Icinga check_http via Proxy Server
Question
I can't figure out how to use the check_http module of Icinga to use a http proxy.
I tried to achieve this using the following entry in hosts.conf.
object Host "host.local.ch" {
import "generic-host"
address = "192.168.200.20"
vars.http_vhosts["http"] = {
http_uri = "/"
http_proxy = "127.0.0.1"
http_proxy_port = 5016
}
}
1 answers
solution1
0 2019-02-08 15:06:24
I found a script, edited it and create files for the example usage with Icinga, find it here: https://github.com/ozzi-/icinga-check-http-proxy
Save the following script (/etc/icinga2/scripts/check_http_proxy.sh):
#!/bin/bash
# Author: ozzi- , forked from scott.liao (https://github.com/shazi7804/icinga-check-http-proxy)
# Description: ICINGA2 http check with proxy support
# startup checks
if [ -z "$BASH" ]; then
echo "Please use BASH."
exit 3
fi
if [ ! -e "/usr/bin/which" ]; then
echo "/usr/bin/which is missing."
exit 3
fi
wget=$(which wget)
if [ $? -ne 0 ]; then
echo "Please install wget."
exit 3
fi
# Default Values
ssl=""
useragent=""
host=""
port=""
proxy=""
url="/"
times=1
timeout=5
warning=700
critical=2000
certificate=""
bindaddress=""
#set system proxy from environment
getProxy() {
if [ -z "$1" ]; then
echo $http_proxy | awk -F'http://' '{print $2}'
else
echo $https_proxy | awk -F'http://' '{print $2}'
fi
}
# Usage Info
usage() {
echo '''Usage: check_http_proxy [OPTIONS]
[OPTIONS]:
-p PORT Port to connect to (default: 80)
-u URL URL path (default: /)
-H HOSTNAME Destination Hostname
-a USERAGENT Sends a useragent and mimics other request headers of a browser
-s Use HTTPS proxy (default connecting to proxy via http)
-P PROXY Sets the proxy ip:port (i.e. 127.0.0.1:8840)
-w WARNING warning threshold in milliseconds (default: 700)
-c CRITICAL Critical threshold in milliseconds (default: 2000)
-n TRIES Number of connection attempts (default: 1)
-t TIMEOUT Seconds to wait for connection (timeout) (default: 5)
-C CERTIFICATE Path to a client certificate (PEM and DER file types supported)
-b IP Bind address for wget (default: IP of primary networking interface)'''
}
# Check which threshold was reached
checkTime() {
if [ $1 -gt $critical ]; then
echo -n "CRITICAL"
elif [ $1 -gt $warning ]; then
echo -n "WARNING"
else
echo -n "OK"
fi
}
# Return code value
getStatus() {
if [ $1 -gt $critical ]; then
return 2
elif [ $1 -gt $warning ]; then
return 1
else
return 0
fi
}
#main
#get options
while getopts "c:p:s:a:w:u:P:H:n:t:C:b:" opt; do
case $opt in
c)
critical=$OPTARG
;;
p)
port=$OPTARG
;;
s)
ssl=1
;;
a)
useragent=$OPTARG
;;
w)
warning=$OPTARG
;;
u)
url=$OPTARG
;;
P)
proxy=$OPTARG
;;
H)
hostname=$OPTARG
;;
n)
times=$OPTARG
;;
t)
timeout=$OPTARG
;;
C)
client_certificate=$OPTARG
;;
b)
bindaddress=$OPTARG
;;
*)
usage
exit 3
;;
esac
done
#define host with last parameter
host=$hostname
#hostname is required
if [ -z "$host" ] || [ $# -eq 0 ]; then
echo "Error: host is required"
usage
exit 3
fi
#set proxy from environment if available and no proxy option is given
if [ -z "$proxy" ]; then
proxy="$(getProxy ssl)"
fi
#use ssl or not
if [ -z "$ssl" ]; then
header="HTTP"
proxy_cmd="http_proxy=$proxy"
url_prefix="http://"
else
header="HTTPS"
proxy_cmd="https_proxy=$proxy"
url_prefix="https://"
fi
#different port
if [ -z "$port" ]; then
url="${url_prefix}${host}${url}"
else
url="${url_prefix}${host}:${port}${url}"
fi
start=$(echo $(($(date +%s%N)/1000000)))
if [ -z "$useragent" ]; then
if [ -z "$client_certificate" ]; then
#execute and capture execution time and return status of wget
$wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} $url
status=$?
