- changed status to closed
SSL read errors when check https host with content on 302/301 http endpoint is used
I'm running monit 5.20.0. I've site https://test.sngp.co with 301 redirect to https://root.gen2.org, with this check:
check host test-gen2-org
with address test.gen2.org
alert monit@test.pagerduty.com but not on { instance, action }
group external
if failed port 443
protocol https
content = ".*"
for 3 cycles
then alert
It results in read erros in logs.
Dec 22 13:44:57 test monit[23354]: SSL: read error -- EOF
Dec 22 13:44:57 test monit[23354]: SSL: read error -- EOF
But check is passing all green:
Remote Host 'test-gen2.org'
status Online with all services
monitoring status Monitored
monitoring mode active
on reboot start
port response time 139.496 ms to test.gen2.org:443 type TCP/IP using SSL/TLS protocol HTTP
data collected Thu, 22 Dec 2016 14:16:01
If I'll remove content
, everything works fine. Looks like monit doesn't follow redirects. However, I've edge cases where content matters and I can't use HEAD only.
Comments (4)
-
repo owner -
reporter But check works overall, I've pasted output of monit status. Only issue is output in the logs. Any chance that can be silenced?
-
repo owner That is because by default the HTTP protocol test reports error only if the status is >= 400. Status response 3xx is not considered as error.
You can silence the log by splitting the content test as mentioned in previous response:
check no. 1: test that https://test.sngp.co responses but omit the content check (optionally require that the 301 status code is send, so you make sure the client gets redirect)
check no. 2: test the target https://root.gen2.org - here you can test the content
-
reporter - edited description
- Log in to comment
Yes, Monit doesn't support redirect - it allows to test, that the URL which should redirect really does so.
You can change the test to check for 301 status code for the https://test.sngp.co: https://mmonit.com/monit/documentation/monit.html#HTTP (so monit will make sure the URL works and the client will get redirect)
If you need to check the redirect target content (https://root.gen2.org), add second check to monit with this URL.