[f-nsp] ServerIron: complete ssl health check

[Chase Bolt]

Vlad, 

This is what my config looks like for SSL health check. It does a GET on a php page which simply outputs the word "alive" in the body, so the healthcheck looks for the word "alive" to determine if the server is up or down.

healthck web2 tcp
  dest-ip xx.xx.xx.xx
  port ssl
  protocol ssl 
  protocol ssl url "GET /healthcheck.php" 
  protocol ssl content-match alive 
  protocol ssl use-complete
  l7-check

server real web2 xx.xx.xx.xx
 port ssl
 port ssl healthck web2
 port ssl keepalive

http match-list alive
  default down
  up simple alive 



----- Original Message ----- 
From: "Vlad" <marchenko at gmail.com> 
To: foundry-nsp at puck.nether.net 
Sent: Tuesday, February 23, 2010 10:07:57 AM GMT -08:00 US/Canada Pacific 
Subject: [f-nsp] ServerIron: complete ssl health check 

Hello, 

I'm running 07.4.01kT12 on ServerIron and having trouble getting 
complete health check to work on https (SSL) port. 

Per documentation, by default SI performs simple health check on SSL 
port (i.e. L3 check plus a simple SSL Helo packet). This works good, 
but we want to improve monitoring so that it checks for our 
application to be running OK. so I added 

>no server use-simple-ssl-health-check 

as well as 

>server real NAME 
>port ssl keepalive 
>port ssl url "GET /app_status" 

at this point I see that ServerIron disables 443 port on the real 
server sporadically for a second, then enables it back and keep doing 
that until I revert back to simple ssl check. Note that same 
/app_status works just fine on http port, so it's not matter of 
application, there is some issue with establishing SSL connection 
between ServerIron and our web server. The SSL certificate we use is 
inexpensive $200 one from rapidssl.com. 

Does anyone know how to get it working with full healthcheck? 


-- Vlad 
_______________________________________________ 
foundry-nsp mailing list 
foundry-nsp at puck.nether.net 
http://puck.nether.net/mailman/listinfo/foundry-nsp