### host-port-ingress-proxy

1. **Docker Container Setup**: 
   - The Docker container is based on the official NGINX Alpine image.
   - Several environment variables are defined in the Dockerfile to configure the NGINX reverse proxy. These include `BACKEND_HOST`, `BACKEND_TCP_PORT`, `BACKEND_UDP_PORT`, and `ALLOWED_IPS`. 
   - The Dockerfile also installs `curl` for health checking purposes and includes a custom entrypoint script.

2. **NGINX Configuration**:
   - A template for the NGINX configuration (`nginx.conf.template`) is used. This template is processed by the entrypoint script (`entrypoint.sh`) to replace placeholders with the actual environment variable values.
   - The NGINX configuration sets up NGINX as a reverse proxy to forward TCP and UDP traffic to the configured backend host and ports. It also includes IP-based access control.
   - Additionally, NGINX listens on a separate HTTP port (8080) with a specific location (`/healthz`) that always returns a `200 OK` response. This endpoint is used for health checks.

3. **Health Checking**:
   - The Dockerfile defines a `HEALTHCHECK` instruction that uses `curl` to periodically check the health of the NGINX server by accessing the `/healthz` endpoint.
   - If the health check fails (does not return `200 OK`), Docker marks the container as unhealthy.

4. **Running the Container**:
   - When the container is run, the environment variables can be set to define the backend host, ports, and allowed IPs.
   - Docker's health check mechanism monitors the container's health status by checking the `/healthz` endpoint.

### Mermaid Diagram

Here's a Mermaid diagram that visualizes the flow:

```mermaid
graph LR
    subgraph Docker Container
    NGINX[NGINX Reverse Proxy]
    ENTRYPOINT[Entrypoint Script]
    CONFIG[nginx.conf.template]
    HEALTHCHECK[Health Check]

    ENTRYPOINT -->|Processes| CONFIG
    CONFIG -->|Configures| NGINX
    NGINX -->|TCP/UDP Proxy| BACKEND[Backend Service]
    NGINX -->|HTTP Health Check| HEALTHCHECK
    HEALTHCHECK -->|curl /healthz| NGINX
    end

    USER[User] -->|TCP/UDP Request| NGINX
    NGINX -->|Responds| USER
    DOCKER[Docker Daemon] -->|Periodic Check| HEALTHCHECK

    style NGINX fill:#f96,stroke:#333,stroke-width:2px
    style BACKEND fill:#ff9,stroke:#333,stroke-width:2px
    style USER fill:#9f6,stroke:#333,stroke-width:2px
    style HEALTHCHECK fill:#6f9,stroke:#333,stroke-width:2px
    style DOCKER fill:#f69,stroke:#333,stroke-width:2px
```

This diagram represents the flow of requests through the NGINX reverse proxy and how the health check mechanism works within the Docker container. The `NGINX Reverse Proxy` handles both TCP/UDP requests and health check requests, forwarding the former to the `Backend Service` and responding directly to the latter. The `Docker Daemon` periodically triggers the health check to ensure the NGINX server is functioning correctly.