Fix: Fix for ports

[adamoutler]

Fixes the ability to customize HTTP and GraphQL ports in both devcontainer and production environments. Previously, port configuration via environment variables was broken due to static nginx config symlinks. Now ports are dynamically rendered at runtime.

Dockerfile & start-nginx.sh)

• Renamed SYSTEM_NGINX_CONFIG_FILE → SYSTEM_NGINX_CONFIG_TEMPLATE for clarity
• Added SYSTEM_SERVICES_ACTIVE_CONFIG_FILE env var pointing to runtime config location
• nginx config is now generated at startup via envsubst, substituting ${LISTEN_ADDR} and ${PORT} into the template
• Removed static symlink that prevented port changes

Devcontainer Setup

• Removed problematic conf.active symlink
• Simplified directory initialization (removed duplicate nginx temp dir creation)
• Removed ad-hoc config generation from setup script

Unit Tests

• Added comprehensive port availability & readiness infrastructure:

  • _port_is_free() — checks if TCP port is available
  • _wait_for_ports() — polls until ports accept connections
  • _discover_host_addresses() — handles multiple IP candidates (127.0.0.1, gateway, env-configured)
  • _select_custom_ports() — dynamically picks free ephemeral ports
  • _make_port_check_hook() — post-up callback to verify ports are listening

• Enhanced test_normal_startup_no_warnings_compose() to validate both:

  • Default port scenario (20211)
  • Custom port scenario (dynamic allocation, validates PORT and GRAPHQL_PORT env vars)

Testing

• ✅ Default port startup works without warnings
• ✅ Custom ports via environment variables are respected
• ✅ Mounts table shows correct permissions
• ✅ No critical errors or permission issues

Breaking Changes

None. Existing configurations continue to work unchanged.

Summary by CodeRabbit

• Infrastructure

  • Refined Docker configuration for improved service management
  • Enhanced test infrastructure for compose deployment scenarios

• Chores

  • Streamlined service configuration handling and cleanup of unused configuration files

[coderabbitai]

Walkthrough

Refactors nginx configuration management by replacing SYSTEM_NGINX_CONFIG_FILE with SYSTEM_NGINX_CONFIG_TEMPLATE across Dockerfiles and adding SYSTEM_SERVICES_ACTIVE_CONFIG_FILE for runtime config. Removes devcontainer nginx template file and generation logic, simplifies setup scripts, and enhances docker-compose tests with host discovery and port management utilities.

Changes

Cohort / File(s)	Summary
Dockerfile Environment Variables .devcontainer/Dockerfile, Dockerfile	Replaces ENV SYSTEM_NGINX_CONFIG_FILE with ENV SYSTEM_NGINX_CONFIG_TEMPLATE (pointing to netalertx.conf.template). Adds ENV SYSTEM_SERVICES_ACTIVE_CONFIG_FILE pointing to /tmp/nginx/active-config/nginx.conf. Changes applied in both main and Runner stages.
Nginx Configuration Cleanup .devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template, .devcontainer/scripts/generate-configs.sh, install/production-filesystem/services/config/nginx/conf.active	Removes devcontainer nginx template file. Removes nginx config generation block from generate-configs.sh. Clears conf.active reference to /tmp/nginx/active-config.
Script Initialization Updates .devcontainer/scripts/setup.sh, install/production-filesystem/build/init-php-fpm.sh	Removes nginx active config symlink management in setup.sh. Adds SYSTEM_SERVICES_RUN_TMP to directory creation loop, removes individual nginx temp subdirectory creation. Removes /services/config/run directory creation from init-php-fpm.sh.
Nginx Runtime Configuration install/production-filesystem/services/start-nginx.sh	Updates to use SYSTEM_SERVICES_ACTIVE_CONFIG_FILE instead of separate template/config file variables. Changes envsubst destination, nginx -c parameter, and error messaging to reference new active config file path.
Docker Compose Test Infrastructure test/docker_tests/test_docker_compose_scenarios.py	Adds host address discovery, port availability checking, and custom port selection utilities. Introduces docker-compose generation helpers and post-up hooks for port readiness validation. Extends test_normal_startup_no_warnings_compose with default and custom port scenarios, mount assertions, and permission/warning checks.

