[Xymon] HTTPS monitoring, with different IP
Mark O. Stitson
mark at stitson.com
Sun Jun 21 16:50:39 CEST 2020
Have you tried the sni parameter, eg.
0.0.0.0 www.mysite.com.au # noconn httpstatus;https://mysite.com.au=10.0.0.23/;2.. sni
This is supported since 4.3.13.
Mark
-----Original Message-----
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Adam Goryachev
Sent: 21 June 2020 09:33
To: Xymon MailingList <xymon at xymon.com>
Subject: [Xymon] HTTPS monitoring, with different IP
I have a strange setup, my web server is behind a 1:1 NAT, and xymon is also behind the same router. The router doesn't support network pinning (ie, go out, and then translate on the way back in again), so the network test simply timeout.
I've found a "solution" which is to configure xymon to talk to the internal IP address instead of the external one, but instead of changing the DNS or using /etc/hosts file, I want to keep this change to the xymon config.
So currently I have this:
0.0.0.0 www.mysite.com.au # noconn httpstatus;https://mysite.com.au=10.0.0.23/;2..
This solves the problem for the http column (I get a green dot, and everything is OK), but I get a red dot for sslcert because xymon is looking at the wrong SSL certificate (not using SNI correctly).
I'm using the xymon package from debian version 4.3.28-5+deb10u1 in case that is relevant.
Is there a solution to have xymon correctly monitor the SSL certificate when using a different IP address?
Regards,
Adam
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
More information about the Xymon
mailing list