Nginx health check - port 80 or 443?

1. What is the issue? Please be detailed.
I'm using ODK Central v1.5.3, self-hosted.

In docker-compose.yml the nginx container is configured to run a health check by checking for a running service on port 80. In my testing, this never reports as healthy.

This appears to be due to the fact that nginx is configured to listen only on port 443. I have changed my local configuration so that the health check becomes:

      test: [ "CMD-SHELL", "nc -z localhost 443 || exit 1" ]

A similar issue was reported in this ticket Need help on to confirm manual changes in docker-compose.yml file for nginx healthcheck command. I don't know if this was the same issue at the time, but if so, it may have the same explanation.

2. What steps can we take to reproduce this issue?
Start an odk project. Check the health of the nginx service.

3. What have you tried to fix the issue?
Changed the healthcheck definition as in (1) above.

4. Upload any test forms or screenshots below.

Central listens on port 80 and redirects to port 443 (see redirector.conf) by default. If you only check port 443, you can miss some failures.

What SSL_TYPE, HTTP_PORT , and HTTPS_PORT have you set in your .env file?

Hi Yaw,

I'm using these settings:


# Do not change if using SSL_TYPE=letsencrypt

I'm using a self-managed Let's Encrypt certificate on the Docker host and then following these instructions. The SSL configuration appears to be working properly - I can access my ODK site over HTTPS and the browser correctly reports my certificate.

I've just reverted to the original healthcheck on port 80 as a test and it'sstill not working. If I login to the nginx container and trying manually running nc -z localhost 80 then it fails on port 80 but succeeds for port 443. I've confirmed that port 80 is open on the firewall on the docker host and docker compose ps reports that the nginx container is exposing both port 80 and port 443.

Would you have any other suggestions for how to investigate this issue?

Thanks for the additional detail.

I'm pretty sure this is related to known issue with healthchecks and non-standard ports. Cleaning up the docker-compose config is on our todo and we'll take on these glitches then.

Until then, the fix you have in place is fine. The alternative, which is the recommended and more heavily tested path, is to let Central manage the LetsEncrypt process.