Check_http –ssl still checking HTTP

httpsnagios

Shouldn't the following command return an HTTPS/SSL status code?

$ check_http --ssl google.de
HTTP OK: HTTP/1.0 302 Found - 984 bytes in 0,099 second response time |time=0,099305s;;;0,000000 size=984B;;;0

It's a simple example, but I can fairly reproduce the malfunction for websites that only respond to HTTPS and have a 302 Redirect. They would be returning the following although they should access on port 443 instead of 80:

HTTP OK: HTTP/1.1 302 Moved Temporarily - 585 bytes in 0,079 second response time |time=0,078830s;;;0,000000 size=585B;;;0

My version information:

$ check_http -V
check_http v1.4.16 (nagios-plugins 1.4.16)

OpenSSL version 1.0.0-25.el6_3.1, latest version from CentOS updates repository
running on CentOS 6 x86_64

Best Answer

Try running it like this (remove -vvv for regular usage):

check_http -vvv -S -H <hostname> -u / <IP-Address>

Where hostname is what is in the Host: HTTP Header and IP-Address is the IP-Address whereon apache is listening on port 443.

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

Best Answer

Related Solutions

nginx HTTPS – How to Serve HTTPS with Same Config as HTTP

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

Related Topic