- edited description
Monit using HTTP for check which has protocol set as HTTPS
I'm trying to monitor a VHost on the local Apache instance via Monit. The same domain accepts both http and https traffic, so I wanted to monitor both.
The main problem I seem to be running into, is even though I configure Monit to monitor the host via both http and https protocols, it monitors both hosts via just http, however the port is set to 8443 for the one I need using https protocol.
Note: HTTP uses 880 and HTTPS uses 8443
The Monit config file for Apache is:
check process httpd with pidfile /var/run/httpd/httpd.pid
start program = "/bin/systemctl restart httpd.service" with timeout 60 seconds
stop program = "/bin/systemctl stop httpd.service"
check host localhost with address localhost
if failed
port 880
protocol http
with http headers [Host: www.domain.com, Cache-Control: no-cache]
and request / with content = "www.domain.com"
then restart
if failed
port 8443
protocol https
with http headers [Host: www.domain.com, Cache-Control: no-cache]
and request / with content = "www.domain.com"
then restart
if 5 restarts within 5 cycles
then timeout
And here's the Monit status for that check:
[root@server enabled-monitors]# monit status localhost
The Monit daemon 5.14 uptime: 14m
Remote Host 'localhost'
status Connection failed
monitoring status Monitored
port response time FAILED to [localhost]:8443/ type TCPSSL/IP protocol HTTP
port response time 0.001s to [localhost]:880/ type TCP/IP protocol HTTP
data collected Tue, 26 Apr 2016 10:44:32
So it's fairly obvious to me that the https is failing because its still trying to use port HTTP, even though I have protocol https in the configuration.
Any input would be much appreciated. I have a feeling this may be a bug, and ill create an issue in the Monit Github repo, but I wan't to make sure it's not something silly that I overlooked.
Thanks!
P.S. If this turns out not being a bug, then I apologize, I did create a few S/O threads (in different S/O websites), and there's been no responses at all after 2 days, and I kinda need this working now
P.S.S. The server get the traffic through HAProxy, and I want to test the VHost directly on the local Apache instance. So thats why I'm having it check localhost, and setting the Host header to the vhost domain. Which seems to work with curl, but could that be part of it? I wouldnt think so, I think its just using the wrong protocol, since in the monit status output, it says FAILED to [www.domain.com]:8443/ type TCPSSL/IP protocol HTTP (I would think it should say HTTP**S on the end)
I really hope that's not the issue, since YUM only has version 5.14, and the SSL options were added per the Monit changelog, the SSL options (which include the ability to disable verification) was added at v5.15
If it is due to the request going to localhost, thus breaking the SSL cert verification, I think version 5.15 would allow me to override that.. I see I can download the repo code for v5.15 and manually compile/install it, but is there an RPM somewhere? I need to automate this installation and everything.
Comments (8)
-
reporter -
reporter - edited description
-
reporter - edited description
-
reporter I followed the steps here to get monit 5.15 setup, and I got it installed. So now im trying to override the SSL verification, but I also need to set the HTTP headers. Im not sure what the syntax is for two with statements for one protocol, I dont see it in the documentation (may have overlooked it)
I tried all of the following:
# with ssl; with headers check host localhost with address www.domain.com if failed port 8443 protocol https with ssl options {verify: disable} with http headers [Host: www.domain.com, Cache-Control: no-cache] and request / with content = "www.domain.com" then restart # with ssl; headers check host localhost with address www.domain.com if failed port 8443 protocol https with ssl options {verify: disable} http headers [Host: www.domain.com, Cache-Control: no-cache] and request / with content = "www.domain.com" then restart # with ssl; and headers check host localhost with address www.domain.com if failed port 8443 protocol https with ssl options {verify: disable} and http headers [Host: www.domain.com, Cache-Control: no-cache] and request / with content = "www.domain.com" then restart # with ssl and with headers check host localhost with address www.domain.com if failed port 8443 protocol https with ssl options {verify: disable} and with http headers [Host: www.domain.com, Cache-Control: no-cache] and request / with content = "www.domain.com" then restart
They all throw the error
/etc/monit.d/enabled-monitors/httpd.cfg:17: syntax error 'http headers ' However when I try without the
with ssl options {verify: disable}
line, and specify justwith http headers [Host: www.domain.com, Cache-Control: no-cache]
, I get no syntax errors, and vice versa -
repo owner - changed status to closed
The log:
port response time FAILED to [localhost]:8443/ type TCPSSL/IP protocol HTTP port response time 0.001s to [localhost]:880/ type TCP/IP protocol HTTP
is correct based on your config. In the first line, 'TCPSSL' means the connection is over SSL. It could be more helpful if it said
protocol HTTPS
to make this clearer. So your config seems fine. To figure out whyhttps
fails, run Monit in verbose mode so it print output to the consolemonit -Iv
. This is most likely a configure issue, such as an old openssl library or you need to use the newwith ssl options {verify: disable; selfsigned: allow}
. Something like thisif failed port 443 protocol https and request / with content = "www.domain.com" with ssl options {verify: disable; selfsigned: allow} then alert
I'm closing this issue as this issue tracker is reserved for bug reports and incidents and not for support. It it turns out to be a bug, feel free to open this issue again.
-
reporter Ok, can you help me out with the syntax then?
check host localhost with address www.domain.com if failed port 8443 protocol https with ssl options {verify: disable} with http headers [Host: www.domain.com, Cache-Control: no-cache] and request / with content = "www.domain.com" then restart
Im trying to configure the
ssl options
and thehttp headers
, but it throws an error if they're both in there, but either one by itself works.I tried with/with; with/and with; and a few others (in my comment above)
thanks!
-
repo owner check host localhost with address www.domain.com if failed port 8443 protocol https with http headers [Host: www.domain.com, Cache-Control: no-cache] and request / with content = "www.domain.com" ssl options {verify: disable, selfsigned:allow} then restart
Indented statements which belongs together.
ssl options
is not part of theprotocol https...
statement, but is a standalone statement. Hopefully clearer if you look at the protocol http statement in the manual here -
repo owner - removed version
Removing version: 5.14 (automated comment)
- Log in to comment