Hi,
I have a site that's currently SSL off-loaded to an F5 load balancer.
This simple HTTP only check from CLI works fine:
# check_http -s "string_to_check" -H http://www.foo.com -I 10.0.0.100 -u "/foo/content"
But this HTTPs gives "CRITICAL - Socket timeout after 10 seconds" error:
# check_http -s "string_to_check" -H http://www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443
But if I terminate the SSL all the way to the web server, the above works.
Is there a special way to monitor SSL sites terminated on the load balancer?
Thanks for any info.
monitoring sites with SSL terminated on the LB
Re: monitoring sites with SSL terminated on the LB
btw, i'm using nagios xi.
but this works on nagios core 2.9
but this works on nagios core 2.9
Re: monitoring sites with SSL terminated on the LB
Are you sure the web address is still http instead of https?decp wrote:check_http -s "string_to_check" -H http://www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443
Code: Select all
check_http -s "string_to_check" -H https://www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
Re: monitoring sites with SSL terminated on the LB
i tried that:
check_http -s "string_to_check" -H https://www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443
and
check_http -s "string_to_check" -H http://www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443
check_http -s "string_to_check" www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443
still getting that same error.
check_http -s "string_to_check" -H https://www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443
and
check_http -s "string_to_check" -H http://www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443
check_http -s "string_to_check" www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443
still getting that same error.
Re: monitoring sites with SSL terminated on the LB
the site responds to both http and https if that's what you're asking?abrist wrote: Are you sure the web address is still http instead of https?Code: Select all
check_http -s "string_to_check" -H https://www.foo.com -I 10.0.0.100 -u "/foo/content" -S -p 443
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: monitoring sites with SSL terminated on the LB
can you run it like this
Code: Select all
check_http -s "string_to_check" -H www.foo.com -u "/foo/content" -S -p 443Re: monitoring sites with SSL terminated on the LB
scottwilkerson wrote:can you run it like this
Code: Select all
check_http -s "string_to_check" -H www.foo.com -u "/foo/content" -S -p 443
same error - CRITICAL - Socket timeout after 10 seconds
but it works fine on nagios core 2.9, weird.
Re: monitoring sites with SSL terminated on the LB
Is this website protected by any type of auth (even basic)?
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
Re: monitoring sites with SSL terminated on the LB
No.abrist wrote:Is this website protected by any type of auth (even basic)?
Is there a log somewhere that I can check? or some debug level I can turn on?
Re: monitoring sites with SSL terminated on the LB
You can check the ssl_access_log and ssl_error_log.
Code: Select all
tail -25 /var/log/httpd/ssl_access_log
tail -25 /var/log/httpd/ssl_error_logFormer Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.