check_http keeps failing

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
wrobj0
Posts: 17
Joined: Fri Dec 20, 2019 2:47 pm

check_http keeps failing

Post by wrobj0 »

I'm getting failures on check_http and can't figure out why... Full disclosure, this is the first time I've administered Nagios.

There are 10 other services running against this server, all of which work fine (which I suppose confirms that the Nagios host is in the npre.cfg file on the target, but in case it doesn't, I also confirmed that). We recently moved the website to this new server I'm trying to get working. This check worked fine on the old host.

Nagios XI server info:

Code: Select all

Red Hat Enterprise Linux Server release 6.9 (Santiago)
Linux 2.6.32-642.15.1.el6.x86_64 #1 SMP Mon Feb 20 02:26:38 EST 2017 x86_64 x86_64 x86_64 GNU/Linux
# virt-what
vmware
Target server info:

Code: Select all

OS Name:                   Microsoft Windows Server 2016 Datacenter
OS Version:                10.0.14393 N/A Build 14393
System Manufacturer:       VMware, Inc.
System Model:              VMware Virtual Platform
System Type:               x64-based PC
Here are some outputs of check_http

I first did it this way,

Code: Select all

[root@<NAGIOS> etc]# /usr/local/nagios/libexec/check_http -H "<HOST>" -s "<STRING THAT'S THERE>" -f ok -S -p 443
Name or service not known
HTTP CRITICAL - Unable to open TCP socket
Through tcpdump, I found that the target was expecting tls1.2, so I guessed Nagios defaults to a higher value and ran it this way.

Code: Select all

[root@<NAGIOS> nagios]# /usr/local/nagios/libexec/check_http -I <IP> -s "<STRING THAT'S THERE>" -f ok -u "/<PATH>/" -ssl=1+ -p 443
HTTP CRITICAL - No data received from host
I get no more useful information using the -v flag. I ran it using the URL we have aliased to that host, as well as the hostname + path, and IP + path, just to be complete.

Code: Select all

[root@<NAGIOS> nagios]# /usr/local/nagios/libexec/check_http -H <URL> -f ok  -ssl=1+ -p 443 -w 60 -c 120 -t 180 -v
GET / HTTP/1.1
User-Agent: check_http/v2.0.3 (nagios-plugins 2.0.3)
Connection: close
Host: <HOSTNAME>:443
Accept: */*

HTTP CRITICAL - No data received from host
-------------------------------------------------

Code: Select all

[root@<NAGIOS> nagios]# /usr/local/nagios/libexec/check_http -H <HOSTNAME> -s "<STRING THAT'S THERE>" -f ok -u "/<PATH>/" -ssl=1+ -p 443 -w 60 -c 120 -t 180 -v
GET /<PATH>/ HTTP/1.1
User-Agent: check_http/v2.0.3 (nagios-plugins 2.0.3)
Connection: close
Host: <HOSTNAME>:443
Accept: */*


HTTP CRITICAL - No data received from host
I get these results, despite that I can cURL and wget the website just fine.

Code: Select all

[root@<NAGIOS> nagios]# curl -I https://<HOSTNAME>
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server:
X-AspNet-Version: 4.0.30319
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Date: Tue, 21 Jan 2020 15:19:08 GMT
Content-Length: 10825
(I used -I to save space, but the whole page returns if I ask for it)

-------------------------------------------------

Code: Select all

[root@<NAGIOS> nagios]# wget https://<HOSTNAME>
--2020-01-21 09:19:46--  https://<HOSTNAME>/
Resolving <HOSTNAME>... <IP>
Connecting to <HOSTNAME>|<IP>|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 10825 (11K) [text/html]
Saving to: “index.html”

100%[======================================================================================>] 10,825      --.-K/s   in 0s

As I finished writing this post, I thought to test another of the sites running on this server, and it worked.

Code: Select all

[root@<NAGIOS> nagios]# /usr/local/nagios/libexec/check_http -H <URL2> -f ok --ssl=1+ -p 443
HTTP OK: HTTP/1.1 200 OK - 955 bytes in 0.065 second response time |time=0.065191s;;;0.000000 size=955B;;;0
I don't even know what to ask at this point. What could possibly cause this? It just doesn't make sense to me that I can cURL the site, etc., but Nagios fails. Any ideas?
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: check_http keeps failing

Post by scottwilkerson »

Some servers require you to add the --sni flag

Code: Select all

 --sni
    Enable SSL/TLS hostname extension support (SNI)
Try

Code: Select all

/usr/local/nagios/libexec/check_http -H "<HOST>" -s "<STRING THAT'S THERE>" -f ok -S -p 443 --sni
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
wrobj0
Posts: 17
Joined: Fri Dec 20, 2019 2:47 pm

Re: check_http keeps failing

Post by wrobj0 »

That did the trick. Any idea why it's only required sometimes?
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: check_http keeps failing

Post by scottwilkerson »

wrobj0 wrote:That did the trick. Any idea why it's only required sometimes?
It depends on the requirements of the host being accesses.

Usually it relates to multiple SSL certificates on the same IP address.

https://en.wikipedia.org/wiki/Server_Name_Indication
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Locked