Host header ignored for SSL check
The following fails to check against proper virtual host:
if failed host localhost
port 443
protocol https
with http headers [Host: example.com]
request "/ping"
content == "pong"
timeout 10 seconds
for 1 cycles then restart
It requests and checks against https://localhost
instead of https://example.com
.
More on this issue here
Comments (3)
-
repo owner -
reporter I understand this and it certainly works. However, in my use case the
/ping
endpoint is only exposed to localhost. Checking it via suggested config will either require:- hosts file entry for example.com to point to 127.0.0.1 (a bit wrong for quite a few reasons)
- opening the
/ping
endpoint to external interface (own IP)
I'd like to avoid those and instead have the Monit request flow through localhost interface. I think it makes sense for the host in
with http headers
passed in configuration to take priority. -
I have similar issue, but for dns load-balanced servers. It is not possible to specify both SNI hostname and what server to check.
For example example.com resolves to 192.168.10.2 and 192.168.20.2.
if failed host example.com port 443 protocol https
will check both ip addresses, but I need to check example.com on both ip addresses individually, and
if failed host 192.168.10.2 port 443 protocol https
will not use SNI.
Current workaround is /etc/hosts, but this is not a solution.
- Log in to comment
Monit supports SNI for virtual SSL hosts, but takes the "host" value for it, not the HTTP header. The HTTP header is also set automatically, so the configuration can be simplified:
Please can you check if it works for you?