check_http - ssl no signed certificate - string search

[dslaughter]

I need to monitor a https web site and look for a string. I'm trying to use check_http. This server does not have a signed cert.

If I only check for the page load it succeeds.
/usr/local/nagios/libexec/check_http -H 3.1.1.1 -f ok -I 3.1.1.1 -u "/provisioning" -S --sni -p 8443
HTTP OK: HTTP/1.1 302 Moved Temporarily - 175 bytes in 0.015 second response time |time=0.014650s;;;0.000000 size=175B;;;0

If I check for a string I get string not found.
/usr/local/nagios/libexec/check_http -H 3.1.1.1 -f ok -I 3.1.1.1 -u "/provisioning" -S --sni -p 8443 -s 'Accelerator'
HTTP CRITICAL: HTTP/1.1 302 Moved Temporarily - string 'Accelerator' not found on 'https://3.1.1.1:8443/provisioning' - 175 bytes in 0.015 second response time |time=0.014747s;;;0.000000 size=175B;;;0

If I check with a regex I get pattern not found.
/usr/local/nagios/libexec/check_http -H 3.1.1.1 -f ok -I 3.1.1.1 -u "/provisioning" -S --sni -p 8443 -Rl '.*Accelerator.*'
HTTP CRITICAL: HTTP/1.1 302 Moved Temporarily - pattern not found - 175 bytes in 0.015 second response time |time=0.014739s;;;0.000000 size=175B;;;0

I don't see an option to dump the page output the check is using. If there was an option I could verify what check_http collects and I see if it's what's expected.

The server is running https on alternative port. There isn't a signed certificate so you get the warning when using a browser. I used developer tools to verify the string is in the output.

Can you help me configure the check correctly?

[mbellerue]

It's giving an HTTP 302 code each time. When you put the URL in your browser, using the IP address, does the URL change at all? Do you get a 302 in the developer tools when you try to load the page?

[dslaughter]

The url does not change. I think the 302 may be caused by the unsigned cert warning. If I use a browser and an exception is added for the unsigned cert the desired page loads with a 200. I do not see the 302 in developer tools.

[mbellerue]

Try adding -v to your command. That should dump exactly what the command is seeing.

[dslaughter]

Sorry for the late reply. I had vacation over the holidays.

I tried -v and this is what I got.

option f:0
SSL initialized
GET /provisioning HTTP/1.1
User-Agent: check_http/v2.2.1 (nagios-plugins 2.2.1)
Connection: close
Host: 3.1.1.1:8443
Accept: */*


https://3.1.1.1:8443/provisioning is 175 characters
STATUS: HTTP/1.1 302 Moved Temporarily
**** HEADER ****
Location: https://3.1.1.1:8443/provisioning/
Date: Mon, 06 Jan 2020 14:19:25 GMT
Connection: close
Server: TangoProvisioningServer
**** CONTENT ****

HTTP OK: HTTP/1.1 302 Moved Temporarily - 175 bytes in 0.015 second response time |time=0.015185s;;;0.000000 size=175B;;;0


When I do a wget I see this.

wget --no-check-certificate https://3.1.1.1:8443/provisioning
--2020-01-06 14:21:36-- https://3.1.1.1:8443/provisioning
Connecting to 3.1.1.1:8443... connected.
WARNING: cannot verify 3.1.1.1's certificate, issued by ‘/C=US/ST=Texas/L=Frio/O=Tango /OU=z1-1/CN=z1-1/emailAddress=z1-1’:
Self-signed certificate encountered.
WARNING: certificate common name ‘z1-1’ doesn't match requested host name ‘3.1.1.1’.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://3.1.1.1:8443/provisioning/ [following]
--2020-01-06 14:21:36-- https://3.1.1.1:8443/provisioning/
Reusing existing connection to 3.1.1.1:8443.
HTTP request sent, awaiting response... 200 OK

So it looks like the 302 is sent because of the self signed cert. Is there a way to get the 200 after the 302?

[dslaughter]

I think I figured it out. If I use -f stickyport I get the result I'm looking for.

/usr/local/nagios/libexec/check_http -H 3.1.1.1 -f ok -I 3.1.1.1 -u "/provisioning" -S --sni -p 8443 -f stickyport -s Accelerator

HTTP OK: HTTP/1.1 200 OK - 4133 bytes in 0.043 second response time |time=0.043200s;;;0.000000 size=4133B;;;0

I'm going to test this today and if it goes well we can close this tomorrow.

[mbellerue]

Awesome! Thanks for posting that back here. We will keep this thread open and wait to hear back.

[dslaughter]

Sorry for the late reply. All is good. Lock it.