Sequence Diagram(s)

sequenceDiagram
    participant OldFlow as Old Flow
    participant NewFlow as New Flow
    
    rect rgb(240, 248, 255)
        Note over OldFlow: Devcontainer Flow
        OldFlow->>OldFlow: setup.sh creates conf.active symlink<br/>to active-config
        OldFlow->>OldFlow: generate-configs.sh processes<br/>SYSTEM_NGINX_CONFIG_FILE template
        OldFlow->>OldFlow: deploy static nginx.conf
    end
    
    rect rgb(240, 250, 240)
        Note over NewFlow: New Flow
        NewFlow->>NewFlow: setup.sh skips symlink creation<br/>manages temp dirs directly
        NewFlow->>NewFlow: generate-configs.sh skipped<br/>(devcontainer)
        NewFlow->>NewFlow: start-nginx.sh generates config<br/>to SYSTEM_SERVICES_ACTIVE_CONFIG_FILE
    end
    
    rect rgb(255, 250, 240)
        Note over NewFlow: Production Flow
        NewFlow->>NewFlow: SYSTEM_NGINX_CONFIG_TEMPLATE<br/>sourced for envsubst
        NewFlow->>NewFlow: Output → SYSTEM_SERVICES_ACTIVE_CONFIG_FILE<br/>(/tmp/nginx/active-config/nginx.conf)
        NewFlow->>NewFlow: nginx -c parameter uses<br/>active-config path
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• .devcontainer/scripts/setup.sh: Verify that loop-based directory creation with 777 permissions correctly replaces the explicit subdirectory setup without breaking nginx runtime assumptions.
• install/production-filesystem/services/start-nginx.sh: Validate envsubst template replacement logic and that SYSTEM_SERVICES_ACTIVE_CONFIG_FILE is properly initialized before use.
• test/docker_tests/test_docker_compose_scenarios.py: The new port discovery and readiness logic is substantial; verify host address candidates cover all scenarios (IPv4/IPv6 loopback, host-gateway), port-checking timeout handling, and that Skipped exception propagation doesn't mask real failures.
• Environment variable consistency: Confirm both Dockerfile and .devcontainer/Dockerfile changes are identical and that all runtime scripts correctly reference the new variables.

Possibly related PRs

• Fix permissions on Synology #1268: Modifies SYSTEM_SERVICES_ACTIVE_CONFIG and related writable folder permissions; this PR completes the migration by pivoting all runtime config generation and nginx startup to use the active-config file mechanism.
• feat: Devcontainer #1184: Devcontainer-related foundational changes (Dockerfile, setup scripts, nginx template structure); this PR continues and consolidates those modifications.
• Feat: Enterprise-Grade Security Hardening and Build Overhaul #1230: Introduces nginx configuration templating and netalertx.conf.template with SYSTEM_* config variables; this PR refactors how those templates are deployed and consumed at runtime.

Poem

🐰 Through config pipes and Docker dreams we hop,
Active configs bloom where templates once did drop,
Port-checking whiskers twitch with newfound grace,
Nginx flows now to its proper place! 🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 76.92% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The PR title 'Fix: Fix for ports' is vague and generic, using redundant phrasing ('Fix: Fix') that doesn't clearly convey the actual change (dynamic nginx configuration for customizable ports).	Revise to be more specific and descriptive, such as 'Make nginx port configuration dynamic at runtime' or 'Enable customizable HTTP/GraphQL ports via environment variables'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 84cc015 and d23bf45.

📒 Files selected for processing (9)

• .devcontainer/Dockerfile (2 hunks)
• .devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template (0 hunks)
• .devcontainer/scripts/generate-configs.sh (0 hunks)
• .devcontainer/scripts/setup.sh (1 hunks)
• Dockerfile (1 hunks)
• install/production-filesystem/build/init-php-fpm.sh (0 hunks)
• install/production-filesystem/services/config/nginx/conf.active (0 hunks)
• install/production-filesystem/services/start-nginx.sh (2 hunks)
• test/docker_tests/test_docker_compose_scenarios.py (7 hunks)

💤 Files with no reviewable changes (4)

• .devcontainer/scripts/generate-configs.sh
• install/production-filesystem/build/init-php-fpm.sh
• install/production-filesystem/services/config/nginx/conf.active
• .devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template

🧰 Additional context used

🧠 Learnings (7)

📓 Common learnings

Learnt from: adamoutler
Repo: jokob-sk/NetAlertX PR: 1230
File: .devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template:1-2
Timestamp: 2025-10-19T01:40:57.095Z
Learning: In the NetAlertX repository, .devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template is an auto-generated file that is intentionally committed to source control. It cannot be regenerated automatically outside the devcontainer environment and is required for the devcontainer to start, creating a bootstrap dependency.

