fix: check if port 80 or 443 is already in use before starting Envoy

Envoy doesn't exit if it can't bind ports for all its listeners, and I couldn't find any configuration option to make it do so.

With this, auto-restart will kick in until both ports are no longer in use.

May not be necessary after the previous fix to ensure that Kong service is stopped before Envoy service is started, but doesn't hurt to have multiple defensive measures, since it's somewhat unexpected that Envoy doesn't exit on such failures.

Author: thebengeu

ansible/files/envoy.service

@@ -7,6 +7,8 @@ Conflicts=kong.service
 [Service]
 Type=simple
 
+ExecStartPre=sh -c 'if ss -lnt | grep -Eq ":(80|443) "; then echo "Port 80 or 443 already in use"; exit 1; fi'
+
 # Need to run via a restarter script to support hot restart when using a process
 # manager, see:
 # https://www.envoyproxy.io/docs/envoy/latest/operations/hot_restarter
@@ -20,8 +22,8 @@ Restart=always
 RestartSec=3
 LimitNOFILE=100000
 
-# The envoy user is unpriviledged and thus not permited to bind on ports < 1024
-# Via systemd we grant the process a set of priviledges to bind to 80/443
+# The envoy user is unprivileged and thus not permitted to bind on ports < 1024
+# Via systemd we grant the process a set of privileges to bind to 80/443
 # See http://archive.vn/36zJU
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 

common.vars.pkr.hcl

@@ -1 +1 @@
-postgres-version = "15.1.1.20"
+postgres-version = "15.1.1.21"