| 1234567891011121314151617 |
- # IRDB scheduler — busybox crond schedule.
- #
- # Drives /internal/jobs/tick once a minute. The api dispatches whichever
- # periodic jobs are due (recompute-scores, cleanup-audit, enrich-pending,
- # refresh-geoip). job_locks mediates between replicas so duplicate ticks
- # are correct but wasteful.
- #
- # -m 280 caps the request below the 1-minute cadence so we never queue
- # overlapping ticks.
- #
- # SEC_REVIEW F25: target localhost — the scheduler service uses
- # `network_mode: "service:api"` so it shares the api container's network
- # namespace and reaches FrankenPHP via loopback. The api's /internal/*
- # gate is now loopback-only on both Caddy and PHP layers; reaching it
- # from a sibling docker-bridge peer (the previous `http://api:8081`
- # routing) would 404.
- * * * * * curl -sf -m 280 -X POST -H "Authorization: Bearer $INTERNAL_JOB_TOKEN" http://localhost:8081/internal/jobs/tick > /dev/null
|