📚 Learning: 2025-10-19T01:40:57.095Z

Learnt from: adamoutler
Repo: jokob-sk/NetAlertX PR: 1230
File: .devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template:1-2
Timestamp: 2025-10-19T01:40:57.095Z
Learning: In the NetAlertX repository, .devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf.template is an auto-generated file that is intentionally committed to source control. It cannot be regenerated automatically outside the devcontainer environment and is required for the devcontainer to start, creating a bootstrap dependency.

Applied to files:

• install/production-filesystem/services/start-nginx.sh
• Dockerfile
• .devcontainer/Dockerfile
• .devcontainer/scripts/setup.sh

📚 Learning: 2025-09-20T14:09:29.159Z

Learnt from: adamoutler
Repo: jokob-sk/NetAlertX PR: 1184
File: .devcontainer/scripts/setup.sh:103-116
Timestamp: 2025-09-20T14:09:29.159Z
Learning: In NetAlertX devcontainer setup, the netalertx user has write permissions to /var/log/nginx/ directory as it's explicitly chowned to netalertx:www-data in the Dockerfile, so setup.sh can write to nginx log files without sudo.

Applied to files:

• install/production-filesystem/services/start-nginx.sh
• Dockerfile
• .devcontainer/Dockerfile
• .devcontainer/scripts/setup.sh

📚 Learning: 2025-09-20T03:01:19.912Z

Learnt from: adamoutler
Repo: jokob-sk/NetAlertX PR: 1184
File: .devcontainer/Dockerfile:18-19
Timestamp: 2025-09-20T03:01:19.912Z
Learning: In the NetAlertX repository, .devcontainer/Dockerfile is auto-generated and should not be reviewed directly. Review comments about dependencies and build steps should be directed at the root Dockerfile where the actual source commands are located.

Applied to files:

• Dockerfile
• .devcontainer/Dockerfile

📚 Learning: 2025-09-20T02:56:24.501Z

Learnt from: adamoutler
Repo: jokob-sk/NetAlertX PR: 1184
File: .devcontainer/devcontainer.json:5-8
Timestamp: 2025-09-20T02:56:24.501Z
Learning: In the NetAlertX devcontainer setup, the final .devcontainer/Dockerfile is generated by combining the root Dockerfile with .devcontainer/resources/devcontainer-Dockerfile using the generate-dockerfile.sh script. The devcontainer.json should reference the generated file, not the root Dockerfile.

Applied to files:

• Dockerfile
• .devcontainer/Dockerfile

📚 Learning: 2025-09-20T14:08:48.256Z

Learnt from: adamoutler
Repo: jokob-sk/NetAlertX PR: 1184
File: .devcontainer/scripts/setup.sh:90-96
Timestamp: 2025-09-20T14:08:48.256Z
Learning: In the NetAlertX devcontainer setup, the setup.sh script intentionally removes user_notifications.json from the API directory during development environment initialization to prevent notification clutter that accumulates during container launches and development work.

Applied to files:

• .devcontainer/Dockerfile

📚 Learning: 2025-10-26T17:09:18.621Z

Learnt from: adamoutler
Repo: jokob-sk/NetAlertX PR: 1235
File: .devcontainer/scripts/setup.sh:146-148
Timestamp: 2025-10-26T17:09:18.621Z
Learning: In `.devcontainer/scripts/setup.sh` and other devcontainer setup scripts for NetAlertX, chmod 666 on /var/run/docker.sock is acceptable because devcontainer environments are single-user development contexts where convenience can take priority over strict permission hardening.

Applied to files:

• .devcontainer/scripts/setup.sh

🪛 Ruff (0.14.4)

test/docker_tests/test_docker_compose_scenarios.py

57-57: subprocess call: check for execution of untrusted input

(S603)

---

270-270: Avoid specifying long messages outside the exception class

(TRY003)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: docker_dev