Ipv6 issue with url check

Issue #190 resolved
xfs
created an issue

Since ipv6 support was introduced, I am having issues similar to the ipv6 issue that was solved by allowing ipv4 or ipv6 on port checks and ping checks. This needs to be added to url checks however, as my system gets a valid ipv6 ip, but does not have a route to ipv6 so I need to check ipv4 only.

EDT Apr 27 12:57:27] debug    : Socket test failed for [10.10.10.10]:443 -- HTTP: error sending data -- Success
[EDT Apr 27 12:57:27] debug    : Socket test failed for [FE80::0202:B3FF:FE1E:8329]:443 -- Network is unreachable
[EDT Apr 27 12:57:27] debug    : Socket test failed for [FE80::0202:B3FF:FE1E:8329]:443 -- Network is unreachable
[EDT Apr 27 12:57:27] error    : 'example.com' failed protocol test [HTTP] at [example.com]:443/token [TCPSSL/IP] -- Network is unreachable

Comments (8)

  1. Tildeslash repo owner

    I'm not sure what exactly the problem is ... according to the debug output, your host resolved to two interfaces: 10.10.10.10 (IPv4) and because it failed, monit tried the next one: FE80::0202:B3FF:FE1E:8329 (IPv6), but it failed too => the test would fail even if the host resolved to IPv4 only.

  2. xfs reporter

    Well, true, but trying to get to the bottom of this, and ipv6 will not work with this server. I didn't see a way to use the url check to only use ipv4.

  3. xfs reporter

    I'm also getting this which seems odd..

    [EDT Apr 27 12:57:27] error    : SSL: write error -- error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
    [EDT Apr 27 12:57:27] debug    : Socket test failed for [10.10.10.10]:443 -- HTTP: error sending data -- Success
    [EDT Apr 27 12:57:27] error    : SSL: write error -- error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
    [EDT Apr 27 12:57:27] debug    : Socket test failed for [10.10.10.10]:443 -- HTTP: error sending data -- Success
    
  4. Tildeslash repo owner

    It's not possible to set resolving to IPv4 only on monit ... you can either use the IP address in the URL check directly (if possible) or if your machine doesn't use IPv6, you may disable it completely - Monit uses AI_ADDRCONFIG flag when it resolves the hostname using getaddrinfo() ... if the machine has no IPv6 interface, then this option will make getaddrinfo() to not return the IPv6 addresses at all.

    Regarding the SSL error ... it seems as SSL version or ciphers incompatibility - please can you post full test from monit configuration file which produces this error? Also which Monit version it is? (monit -V) and what OpenSSL version it is linked to?

  5. xfs reporter

    Is there a way to ignore the ipv6 failure?

    Monit version is 5.13

    This is Monit version 5.13
    Copyright (C) 2001-2015 Tildeslash Ltd. All Rights Reserved.
    

    The check is as follows,

    check host example.com with address example.com
      if failed url https://example.com/token with timeout 15 seconds for 3 cycles then alert
    

    If you would like I can send you the actual address in private, but the url is behind cloudflare, so anything with SSL through cloudflare should suffice.

    Version of openssl from ubuntu utopic:

    openssl:amd64/utopic-security 1.0.1f-1ubuntu9.4

  6. Tildeslash repo owner

    Thanks for data. Please can you send the real address to support@mmonit.com?

    The Monit version 5.13 was not officially released yet ... if you use the development source code from bitbucket, it may yet change before the final version is finished.

  7. Log in to comment