[Xymon] Force HTTPS test to use specific IP address
John Horne
john.horne at plymouth.ac.uk
Sun Dec 8 23:35:15 CET 2019
On Sun, 2019-12-08 at 13:46 -0800, Steven Carr wrote:
> Hi guys,
>
> We're implementing a new web cluster fronted by a load-balancer, and I
> want to monitor the web service on each server in the cluster.
>
> If I have the config line as below, do I just need to add the command
> 'testip' so that the HTTPS request will be sent to 1.2.3.4? instead of
> attempting to resolve secure-website.com which would lead to the
> load-balancer IP being returned.
>
> 1.2.3.4 web-server1 # https://secure-website.com sni
>
No, for websites the 'testip' is ignored. Instead append the IP address to the
URL. Eg: https://secure-website.com=10.20.30.40
What we tend to do is test the actual server name, and then run a separate test
against the general DNS name (so going through the load-balancer). You will
need to configure your web server to handle access by the server name itself
(perhaps restricted to just being from your Xymon server), and the general name
used by users.
So something like:
10.20.30.5 web-server1 # https://web-server1.com/ ...
10.20.30.6 web-server2 # https://web-server2.com/ ...
1.2.3.4 web-lb # https://secure-website.com/ sni ...
So if users complain of not being able to reach the site, we can see if the
problem is the load-balancer or if there is a problem with the servers
themselves. We tend to add in things like 'httpd' to the 'procs' test for each
server as well, so we'll know if the httpd process has failed (rather than,
say, a network issue).
John.
--
John Horne | Senior Operations Analyst | Technology and Information Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
________________________________
[http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass>
This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, University of Plymouth accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. University of Plymouth does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.
More information about the Xymon
mailing list