1. Tildeslash Avatar Tildeslash
  2. Untitled project
  3. Monit
  4. Issues

HTTPS failed because of redirect

Issue #305 resolved
Etienne Bruines created an issue

Using this configuration file:

 check host laedesign.nl with address www.laedesign.nl
   if failed host www.laedesign.nl  port 443 protocol https status 200 request "/" then alert
   if failed host laedesign.nl      port 443 protocol https status 301 request "/" then alert
   if failed host www.laedesign.nl  port 80  protocol http  status 301 request "/" then alert
   if failed host laedesign.nl      port 80  protocol http  status 301 request "/" then alert
   if 3 restarts with 3 cycles then timeout
   depend nginx

(In other words: everything redirects 301 to HTTPS and WWW, and the HTTPS+WWW-version shows the website)

However, the following happens for https://www.laedesign.nl: failed protocol test [HTTP] at [www.laedesign.nl]:443/ [TCP/IP SSL] -- HTTP error: Server returned status 301

However, I have no way to reproduce this. 

$ curl --http1.1 -4 https://www.laedesign.nl/ -I
HTTP/1.1 200 OK
Server: nginx/1.9.6
Date: Mon, 28 Dec 2015 23:21:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Pingback: https://www.laedesign.nl/xmlrpc.php

$ curl --http2 -4 https://www.laedesign.nl/ -I
HTTP/2.0 200
server:nginx/1.9.6
date:Mon, 28 Dec 2015 23:31:34 GMT
content-type:text/html; charset=UTF-8
x-pingback:https://www.laedesign.nl/xmlrpc.php

(I'm not sure if the configuration file I use is "the way to go" to monitor different websites on the same server, but it works for me)

The problem is that curl (and pretty much every browser) sees the website return status 200, except Monit thinks it receives an error 301.

Comments (6)

  3. Tildeslash repo owner

    fix Issue #305 : don't set the port in the HTTP Host header for default HTTPS URL scheme port (443)

    The RFC2616 section "14.23 Host" describes that the default port is 80 for HTTP scheme, same applies for HTTPS scheme and default port 443, even though not explicitly mentioned in RFC. Tested with wget and cURL and both ommit the port if HTTPS:443 is used.

    → <<cset 4e48d936899f>>

  5. Tildeslash repo owner

    Monit set the Host header including the (optional) port:

    Host: www.laedesign.nl:443

    Whereas curl (and wget) sends the Host header without the default port:

    Host: www.laedesign.nl

    When port was included, the target webserver returned 301.

    We have fixed the problem, there are two workarounds for existing monit version:

    1. either modify the webserver configuration to find the correct host even if port is included

    2. or set explicit host header in monit:

      if failed port 443 protocol https with http headers [host: www.laedesign.nl] then alert

  7. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Component
Monit
Version
Votes
0
Watchers
1