check_httpv2: Add ability to check a vhost on an IP/host that differs from the vhost's DNS record
As per https://forum.checkmk.com/t/cre-2-3-new-httpv2-check-missing-option-for-different-hostname-ip/46595 :
With the old check_http check, it was possible to monitor a website/vhost on a server, even if the domain for this website/vhost points to a different IP in the DNS.
The new check_httpv2 seems to ignore which host it is configured on, and only uses the domain name of the to-be-checked URL to decide which machine to run the check against. There are cases where this cannot achieve the desired result (please see the forum thread for details, as here I am limited to 1000 characters).
My use case: Monitoring a website on a server, where the website is behind a cloudflare reverse proxy, and I want to monitor both directly on the server and going through cloudflare. The former is not possible with the new check, forcing me to keep using the legacy check (which lacks other functionality like HTTP/2).
Comments: 7
-
01 Jul
ggrippI have a very similar use case. When monitoring HA websites, it's very useful to check every balance member behind the load balances separately. For this, I need to check the target URL on a specific IP with the corresponding virtual host header.
3
Please bring back this feature! -
15 Jul
MikeNew plugin is not compatibile with previous one.
2
This is essential feature. -
31 Jul
KlausIt would be good if this were also implemented in the certificate check.
2
The principle is as follows:
openssl s_client -connect <IP>:443 -servername <vhost> -
08 Aug
Gabriel Guillem Barcelo SoterasThe transition from check_http (v1) to check_httpv2 has been met with criticism due to perceived downgrades in functionality. The deprecation of v1 appears to be premature, as v2 does not offer full feature parity. Consequently, we will remain on version checkmk 2.3 with check_http (v1) and await further developments in v2.
For further details, refer to Checkmk Werk #15515. https://checkmk.com/werk/15515 -
17 Aug
DMWould also be good if the frontend would expose the ability to restrict the check to ipv6 or ipv4 - the plugin already has a --force-ip-version option, but I don't see how to consume it in WATO.
-
05 Sep
Jamie Murphyuntil check_httpv2 feature matches check_httpv1 it should not be disabled as configuration option in checkmk 2.4.0.
1
the legacy check was useful for many reasons.
could set the ip to connect to. so if a host has multiple ips and you need to check a http service on a specific ip it would let you override it.
could set vhost. useful as described above -
09 Oct
LalufuIn an HTTPS check, there are at least three different host names:
1. The name which resolves to the IP address to which the TCP connection is established
2. The name sent by the client in the TLS handshake (the SNI)
3. The name sent in the HTTP `Host` header
These all _can_ be the same, but they don't have to be, and especially for monitoring at least being able to separate the first two is important. Having the third would be nice.
For generic certificate checks only the first two apply.
Neither of the new `check_httpv2` or `check_cert` checks seem to be able to make this distinction. `check_http` can at least distinguish 1 and 2, although it seems to always use the same value for 2 and 3.
This is causing me some trouble in trying to move away from a very old cmk installation.