[f-nsp] ServerIron: complete ssl health check

Vlad marchenko at gmail.com
Tue Mar 2 12:40:58 EST 2010


Unfortunately, it didn't work - same results, SSL ports are marked as 
FAIL as soon as I enable healthcheck policy. I wonder if there is a way 
to debug health-check and see more detailed info when it's performed, 
besides standard port X is down due to healthcheck?

On 2/25/2010 7:03 PM, Chase Bolt wrote:
> Vlad,
>
> This is what my config looks like for SSL health check. It does a GET on a php page which simply outputs the word "alive" in the body, so the healthcheck looks for the word "alive" to determine if the server is up or down.
>
> healthck web2 tcp
>    dest-ip xx.xx.xx.xx
>    port ssl
>    protocol ssl
>    protocol ssl url "GET /healthcheck.php"
>    protocol ssl content-match alive
>    protocol ssl use-complete
>    l7-check
>
> server real web2 xx.xx.xx.xx
>   port ssl
>   port ssl healthck web2
>   port ssl keepalive
>
> http match-list alive
>    default down
>    up simple alive
>
>
>
> ----- Original Message -----
> From: "Vlad"<marchenko at gmail.com>
> To: foundry-nsp at puck.nether.net
> Sent: Tuesday, February 23, 2010 10:07:57 AM GMT -08:00 US/Canada Pacific
> Subject: [f-nsp] ServerIron: complete ssl health check
>
> Hello,
>
> I'm running 07.4.01kT12 on ServerIron and having trouble getting
> complete health check to work on https (SSL) port.
>
> Per documentation, by default SI performs simple health check on SSL
> port (i.e. L3 check plus a simple SSL Helo packet). This works good,
> but we want to improve monitoring so that it checks for our
> application to be running OK. so I added
>
>    
>> no server use-simple-ssl-health-check
>>      
> as well as
>
>    
>> server real NAME
>> port ssl keepalive
>> port ssl url "GET /app_status"
>>      
> at this point I see that ServerIron disables 443 port on the real
> server sporadically for a second, then enables it back and keep doing
> that until I revert back to simple ssl check. Note that same
> /app_status works just fine on http port, so it's not matter of
> application, there is some issue with establishing SSL connection
> between ServerIron and our web server. The SSL certificate we use is
> inexpensive $200 one from rapidssl.com.
>
>    
-- vlad




More information about the foundry-nsp mailing list