From 53a74d59a9b6558b0bf0d67826445fbe7d02b055 Mon Sep 17 00:00:00 2001
From: Gandalf <gandalf@storm.pl>
Date: Sun, 4 Jan 2026 01:16:27 +0100
Subject: [PATCH] Fix Docker Swarm rolling update deadlock

Switch from host-mode to ingress-mode port publishing to enable
zero-downtime deployments with start-first update strategy.

Host mode binds ports directly to the host, allowing only one container
per port. Combined with start-first (which requires new container to
start before stopping the old), this creates a deadlock - new container
cannot start because port is occupied.

Ingress mode uses Swarm's routing mesh, allowing multiple containers
to coexist during updates. This enables proper rolling deployments.

Also removes force-update step from deploy script as it causes
unnecessary service restarts when the stack is already running.
---
 docker/docker-compose.yml | 12 ++++--------
 scripts/deploy-swarm.sh   | 11 ++++-------
 2 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 65777b9e6..1713c2b2a 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -2,12 +2,10 @@ services:
   denser-blog:
     image: registry.gitlab.syncad.com/hive/denser/blog:${VERSION:?VERSION required}
     ports:
-      - target: 3000
-        published: 3000
-        mode: host
+      - "3000:3000"
     environment:
       PORT: 3000
-    # HOSTNAME must be set via command because Docker overrides env var with container ID
+    # HOSTNAME=0.0.0.0 ensures the app binds to all interfaces, required for Docker networking
     command: ["sh", "-c", "HOSTNAME=0.0.0.0 node ./apps/blog/server.js"]
     volumes:
       - ${BLOG_ENV_FILE:?BLOG_ENV_FILE must be set}:/app/apps/.env:ro
@@ -28,12 +26,10 @@ services:
   denser-wallet:
     image: registry.gitlab.syncad.com/hive/denser/wallet:${VERSION:?VERSION required}
     ports:
-      - target: 3000
-        published: 4000
-        mode: host
+      - "4000:3000"
     environment:
       PORT: 3000
-    # HOSTNAME must be set via command because Docker overrides env var with container ID
+    # HOSTNAME=0.0.0.0 ensures the app binds to all interfaces, required for Docker networking
     command: ["sh", "-c", "HOSTNAME=0.0.0.0 node ./apps/wallet/server.js"]
     volumes:
       - ${WALLET_ENV_FILE:?WALLET_ENV_FILE must be set}:/app/apps/.env:ro
diff --git a/scripts/deploy-swarm.sh b/scripts/deploy-swarm.sh
index e1470bb67..399337a1c 100755
--- a/scripts/deploy-swarm.sh
+++ b/scripts/deploy-swarm.sh
@@ -106,10 +106,7 @@ export BLOG_ENV_FILE
 export WALLET_ENV_FILE
 docker stack deploy -c "$COMPOSE_FILE" denser
 
-# Force service update to ensure config changes are applied
-# (Docker Swarm sometimes caches service spec when image is unchanged)
-echo "Forcing service update..."
-docker service update --force denser_denser-blog
-docker service update --force denser_denser-wallet
-
-echo "Done. Check status: docker service ls"
+echo ""
+echo "Deployment initiated. Services will update in the background."
+echo "Check status with: docker service ls"
+echo "Check logs with: docker service logs denser_denser-blog"
-- 
GitLab