings are no longer logged in dev.
Description check ✅ Passed The description matches the changeset and explains the logging filter, healthcheck UA, and test coverage.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch skip-healthcheck-log

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@nx-cloud

nx-cloud Bot commented Jun 29, 2026

Copy link
Copy Markdown

🤖 Nx Cloud AI Fix

Ensure the fix-ci command is configured to always run in your CI pipeline to get automatic fixes in future runs. For more information, please see https://nx.dev/ci/features/self-healing-ci


View your CI Pipeline Execution ↗ for commit eef8bfe

Command Status Duration Result
nx run ghost:test:ci:integration ✅ Succeeded 2m 38s View ↗
nx run ghost:test:integration ✅ Succeeded 2m 34s View ↗
nx run ghost:test:legacy ✅ Succeeded 2m 52s View ↗
nx run ghost:test:e2e ✅ Succeeded 2m 19s View ↗
nx run-many --target=build --projects=tag:publi... ✅ Succeeded 2s View ↗
nx run-many -t test:unit -p ghost ✅ Succeeded 23s View ↗
nx run-many -t lint -p ghost-monorepo,ghost ✅ Succeeded 27s View ↗
nx run @tryghost/admin:build ✅ Succeeded 5s View ↗
Additional runs (2) ✅ Succeeded ... View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗


☁️ Nx Cloud last updated this comment at 2026-06-29 23:43:25 UTC

@9larsons 9larsons marked this pull request as ready for review June 30, 2026 00:47

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ghost/core/core/server/web/parent/middleware/log-request.js`:
- Around line 3-4: The log bypass keyed off HEALTHCHECK_USER_AGENT in
log-request.js is currently global, so spoofed User-Agent values can suppress
logs outside development; update the middleware to only skip logging when the
environment is development (for example by checking the existing dev flag/config
in the same request path) and keep normal logging for all other environments.
Use the existing HEALTHCHECK_USER_AGENT constant and the log-request middleware
entrypoint to scope the bypass, and add a regression test that verifies the
non-development case still logs even when the healthcheck user agent is present.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: beae98c2-0a38-4b14-ae57-768516890f4a

📥 Commits

Reviewing files that changed from the base of the PR and between 5734a5d and eef8bfe.

📒 Files selected for processing (3)
  • compose.dev.yaml
  • ghost/core/core/server/web/parent/middleware/log-request.js
  • ghost/core/test/unit/server/web/parent/middleware/log-request.test.js
Comment on lines +3 to +4
const HEALTHCHECK_USER_AGENT = 'GhostDockerHealthcheck/1.0';

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Scope the log bypass to development only.

This middleware runs outside Docker dev too, so a client can suppress access/error logs anywhere by spoofing User-Agent: GhostDockerHealthcheck/1.0. The compose change is dev-only, but this skip is global.

Suggested fix
 module.exports = function logRequest(req, res, next) {
-    if (req.headers['user-agent'] === HEALTHCHECK_USER_AGENT) {
+    if (process.env.NODE_ENV === 'development' && req.headers['user-agent'] === HEALTHCHECK_USER_AGENT) {
         return next();
     }

Please also add a regression test for the non-development case.

Also applies to: 13-15

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ghost/core/core/server/web/parent/middleware/log-request.js` around lines 3 -
4, The log bypass keyed off HEALTHCHECK_USER_AGENT in log-request.js is
currently global, so spoofed User-Agent values can suppress logs outside
development; update the middleware to only skip logging when the environment is
development (for example by checking the existing dev flag/config in the same
request path) and keep normal logging for all other environments. Use the
existing HEALTHCHECK_USER_AGENT constant and the log-request middleware
entrypoint to scope the bypass, and add a regression test that verifies the
non-development case still logs even when the healthcheck user agent is present.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant