Health Check Issue

Jeff Creek jcreek at indigital.net
Thu Oct 1 18:13:54 UTC 2020 

I am trying to check the contents of an html file on upstream servers.  A
configuration using HTTP works.  However, using the same check with HTTPS
does not work.

nginx version: nginx/1.19.0 (nginx-plus-r22)

Upstreams are IIS.

Non working config:
log_format upstreamlog-giscrp '$server_name to: $upstream_addr [$request] '
   'upstream_response_time $upstream_response_time '
   'msec $msec request_time $request_time';

  match giscrp_up {
        body ~* "IISUP";
  }

  upstream giscrp {
        server 10.212.226.58:443;
        server 10.212.226.59:443;
        zone map 64k;
    }

  server {
        listen 443 ssl http2;

        server_name giscrp.vt911.net;


        ssl_certificate         /etc/pki/tls/certs/
vt911.net/STAR_vt911_net-bundle.crt;
        ssl_certificate_key     /etc/pki/tls/certs/
vt911.net/STAR_vt911.net.key;
        access_log /var/log/nginx/access-giscrp.log upstreamlog-giscrp;


        #proxy_ssl  on;



        location / {
            proxy_set_header X-Forwarded-For $remote_addr;  #Passes client
IP to upstream web server
            proxy_set_header Host $http_host;  #Passes request hostname
from client in header
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_http_version 1.1;
            proxy_pass https://giscrp;
            health_check match=giscrp_up uri=/iisstatus.html;
        }
    }


Working config over HTTP:
log_format upstreamlog-map '$server_name to: $upstream_addr [$request] '
   'upstream_response_time $upstream_response_time '
   'msec $msec request_time $request_time';
  match iis_up {
        body ~ "IISUP";
  }

  server {
        listen 80;
        server_name map.vt911.net;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log /var/log/nginx/access-map.log upstreamlog-map;

        location / {
            proxy_pass http://map.vt911.net;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            health_check match=iis_up uri=/iisstatus.html;
        }
    }

    upstream map.vt911.net {
        server 10.212.224.56:80;
        server 10.212.224.57:80;
        zone map 64k;
    }

I am not sure if the health check is sending the request to the IP instead
of the FQDN and the server is rejecting it or something.

Any ideas would be appreciated.

-- 
Jeff Creek
INdigital
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20201001/43833d81/attachment.htm>

More information about the nginx mailing list