Skip to content

Commit 42aae57

Browse files
author
Marius Benthin
committed
feat: health check for signature updates
1 parent 2f65596 commit 42aae57

2 files changed

Lines changed: 15 additions & 8 deletions

File tree

README.md

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -35,16 +35,13 @@ A contract token can be retrieved from the [Nextron Portal](https://portal.nextr
3535

3636
If you want to use the techpreview channel (currently THOR 11) you need to set `TECHPREVIEW=1`. If it is omitted it will downgrade to the stable channel again.
3737

38-
The compose file contains commented environment variables for all available configuration options. Some options only apply to specific THOR major versions, for example, `SIGNATURE_UPDATE_INTERVAL` is only available for THOR 11.
38+
The compose file contains commented environment variables for all available configuration options. Some options only apply to specific THOR major versions, for example, `QUEUE_WARN_SIZE` is only available for THOR 11.
3939

4040
## Signature Updates
4141

42-
On every container start, THOR signatures are updated automatically. You can enforce a signature update by restarting the service with a brief downtime:
43-
```
44-
docker compose up -d --force-recreate
45-
```
42+
THOR signatures are updated automatically on every container start. To keep them fresh without manually restart, set `SIGNATURE_UPDATE_INTERVAL` (in hours) to schedule recurring updates.
4643

47-
If a brief downtime is not acceptable, you may want to consider a Docker Swarm setup with start-first update config or use the [techpreview channel](#tech-preview) (currently THOR 11) which allows you to update signatures periodically while running. By default, THOR 11 updates signatures every 24 hours but it can be customized via `SIGNATURE_UPDATE_INTERVAL` environment variable.
44+
The update mechanism depends on the THOR major version. On THOR 10, new signatures only take effect after a restart. Docker's health check therefore marks the container as unhealthy once `SIGNATURE_UPDATE_INTERVAL` has elapsed, prompting Docker to restart it. The new signatures are then fetched as part of the regular container start, at the cost of a brief API downtime. THOR 11 uses Thunderstorm's built-in signature-update feature to download and apply signatures in-place, leaving the API available throughout.
4845

4946
## Additional Arguments
5047

docker-compose.yml

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ services:
88
CONTRACT_TOKEN: "${CONTRACT_TOKEN}"
99
# Optional: upgrade to THOR techpreview channel
1010
# TECHPREVIEW: "true"
11+
# Optional: hours between signature updates (default: 0)
12+
# SIGNATURE_UPDATE_INTERVAL: "0"
1113
# Optional: result cache size (default: 250000)
1214
# RESULT_CACHE_SIZE: "250000"
1315
# Optional: enforce maximum file size for all file types including registry hives and log files
@@ -35,8 +37,6 @@ services:
3537
# --- THOR 11 only ---
3638
# Optional: minimum score for storing samples (default: 200)
3739
# STORE_SAMPLES_SCORE: "200"
38-
# Optional: hours between signature updates (default: 24)
39-
# SIGNATURE_UPDATE_INTERVAL: "24"
4040
# Optional: upload queue size warning threshold (default: 50000)
4141
# QUEUE_WARN_SIZE: "50000"
4242
# Optional: enable VFS directory mirroring uploaded files per host (also uncomment volume below)
@@ -47,6 +47,16 @@ services:
4747
# Optional: mount TLS certificate and private key (uncomment TLS_CERT/TLS_KEY above as well)
4848
# - ./tls_cert:/run/secrets/tls_cert:ro
4949
# - ./tls_key:/run/secrets/tls_key:ro#
50+
restart: unless-stopped
51+
# THOR 10: periodically restart the container by signaling PID 1 once uptime exceeds
52+
# SIGNATURE_UPDATE_INTERVAL hours; restart policy brings it back up. Skipped when
53+
# SIGNATURE_UPDATE_INTERVAL is 0 (disabled, default) or TECHPREVIEW is set (THOR 11
54+
# updates signatures in-process).
55+
healthcheck:
56+
test: ["CMD-SHELL", "[ -n \"$$TECHPREVIEW\" ] || [ \"$${SIGNATURE_UPDATE_INTERVAL:-0}\" = \"0\" ] || [ $$(($$(date +%s) - $$(stat -c %Y /proc/1))) -lt $$(( $${SIGNATURE_UPDATE_INTERVAL} * 3600 )) ] || kill 1"]
57+
interval: 5m
58+
timeout: 10s
59+
start_period: 10m
5060

5161
volumes:
5262
thunderstorm:

0 commit comments

Comments
 (0)