Skip to content

Commit 52c2561

Browse files
fix(pii): bind a configurable $PORT to avoid app :3000 collision
The pii image hardcoded uvicorn --port 3000 and ignored env. In the app ECS task (awsvpc) all containers share one network namespace, and the app owns 3000 — so the sidecar must listen elsewhere (the stock presidio images honored PORT and ran on 5002/5001). Bind ${PORT} (shell-form CMD), default 5001, and update EXPOSE/HEALTHCHECK accordingly so the taskdef can set PORT=5001. Verified: default binds 5001; PORT=5002 override binds 5002; /analyze works on the overridden port.
1 parent 0191a61 commit 52c2561

1 file changed

Lines changed: 7 additions & 3 deletions

File tree

docker/pii.Dockerfile

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,11 +38,15 @@ RUN groupadd -g 1001 pii && \
3838
chown -R pii:pii /app
3939
USER pii
4040

41-
EXPOSE 3000
41+
# Bind a configurable port via $PORT. In the ECS task all containers share one
42+
# network namespace (awsvpc), so this must NOT collide with the app on 3000 —
43+
# default to 5001 and let the taskdef override via PORT.
44+
ENV PORT=5001
45+
EXPOSE 5001
4246

4347
# start-period is generous: five large spaCy models load at import before
4448
# /health responds. Tune against measured cold-start once built.
4549
HEALTHCHECK --interval=30s --timeout=5s --start-period=180s --retries=3 \
46-
CMD curl -fsS http://localhost:3000/health || exit 1
50+
CMD curl -fsS "http://localhost:${PORT}/health" || exit 1
4751

48-
CMD ["uvicorn", "server:app", "--host", "0.0.0.0", "--port", "3000"]
52+
CMD ["sh", "-c", "exec uvicorn server:app --host 0.0.0.0 --port ${PORT}"]

0 commit comments

Comments
 (0)