This Docker image combines:
- Nginx Open Source (v1.24.0) compiled from source
- Active Health Check Module (nginx_upstream_check_module)
- Nginx UI (Web-based management interface)
π― A free alternative to Nginx Plus active health checks - Get enterprise-grade health checking without the enterprise price tag!
- β Active health checks for upstream servers (similar to Nginx Plus)
- β Web-based UI for managing Nginx configurations
- β SSL/TLS support with HTTP/2
- β Stream module for TCP/UDP load balancing
- β Real-time upstream health status monitoring
- β Configuration editor with syntax highlighting
- β Let's Encrypt certificate management
docker pull ghcr.io/deviant101/nginx-active-healthcheck-ui:latest
docker run -d \
--name nginx-healthcheck-ui \
-p 80:80 \
-p 443:443 \
-p 8080:8080 \
-p 9000:9000 \
-v nginx_config:/etc/nginx \
-v nginx_ui_config:/etc/nginx-ui \
--restart unless-stopped \
ghcr.io/deviant101/nginx-active-healthcheck-ui:latestgit clone https://github.com/deviant101/nginx-active-healthcheck-ui.git
cd nginx-active-healthcheck-uiOption A: Using Docker Compose
docker-compose up -d --buildOption B: Build and run manually
docker build -t nginx-healthcheck-ui .
docker run -d \
--name nginx-healthcheck-ui \
-p 80:80 \
-p 443:443 \
-p 8080:8080 \
-p 9000:9000 \
-v nginx_config:/etc/nginx \
-v nginx_ui_config:/etc/nginx-ui \
--restart unless-stopped \
nginx-healthcheck-ui| Service | URL | Description |
|---|---|---|
| Nginx | http://localhost:80 | Main HTTP server |
| Nginx (HTTPS) | https://localhost:443 | Main HTTPS server |
| Nginx Status | http://localhost:8080/nginx_status | Nginx stub status |
| Health Check Status | http://localhost:8080/upstream_status | Active health check status (HTML) |
| Health Check JSON | http://localhost:8080/upstream_status_json | Active health check status (JSON) |
| Nginx UI | http://localhost:9000 | Web management interface |
- Access Nginx UI at
http://localhost:9000 - Create your admin account on first visit
- Configure your upstream servers and sites through the UI
Add active health checks to your upstream blocks in nginx configuration:
upstream backend {
server backend1.example.com:8080;
server backend2.example.com:8080;
server backend3.example.com:8080;
# Active health check configuration
check interval=3000 rise=2 fall=3 timeout=1000 type=http;
check_http_send "HEAD /health HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
}| Parameter | Description | Example |
|---|---|---|
interval |
Check interval in milliseconds | interval=3000 (3 seconds) |
rise |
Number of successful checks to mark server as up | rise=2 |
fall |
Number of failed checks to mark server as down | fall=3 |
timeout |
Timeout for health check in milliseconds | timeout=1000 |
type |
Check type (tcp, http, ssl_hello, mysql, ajp) | type=http |
- tcp: Simple TCP connection check
- http: HTTP request check
- ssl_hello: SSL handshake check
- mysql: MySQL protocol check
- ajp: AJP protocol check
/etc/nginx/
βββ nginx.conf # Main configuration
βββ conf.d/ # Additional configurations
βββ sites-available/ # Available site configurations
βββ sites-enabled/ # Enabled site configurations
βββ streams-available/ # Available stream configurations
βββ streams-enabled/ # Enabled stream configurations
βββ ssl/ # SSL certificates
/etc/nginx-ui/
βββ app.ini # Nginx UI configuration
βββ database.db # Nginx UI database
/var/log/nginx/
βββ access.log # Nginx access log
βββ error.log # Nginx error log
You can customize the Nginx UI configuration by mounting your own app.ini file or setting these in the configuration:
HttpPort: Nginx UI port (default: 9000)JWTSecret: JWT secret for authenticationDatabase: Path to SQLite database
| Volume | Path | Description |
|---|---|---|
| nginx_config | /etc/nginx | Nginx configuration files |
| nginx_ui_config | /etc/nginx-ui | Nginx UI configuration and database |
| nginx_logs | /var/log/nginx | Nginx log files |
| nginx_ui_logs | /var/log/nginx-ui | Nginx UI log files |
- Change default secrets: Update
JWTSecretandSecretin/etc/nginx-ui/app.ini - Restrict status endpoints: The status endpoints are restricted to private networks by default
- Use HTTPS: Configure SSL/TLS for production environments
- Firewall: Consider restricting access to port 9000 (Nginx UI)
upstream api_servers {
server api1.internal:3000;
server api2.internal:3000;
server api3.internal:3000;
# Health check every 5 seconds
# Mark as UP after 2 successful checks
# Mark as DOWN after 3 failed checks
check interval=5000 rise=2 fall=3 timeout=2000 type=http;
check_http_send "GET /api/health HTTP/1.1\r\nHost: localhost\r\n\r\n";
check_http_expect_alive http_2xx;
}
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://api_servers;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}A sample nginx configuration file (backend-nginx.conf) is included for your backend servers. This config provides a /health endpoint that the load balancer uses for health checks.
-
Copy
backend-nginx.confto your backend server:scp backend-nginx.conf user@backend-server:/etc/nginx/nginx.conf
-
Restart nginx on the backend:
sudo nginx -t && sudo systemctl restart nginx -
Verify the health endpoint:
curl http://localhost/health # Should return: healthy
| Endpoint | Description |
|---|---|
/ |
Main application (serves /var/www/html) |
/health |
Health check endpoint (returns "healthy") |
/status |
Nginx stub status page |
docker exec nginx-ui-healthcheck nginx -t
docker exec nginx-ui-healthcheck nginx -s reload# Nginx logs
docker logs nginx-ui-healthcheck
# Or access log files directly
docker exec nginx-ui-healthcheck tail -f /var/log/nginx/error.logcurl http://localhost:8080/upstream_status
curl http://localhost:8080/upstream_status_json- Nginx: BSD-like license
- nginx_upstream_check_module: BSD license
- Nginx UI: AGPL-3.0 license