Forum Discussion

Fernando_M's avatar
Fernando_M
Icon for Altocumulus rankAltocumulus
Oct 06, 2023
Solved

F5 health 443 monitor issue with Atlassian Conluence

Hello F5 team,

I'm working currently in Upgrade project of Atlassian confluence, 443 port configuration is done from server side where confluence version is 8.5 and Apache Tomcat 9.0.76

the URLs with https are working well localy (from the server) and certificat (generated through a keystore) is trusted

but F5 Big Ip could not detect that https port is open (color still in RED) where TCP is open and his color is green

I already tested other webservers like IIS and F5 could detect https via https monitor

Do you have any idea please about this issue and how I can troubleshoot this please ?

Thank's

 

application delivery
security
  • f51's avatar
    f51
    Oct 09, 2023

    Troubleshooting this issue may require a few different steps. Firstly, it's important to verify that the HTTPS service is indeed running on the correct port on your Confluence server and it's accessible from the F5 device. You can do this by trying to connect to the HTTPS service from the F5 device using tools like curl or telnet.

    If the service is reachable but F5 still shows it as down, the issue could be related to the F5's monitor configuration. The monitor is the component that checks the health of your pool members. In your case, you're using an HTTPS monitor, which not only checks if the service is running, but also tries to establish an SSL handshake. If the SSL handshake fails, the monitor will mark the service as down.

    Here are a few things you could check:

    1. SSL Profile Settings: Check if the correct SSL profile is associated with your HTTPS monitor. The SSL profile should match the SSL settings of your Confluence server.

    2. Certificate Validation: The F5 HTTPS monitor will validate the server's SSL certificate by default. If your certificate is self-signed or issued by a private CA, you need to import the CA's certificate into F5 and associate it with your HTTPS monitor.

    3. Monitor Send String: The send string is the HTTP request the monitor sends to your server. Make sure this request is valid for your server.

    4. Monitor Receive String: This is the string the monitor expects to receive from your server. If the server's response doesn't include this string, the monitor will mark the service as down.

    If none of these suggestions help, I'd recommend reaching out to F5 Support for further assistance.





1 Reply

Sort By
  • f51's avatar
    f51
    Icon for Cirrostratus rankCirrostratus
    Oct 09, 2023

    Troubleshooting this issue may require a few different steps. Firstly, it's important to verify that the HTTPS service is indeed running on the correct port on your Confluence server and it's accessible from the F5 device. You can do this by trying to connect to the HTTPS service from the F5 device using tools like curl or telnet.

    If the service is reachable but F5 still shows it as down, the issue could be related to the F5's monitor configuration. The monitor is the component that checks the health of your pool members. In your case, you're using an HTTPS monitor, which not only checks if the service is running, but also tries to establish an SSL handshake. If the SSL handshake fails, the monitor will mark the service as down.

    Here are a few things you could check:

    1. SSL Profile Settings: Check if the correct SSL profile is associated with your HTTPS monitor. The SSL profile should match the SSL settings of your Confluence server.

    2. Certificate Validation: The F5 HTTPS monitor will validate the server's SSL certificate by default. If your certificate is self-signed or issued by a private CA, you need to import the CA's certificate into F5 and associate it with your HTTPS monitor.

    3. Monitor Send String: The send string is the HTTP request the monitor sends to your server. Make sure this request is valid for your server.

    4. Monitor Receive String: This is the string the monitor expects to receive from your server. If the server's response doesn't include this string, the monitor will mark the service as down.

    If none of these suggestions help, I'd recommend reaching out to F5 Support for further assistance.