Big update on this and solution *nohack*
So how do you check a host with SNI ? like this :
openssl s_client -connect www.example.com:443 -servername www.example.com
works perfectly. And this made me think.
now back to the icinga1/2/nagios/etc check_http execution.
this is the correct way to use the command to check a webhost with sni
check_http -H www.example.com -S --sni
HTTP OK: HTTP/1.1 200 OK - 13667 bytes in 1.031 second response time
|time=1.031097s;;;0.000000 size=13667B;;;0
Now, -H stands for vhost but i guess in the context of sni it's somewhat the
same thing tho the documentation should be updated.
Here is a host object definition for such a check
sequence from hosts.conf
====
[...]
object Host www.example.com {
address www.example.com
vars.http_vhost = "www.example.com"
vars.http_sni = "true"
vars.server_type = "Web Servers"
vars[...] # any other required on-setup vars
}
[...]
and the check is simple .
sequence from a customservicechecks.conf *justanexamplename*
====
[...]
apply Service "https" {
import "generic-service"
check_command = "http"
vars.http_ssl = "true"
assign where host.vars.server_type == "Web Servers"
}
[...]
Now i don't know about nagios 1/2/3/4, this is icinga2 syntax but this
should be adaptable to nagios configs.
Yay and big thanks to Mr. Rob Stradling at openssl who (although unrelated
to nagios/icinga) gave me a very important hint.
Rock on \m/
--
Reply to this email on GitHub:
https://github.com/monitoring-plugins/monitoring-plugins/issues/1338#issuecomment-140439377
