Monitor https of a URL

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
3essescape
Posts: 2
Joined: Fri Jan 15, 2021 3:54 am

Monitor https of a URL

Post by 3essescape »

Hi everyone, sorry for my english.
A few months ago I had opened a topic (https://support.nagios.com/forum/viewto ... =7&t=61311). I was shown how to fix the problem.
Now, however, I would need to always monitor the https but a URL (https://myhost.com/app/api/server/ping). Does anyone know if this is possible with Nagios Core?

Thank you in advance.
Andrea
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Monitor https of a URL

Post by mcapra »

The check_http plugin works with HTTPS:
http://nagios-plugins.org/doc/man/check_http.html

Code: Select all

     -S, --ssl=VERSION[+]
        Connect via SSL. Port defaults to 443. VERSION is optional, and prevents
        auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,
        1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.
     --sni
        Enable SSL/TLS hostname extension support (SNI)
     -C, --certificate=INTEGER[,INTEGER]
        Minimum number of days a certificate has to be valid. Port defaults to 443
        (When this option is used the URL is not checked by default. You can use
         --continue-after-certificate to override this behavior)
     --continue-after-certificate
        Allows the HTTP check to continue after performing the certificate check.
        Does nothing unless -C is used.
     -J, --client-cert=FILE
       Name of file that contains the client certificate (PEM format)
       to be used in establishing the SSL session
     -K, --private-key=FILE
       Name of file containing the private key (PEM format)
       matching the client certificate

...

    Examples:
     CHECK CONTENT: check_http -w 5 -c 10 --ssl -H www.verisign.com

     When the 'www.verisign.com' server returns its content within 5 seconds,
     a STATE_OK will be returned. When the server returns its content but exceeds
     the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,
     a STATE_CRITICAL will be returned.

     CHECK CERTIFICATE: check_http -H www.verisign.com -C 14

     When the certificate of 'www.verisign.com' is valid for more than 14 days,
     a STATE_OK is returned. When the certificate is still valid, but for less than
     14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when
     the certificate is expired.


     CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14
Some examples:

Code: Select all

# /usr/local/nagios/libexec/check_http -H 'www.httpvshttps.com'
HTTP OK: HTTP/1.1 200 OK - 37580 bytes in 0.084 second response time |time=0.084133s;;;0.000000 size=37580B;;;0
# /usr/local/nagios/libexec/check_http -H 'www.httpvshttps.com' -S
HTTP OK: HTTP/1.1 200 OK - 37940 bytes in 0.197 second response time |time=0.196890s;;;0.000000 size=37940B;;;0
# /usr/local/nagios/libexec/check_http -H 'www.httpvshttps.com' -p 80 -S
CRITICAL - Cannot make SSL connection.
140223796000688:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
# /usr/local/nagios/libexec/check_http -H 'www.httpvshttps.com' -p 80
HTTP OK: HTTP/1.1 200 OK - 37940 bytes in 0.084 second response time |time=0.084149s;;;0.000000 size=37940B;;;0
# /usr/local/nagios/libexec/check_http -H 'www.httpvshttps.com' -p 443 -S
HTTP OK: HTTP/1.1 200 OK - 37940 bytes in 0.148 second response time |time=0.147842s;;;0.000000 size=37940B;;;0
#/usr/local/nagios/libexec/check_http -H 'www.httpvshttps.com' -p 443 -S -C 14,3
SSL OK - Certificate '*.anthum.com' will expire on 2021-05-31 04:43 +0000/UTC. HTTP OK: HTTP/1.1 200 OK - 37580 bytes in 0.131 second response time |time=0.130992s;;;0.000000 size=37580B;;;0
The documentation you referenced in the previous post is still very valid; You're just passing different arguments to the check_http plugin (either in your service/host definition, or the command definition itself).
Former Nagios employee
https://www.mcapra.com/
Locked