-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connection refused in HTTPS #8
Comments
We can try several things.
|
If HTTPs check usually works, do you think it may be caused by the HTTPs certificate ? I'm using Cacert Class 3 Root. I'm using Shinken, by the way, but that should be irrelevant if the plugin works in HTTP and works well in Nagios and Centreon. |
Yes, shinken is irrevelant. Plugins should be able to run with command line without any problem. So it looks more like a bug with https connection managmenet in perl's LWP module. So we may try some things: On the http protocol settings here: https://github.com/regilero/check_nginx_status/blob/master/check_nginx_status.pl#L206-209 We can try to tweak the SSL settings with a few options: my $ua = LWP::UserAgent->new( protocols_allowed => ['http', 'https'], timeout => $o_timeout ); $ua->ssl_opts( verify_hostname => 0 ); $ua->ssl_opts( SSL_ca_file => 'name_of_ca_file' ); $ua->ssl_opts( SSL_ca_path => 'path_to_certificate_auth_file' ); details here http://search.cpan.org/~gaas/libwww-perl-6.05/lib/LWP/UserAgent.pm The first one, verify_hostname disabled may be enough. You may also add on this region: $ENV{HTTPS_DEBUG} = 1; And maybe on top you could try a: use LWP::Protocol::https as it seems this part of LWP as been removed from defaults. |
Oh, thanks ! So, just by disabling verify_hostname, it works ! Thank you again ! :) |
But it's like your SSL certificate was not using the right name. Which is not the case, I think. So it's more that Perl doesn't know how to check for this name validity. Or maybe there's a problem with local DNS resolution. Maybe from the monitoring server a DNS query on this domain name will not return the right IP, maybe an IP where the SSL resolution would not be the same? I'd like to understand. I'll certainly add an option to remove name validation on ssl, but I would prefer understanding the problem :-) |
Hum, no, there is no problem with local DNS resolution, and remember that the plugin works in HTTP with the "-H servername" form. I really don't understand. Try to launch: Except the fact that you'll get a 403 error, only the first command will work. |
From an external server I get a 403 erverytime. Now you use two names |
I monitor from an external server, and I never get a 403. So I really think the error come from the lib. I'm on Debian wheezy, and I install LWP with the Debian packages libwww-perl. I mixed two domains, sorry about that, but they are both on the same server with the same wildcard certificate. |
I think it can't be a server-side problem, because I don't get any log. When i use
I have an entry in the nginx access.log:
When I use:
I have nothing in access.log nor error.log. |
Yes, thanks for details. But a wildcard certificate is maybe a good hint on the problem. SSL negociation, by default, works better with single name virtualhosts, as it happens before the name-virtualhost negociation. So this is maybe the reason of the 500 errors. About the logs, are you sure all your nginx virtualhosts, even the default one, have logs? Check everywhere. But here we have a big abstraction level with LWP... and abstractions leaks. Hard to debug. Maybe, if you have some spare time for it, you could get a trace using methods explained in the code sample here: http://search.cpan.org/dist/libwww-perl/lib/LWP/Debug.pm There's maybe a simple way have having debug adding this block in the code, before line 206: BEGIN { $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0; #or 1 $ENV{HTTPS_DEBUG} = 1; #Add debug output } I'll make a change on code for the |
Yes, all nginx virtualhosts have logs. I search everywhere, nothing. I think nginx doesn't log connections, just requests. Adding theses lines doesn't change anything. Unfortunatly, I don't have much time right now to trace everything. |
OK, thanks for the detective work. I hope you have a working configuration, at least. |
Thank you for the help ! |
Had them same trouble even i set up: Trouble exists :( |
When I try to check on server in HTTPs, I get an error :
The strange thing is that I don't even see a line in the Nginx log on my server. I don't see where the connection fails.
Do you have any idea ? I'm not familiar enought with Perl :(
Your plugin is great, thanks :)
The text was updated successfully, but these errors were encountered: