CRE 2.3 new httpv2 check - missing option for different hostname/IP?

Jay2k1 · May 2, 2024, 1:06pm

CMK version: CRE 2.3.0
OS version: Ubuntu 22.04 LT

I am migrating my HTTP checks and noticed something. Scenario:

You have a webserver in your monitoring, and it has a website you want to monitor.
This vhost is behind Cloudflare as reverse proxy, so the DNS A record points to Cloudflare.
You want to HTTP check the vhost both directly on the server and via Cloudflare.

With the old check, I created two HTTP checks on the server:

on one, I just passed the “virtual host”, so it would contact the server’s web server and pass the vhost via Host header
on the other, I additionally set the Address (name / IP or proxy) field to Hostname / IP address with the vhost name/domain name, so Checkmk would resolve that hostname and retrieve the website via cloudflare instead

This way, if something happens, I can quickly see if my own server is the culprit or if there is something wrong with CF. Also I have graphs for both.

With the new httpv2 check, I couldn’t find a way to use a defined IP or DNS name (or a specific vhost for that matter), just a URL field. That makes me assume that it always resolves the domain name of the URL instead of checking on the server the check is created on.
I think this may be problematic, because covering my outlined scenario is not possible, and you might want to use the check to verify the website works on your server as opposed to where the DNS points to in general, because these might be different things.

Or I am missing something, which is entirely possible.

andreas-doehler · May 2, 2024, 1:55pm

What happens if you enter two different URLs? One for CF and the other one for direct connection.

chauhan_sudhir · May 2, 2024, 2:00pm

Adding to what Andreas said, you can add multiple endpoints with either a standard setting for both or individual setting for each endpoint.

Jay2k1 · May 2, 2024, 2:26pm

This may work in some cases. Say the server is called web01.acme.tld and the web page acme-blog.tld, I could

edit my vhost on the server and, in apache speak, add a ServerAlias of e.g. direct.acme-blog.tld so apache makes that vhost listen for a separate domain name
add that domain name in DNS (or maybe /etc/hosts of my cmk server)
incase I have a TLS certificate on the server, I need to expand it or get another for the new subdomain, or just use HTTP to monitor the “direct” vhost

However, some web applications rely on the domain they’re being accessed with (read: the Host header), so they might respond with undesired output or throw an error.

But honestly, before making changes to my server and DNS configuration, I guess I’d rather stay with the classic check in these cases.

@chauhan_sudhir I have seen the endpoints thing, and my first thought was, that’s great to reduce the number of HTTP checks in the list (which got really long with the time), but then I realized if I have basically ten checks in a single “check rule” and want to edit one of them, that edit page itself becomes quite long and a bit overcrowded, so I stuck to separate rules for separate checks. That’s just personal preference though, it is for sure a nice addition!