[BUG] Deploy Kimai2 to AWS ECS doesn't attach properly to AWS LB

[underfisk]

Describe the bug Currently, i'm trying to configure (using Pulumi) Kimai2 to run inside an ECS (fargate task). I've tried to provide kimai/kimai2:apache and kimai/kimai2:latest and only the apache was able to be accessible through the public fargate task IP. I've come across a situation where the FPM is supposed to expose correctly port 9000 but the target group always times out and never binds correctly which the public IP does not respond too. It might be a known issue but using a dummy nginx with port 9000 does attach just fine. Trusted Hosts and Proxies are confused when we have a load balancer already, it's hard to predict its IP since we only have up-front the DNS to inject

For TRUSTED_HOSTS and TRUSTED_PROXIES i've been passing "${APP_DOMAIN},nginx,localhost,127.0.0.1" where the APP_DOMAIN would be just the DNS myapp.com I do believe the problem might be lying in the reserve proxy settings when passing TRUSTED (https://symfony.com/doc/current/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly) but using 127.0.0.1,REMOTE_ADDR doesn't work and the target will always detach even with a large amount of healthz interval

To Reproduce

1. Fetch a simple Pulumi ECS example and specify one of the images above with the mapped env variables provided in the documentation
2. Deploy only the Kimai Image (single fargate task) and not a Nginx + Kimai task container
3. Attach a load balancer to the ECS (with domain name preferable)
4. When deploying notice that the Target group (to the underlying container port 9000 will time out)

Desktop (please complete the following information):

• Any
• Docker version 20.10.21, build baeda1f

Docker compose file (with passwords redacted) The official compose (works fine locally but can't deploy swarm/compose files to AWS)

Additional context Here's some logs when the task boots

ait for MySQL DB connection ...
--
Testing DB:** new \PDO(mysql:host=XXXXXX, [ \PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION ]);*Connection established
/startup.sh: line 41: [: : integer expression expected
/startup.sh: line 44: assets/monolog.yaml: No such file or directory
Kimai installation running ...
==============================
Database `kimai2` for connection named default already exists. Skipped.
[notice] Migrating up to DoctrineMigrations\Version20220722125847
[notice] finished in 14484.2ms, used 38M memory, 60 migrations executed, 192 sql queries
Rebuilding your cache, please be patient ...
// Clearing the cache for the prod environment with debug
// false
[OK] Cache for the "prod" environment (debug=false) was successfully cleared.
// Warming up the cache for the prod environment with debug
// false
[OK] Cache for the "prod" environment (debug=false) was successfully warmed.
[OK] Congratulations! Successfully installed Kimai version 1.30.2
Kimai updates running ...
=========================
[OK] Already at the latest version ("DoctrineMigrations\Version20220722125847")
Rebuilding your cache, please be patient ...
// Clearing the cache for the prod environment with debug
// false
[OK] Cache for the "prod" environment (debug=false) was successfully cleared.
// Warming up the cache for the prod environment with debug
// false
[OK] Cache for the "prod" environment (debug=false) was successfully warmed.
[OK] Congratulations! Successfully updated Kimai to version 1.30.2
[OK] Success! Created user: superadmin
Kimai2 ready
Reloading configurations ...
============================
[OK] All 39 YAML files contain valid syntax.
[OK] All 530 XLIFF files contain valid syntax.
Rebuilding your cache, please be patient ...
// Clearing the cache for the prod environment with debug
// false
[OK] Cache for the "prod" environment (debug=false) was successfully cleared.
// Warming up the cache for the prod environment with debug
// false
[OK] Cache for the "prod" environment (debug=false) was successfully warmed.
[OK] Kimai config was reloaded
[12-Jan-2023 18:30:38] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[12-Jan-2023 18:30:38] NOTICE: [pool www] 'user' directive is ignored when FPM is not running as root
[12-Jan-2023 18:30:38] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[12-Jan-2023 18:30:38] NOTICE: [pool www] 'group' directive is ignored when FPM is not running as root
[12-Jan-2023 18:30:38] NOTICE: fpm is running, pid 1
[12-Jan-2023 18:30:38] NOTICE: ready to handle connections

[tobybatch]

I'm not an AWS user but let me just clarify something. You will need a web server to server the site. The FPM image only serves the PHP. You cab't hit port 9000 on the FPM image and get a web page.

Which web server is serving the site when you use the FPM image.

[underfisk]

Hey, thanks for the quick reply I did use the Apache image which is suppose to serve but even so attaching a healthz check always hang up the socket connection On the other side the trusted proxies doesn't work with the domain name as expected Ideally shipping a single docker image with nginx and the php fpm/cgi would do the trick because a fargate task should be reachable through TCP/HTTP Again when using AWS my main goal is to leverage its Application Load Balancer but in order for that to happen the kimai container should be able to serve its content and accept any host/proxy as Synfony docs stand when using a reverse proxy Locally the docker image works, apache or fpm, in Fpm it will always resolve ok since the host is under the same network (in prod I can't release a docker swarm so 😅) Let me know if this context does help

[tobybatch]

Bundling the nginx into the fpm container isn't considered good docker practice. We are unlikely to provide that out of the box.

You could easily extend the base image though, something like this:

FROM kimai/kimai2:fpm

RUN apk add --no-cache nginx
# Do some nginx config

ENTRYPOINT /some-shell-script # Starts nginx and then starts kimai /startup.sh