Handbook
Examples — Caddy TLS health probe
Once Caddy + systemd terminates TLS:
Updated
export BASE=https://fleet.example.com
curl -fsS "${curl_auth[@]}" "${BASE}/v1/health"
-f surfaces HTTP errors immediately—combine with systemd ExecStartPost=/usr/bin/curl … cautiously (avoid thundering herds).
Unified Granite hostname nuances → Caddy unified Granite.
Purpose
Health-check curl through a TLS front-end (Caddy) with fail-fast -f.
Prerequisites
Caddy reverse proxy configured per Caddy + systemd; BASE uses https://.
Copy-paste steps
Export BASE to the public hostname; reuse curl_auth from curl.md when bearer auth is on.
Expected output
GET /v1/health returns 200 JSON; -f maps non-2xx to shell failure for probes.
Error handling
502 often means upstream Fleet unreachable—compare direct loopback curl vs through the proxy.
Security notes
Terminate TLS at the edge; keep FLEET_BEARER_TOKEN out of unit files when EnvironmentFile is preferred.
Related
Validation status
check-docs-examples.pyscans docs forcurlpatterns; health payload shape inhealth-response.schema.json+ fixturepayloads/valid/health-response.json.