1. Tildeslash Avatar Tildeslash
  2. Untitled project
  3. Monit
  4. Issues

SSL read errors when check https host with content on 302/301 http endpoint is used

Issue #530 closed
Szymon Szypulski created an issue

I'm running monit 5.20.0. I've site https://test.sngp.co with 301 redirect to https://root.gen2.org, with this check:

check host test-gen2-org
  with address test.gen2.org
  alert monit@test.pagerduty.com but not on { instance, action }
  group external
  if failed port 443
    protocol https
    content = ".*"
    for 3 cycles
    then alert

It results in read erros in logs.

Dec 22 13:44:57 test monit[23354]: SSL: read error -- EOF
Dec 22 13:44:57 test monit[23354]: SSL: read error -- EOF

But check is passing all green:

Remote Host 'test-gen2.org'
  status                       Online with all services
  monitoring status            Monitored
  monitoring mode              active
  on reboot                    start
  port response time           139.496 ms to test.gen2.org:443 type TCP/IP using SSL/TLS  protocol HTTP
  data collected               Thu, 22 Dec 2016 14:16:01

If I'll remove content, everything works fine. Looks like monit doesn't follow redirects. However, I've edge cases where content matters and I can't use HEAD only.

Comments (4)

  1. Tildeslash repo owner

    Yes, Monit doesn't support redirect - it allows to test, that the URL which should redirect really does so.

    You can change the test to check for 301 status code for the https://test.sngp.co: https://mmonit.com/monit/documentation/monit.html#HTTP (so monit will make sure the URL works and the client will get redirect)

    If you need to check the redirect target content (https://root.gen2.org), add second check to monit with this URL.

  2. Szymon Szypulski reporter

    But check works overall, I've pasted output of monit status. Only issue is output in the logs. Any chance that can be silenced?

  3. Tildeslash repo owner

    That is because by default the HTTP protocol test reports error only if the status is >= 400. Status response 3xx is not considered as error.

    You can silence the log by splitting the content test as mentioned in previous response:

    check no. 1: test that https://test.sngp.co responses but omit the content check (optionally require that the 301 status code is send, so you make sure the client gets redirect)

    check no. 2: test the target https://root.gen2.org - here you can test the content

  5. Log in to comment
Assignee
Type
bug
Priority
minor
Status
closed
Component
Monit
Version
Votes
0
Watchers
1