From 036e49faf092e238ce13c9506ca13fae50b302d1 Mon Sep 17 00:00:00 2001
From: c41ms0n <193478517+c41ms0n@users.noreply.github.com>
Date: Thu, 23 Apr 2026 00:53:32 +0300
Subject: [PATCH] healthcheck: parallel bash probe for smtp/imap on all 4 ports

---
 build/Dockerfile     | 12 ++++--------
 build/healthcheck.sh | 38 ++++++++++++++++++++++++++++++++++++++
 deb/Dockerfile       | 12 ++++--------
 deb/healthcheck.sh   | 38 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 84 insertions(+), 16 deletions(-)
 create mode 100644 build/healthcheck.sh
 create mode 100644 deb/healthcheck.sh

diff --git a/build/Dockerfile b/build/Dockerfile
index 4d79bf4..4721ddd 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -111,7 +111,7 @@ EXPOSE 143/tcp
 
 WORKDIR /protonmail
 
-COPY gpgparams entrypoint.sh /protonmail/
+COPY gpgparams entrypoint.sh healthcheck.sh /protonmail/
 
 COPY --from=build /build/bridge        /protonmail/
 COPY --from=build /build/proton-bridge /protonmail/
@@ -128,15 +128,11 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
          reptyr) apt-get install -y --no-install-recommends reptyr ;; \
          *) echo "Unsupported PTY_TOOL: ${PTY_TOOL}. Supported: dtach, abduco, reptyr." >&2 ; exit 1 ;; \
        esac \
-    && chmod +x /protonmail/entrypoint.sh \
+    && chmod +x /protonmail/entrypoint.sh /protonmail/healthcheck.sh \
     && rm -rf /var/lib/apt/lists/*
 
-HEALTHCHECK --interval=30s --timeout=5s --retries=3 --start-period=120s \
-  CMD /bin/bash -c \
-      "true < /dev/tcp/localhost/25 \
-    && true < /dev/tcp/localhost/143 \
-    && true < /dev/tcp/localhost/1025 \
-    && true < /dev/tcp/localhost/1143"
+HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=120s \
+  CMD /protonmail/healthcheck.sh
 
 ENTRYPOINT ["/protonmail/entrypoint.sh"]
 CMD ["run"]
diff --git a/build/healthcheck.sh b/build/healthcheck.sh
new file mode 100644
index 0000000..bcf10f8
--- /dev/null
+++ b/build/healthcheck.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+set -euo pipefail
+
+# Proton Bridge healthcheck — probes all 4 ports in parallel.
+# Exit 0 = healthy, 1 = unhealthy (Docker HEALTHCHECK contract).
+
+TIMEOUT=5  # seconds per probe
+
+check_smtp() {
+    local port=$1
+    echo 'QUIT' | socat -T${TIMEOUT} - TCP4:localhost:${port} 2>/dev/null \
+        | grep -q '^220'
+}
+
+check_imap() {
+    local port=$1
+    printf 'A1 LOGOUT\r\n' | socat -T${TIMEOUT} - TCP4:localhost:${port} 2>/dev/null \
+        | grep -q '^\* OK'
+}
+
+# Fire all probes in parallel, capture PIDs
+check_smtp  25  & PID_SMTP_25=$!
+check_imap 143  & PID_IMAP_143=$!
+check_smtp 1025 & PID_SMTP_1025=$!
+check_imap 1143 & PID_IMAP_1143=$!
+
+# Collect results — || prevents set -e from exiting early on probe failure
+FAIL=0
+wait $PID_SMTP_25   || { echo "FAIL smtp:25";   FAIL=1; }
+wait $PID_IMAP_143  || { echo "FAIL imap:143";  FAIL=1; }
+wait $PID_SMTP_1025 || { echo "FAIL smtp:1025"; FAIL=1; }
+wait $PID_IMAP_1143 || { echo "FAIL imap:1143"; FAIL=1; }
+
+if [[ $FAIL -eq 0 ]]; then
+    echo "OK smtp:25 imap:143 smtp:1025 imap:1143"
+fi
+
+exit $FAIL
diff --git a/deb/Dockerfile b/deb/Dockerfile
index 0df10de..ab0854c 100644
--- a/deb/Dockerfile
+++ b/deb/Dockerfile
@@ -22,7 +22,7 @@ EXPOSE 143/tcp
 WORKDIR /protonmail
 
 # Copy bash scripts
-COPY gpgparams entrypoint.sh PACKAGE /protonmail/
+COPY gpgparams entrypoint.sh healthcheck.sh PACKAGE /protonmail/
 COPY --from=build /protonmail.deb /tmp/protonmail.deb
 
 RUN apt-get update \
@@ -33,15 +33,11 @@ RUN apt-get update \
          reptyr) apt-get install -y --no-install-recommends reptyr ;; \
          *) echo "Unsupported PTY_TOOL: ${PTY_TOOL}. Supported: dtach, abduco, reptyr." >&2 ; exit 1 ;; \
        esac \
-    && chmod +x /protonmail/entrypoint.sh \
+    && chmod +x /protonmail/entrypoint.sh /protonmail/healthcheck.sh \
     && rm -rf /var/lib/apt/lists/*
 
-HEALTHCHECK --interval=30s --timeout=5s --retries=3 --start-period=120s \
-  CMD /bin/bash -c \
-      "true < /dev/tcp/localhost/25 \
-    && true < /dev/tcp/localhost/143 \
-    && true < /dev/tcp/localhost/1025 \
-    && true < /dev/tcp/localhost/1143"
+HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=120s \
+  CMD /protonmail/healthcheck.sh
 
 ENTRYPOINT ["/protonmail/entrypoint.sh"]
 CMD ["run"]
diff --git a/deb/healthcheck.sh b/deb/healthcheck.sh
new file mode 100644
index 0000000..bcf10f8
--- /dev/null
+++ b/deb/healthcheck.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+set -euo pipefail
+
+# Proton Bridge healthcheck — probes all 4 ports in parallel.
+# Exit 0 = healthy, 1 = unhealthy (Docker HEALTHCHECK contract).
+
+TIMEOUT=5  # seconds per probe
+
+check_smtp() {
+    local port=$1
+    echo 'QUIT' | socat -T${TIMEOUT} - TCP4:localhost:${port} 2>/dev/null \
+        | grep -q '^220'
+}
+
+check_imap() {
+    local port=$1
+    printf 'A1 LOGOUT\r\n' | socat -T${TIMEOUT} - TCP4:localhost:${port} 2>/dev/null \
+        | grep -q '^\* OK'
+}
+
+# Fire all probes in parallel, capture PIDs
+check_smtp  25  & PID_SMTP_25=$!
+check_imap 143  & PID_IMAP_143=$!
+check_smtp 1025 & PID_SMTP_1025=$!
+check_imap 1143 & PID_IMAP_1143=$!
+
+# Collect results — || prevents set -e from exiting early on probe failure
+FAIL=0
+wait $PID_SMTP_25   || { echo "FAIL smtp:25";   FAIL=1; }
+wait $PID_IMAP_143  || { echo "FAIL imap:143";  FAIL=1; }
+wait $PID_SMTP_1025 || { echo "FAIL smtp:1025"; FAIL=1; }
+wait $PID_IMAP_1143 || { echo "FAIL imap:1143"; FAIL=1; }
+
+if [[ $FAIL -eq 0 ]]; then
+    echo "OK smtp:25 imap:143 smtp:1025 imap:1143"
+fi
+
+exit $FAIL