Forum Discussion

Greg__33907's avatar
Greg__33907
Icon for Nimbostratus rankNimbostratus
Oct 15, 2008

HTTPS monitor on a specific port

Hey guys,

 

 

I've had a read through the forums but havent found anything that can help.

 

 

I am using an LTM running v4.6.4

 

 

I am trying to monitor a node using https to a specific port (in this case 11789)

 

 

A standard https monitor to the x.x.x.x:11789 node works with a request of

 

 

GET /portal/page/status

 

 

so long as there is no set receive string.

 

 

However the moment I specify the correct read string "PPE is working." it marks it down.

 

 

Looking at this through my browser it works correctly but the LTM won't have any of it. Does anyone know how I can check what the LTM is seeing or know what I may be doing wrong?

 

 

Many thanks

 

 

Greg

3 Replies

  • You can enable debug on the monitoring daemon, bigd:

     

     

     

    https://support.f5.com/kb/en-us/products/big-ip_4_x/manuals/product/bigip4_5_10ref/bigip_ApxKeys.html1042705

     

     

    bigd keys

     

     

    The bigd keys control the health monitors. If you change one of these values, you must re-initialize the system as follows:

     

     

    bigstart reinit bigd

     

     

    Common.Bigip.Bigd.Verbose = 0

     

    Set to non-zero to cause bigd to generate output to debug file.

     

     

    Common.Bigip.Bigd.SimulatePings = 0

     

    Set to non-zero to cause bigd to generate pings but not report results to the kernel.

     

     

    Common.Bigip.Bigd.RecvMatchAll = 0

     

    Set to non-zero to cause bigd to allow any response from the node as a receive match.

     

     

    Common.Bigip.Bigd.NodePingOff = 0

     

    Set to non-zero to turn off (noisy) bigd node pings. Service pings are still enabled.

     

     

    Common.Bigip.Bigd.NodePingTcp = 0

     

    Set to non-zero so that the gateway pinger uses TCP pings rather than ICMP pings.

     

     

    Common.Bigip.Bigd.HostLookup = 0

     

    Set to non-zero to allow bigd to do host lookups.

     

     

    Common.Bigip.Bigd.DbgFile = "/var/log/bigdlog."

     

    Open a debug output (log) file for bigd..

     

     

     

     

    Also, you shouldn't need to specify the port in the monitor as long as the pool member is defined on the correct port. The monitor check will be performed on the pool member's port.

     

     

    Aaron
  • Well, if that doesnt work, there one thing you can try, creating a custom monitor using "cURL" it some times so happens that the cert negotiation of the openssl installed doesnt work well. In that case, when we set a send string and the string is encrypted, the server is not able to undertand it and vice versa this can be a problem on the server side as well...

    I have tried this on a 9.X not sure if you have the option to create one on the 4.5 version but you can write a shell script and call it from you monitor

    Before trying this out, you can manually try out if this will work, from the CLI of the bigip execute

    Say your send string is /test.html

    And your recieve string is "I am Up"

    The member IP is 1.1.1.10 and port is 4433

    execute this

    curl -k https://1.1.1.10:4433/test.html

    The "-k" specifies anyauth mechanism (Real Curl man page for details)

    Hit Enter, If you get " I am up' then you should think of going for this solution

    You can go to /usr/bin/monitors

    Use VI editor and name it some thing may be "https-curl"

    
    !/bin/sh
    TMPFILE="/var/run/`basename ${0}`.${NODE}_${PORT}.pid"
     kill of the last instance of this monitor if hung and log current pid
    if [ -f $TMPFILE ]
    then
       kill -9 `cat $TMPFILE` > /dev/null 2>&1
    fi
    echo "$$" > $TMPFILE
    
    NODE=`echo ${1} | sed 's/::ffff://'`
    PORT=${2}
    
     send request & check for expected response
    curl -k http://${NODE}:${PORT}${URI} | grep -i "${RECV}" 2>&1 > /dev/null
    
     mark node UP if expected response was received
    if [ $? -eq 0 ]
    then
        echo "UP"
    fi
    
    rm -f $PIDFILE
    exit
    

    You can modify the Curl to suit your needs...

    make this executable for every one using chmod 777 /usr/bin/monitors/https-curl

    Once you have the script in place you can now call it for your custom monitor

     
     monitor mycustommonitor { 
     run "https-curl" 
     URI "/test.html" 
     RECV "I am UP" 
     } 
     

    Associate this with your pool which you are having the problem, you can test the work of the monitor by exporting the variables and then using sh -xv to execute this

    Hope this helps
  • A lot of applications require a properly-formatted HTTP 1.1 request for the monitor to work. Your browser is supplying that by default, along with host headers, etc.

    So try modifying the GET string to:

      
      GET /portal/page/status HTTP/1.1\n\nHost:www.hostname.com\n\n  
      

    The \n's are carriage returns and you would need to use your actual application name in the host header.

    This is more in line with what your browser is supplying with the request (you can observe this with a tool such as HTTPWatch or Fiddler for IE, or Live HTTP Headers with Firefox).

    Denny