elif [ -n "$client_certificate" ]; then
#execute and capture execution time and return status of wget with client certificate
$wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} --certificate=$client_certificate $url
status=$?
fi
else
if [ -n "$client_certificate" ]; then
$wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} --certificate=$client_certificate $url \
--header="User-Agent: $useragent" \
--header="Accept: image/png,image/*;q=0.8,*/*;q=0.5" \
--header="Accept-Language: en-us,en;q=0.5" \
--header="Accept-Encoding: gzip, deflate"
status=$?
else
#execute with fake user agent and capture execution time and return status of wget
$wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} $url \
--header="User-Agent: $useragent" \
--header="Accept: image/png,image/*;q=0.8,*/*;q=0.5" \
--header="Accept-Language: en-us,en;q=0.5" \
--header="Accept-Encoding: gzip, deflate"
status=$?
fi
fi
end=$(echo $(($(date +%s%N)/1000000)))
#decide output by return code
if [ $status -eq 0 ] ; then
echo "${header} $(checkTime $((end - start))): $((end - start))ms - ${url}|time=$((end - start))ms;${warning};${critical};0;"
getStatus $((end - start))
exit $?
else
case $status in
1)
echo "${header} CRITICAL: Generic error code ($status) - ${url}"
;;
2)
echo "${header} CRITICAL: Parse error ($status) - ${url}"
;;
3)
echo "${header} CRITICAL: File I/O error ($status) - ${url}"
;;
4)
echo "${header} CRITICAL: Network failure ($status) - ${url}"
;;
5)
echo "${header} CRITICAL: SSL verification failure ($status) - ${url}"
;;
6)
echo "${header} CRITICAL: Authentication failure ($status) - ${url}"
;;
7)
echo "${header} CRITICAL: Protocol errors ($status) - ${url}"
;;
8)
echo "${header} CRITICAL: Server issued an error response ($status) - ${url}"
;;
*)
echo "${header} UNKNOWN: $status - ${url}"
exit 3
;;
esac
exit 2
fi
Icinga command definition (/etc/icinga2/conf.d/commands.conf):
object CheckCommand "check-http-proxy" {
command = [ ConfigDir + "/scripts/check_http_proxy.sh" ]
arguments += {
"-p" = {
value = "$chp_port$"
description = "Port to connect to (default: 80)"
}
"-u" = {
value = "$chp_url$"
description = "URL path (default: /)"
}
"-H" = {
required = true
value = "$chp_hostname$"
description = "Destination Hostname"
}
"-s" = {
value = "$chp_ssl$"
description = "Use HTTPS proxy (default: http proxy)"
}
"-P" = {
required = true
value = "$chvp_proxy$"
description = "Sets the proxy ip:port (i.e. 127.0.0.1:8840)"
}
"-a" = {
value = "$chp_useragent$"
description = "Sends a useragent and mimics other request headers of a browser"
}
"-w" = {
value = "$chp_warning_timeout$"
description = "Warning threshold in milliseconds (default: 700)"
}
"-c" = {
value = "$chp_critical_timeout$"
description = "Critical threshold in milliseconds (default: 2000)"
}
"-b" = {
value = "$chp_bind_adr$"
description = "Bind address for wget (default: IP of primary networking interface)"
}
"-n" = {
value = "$chp_tries$"
description = "Number of connection attempts (default: 1)"
}
"-t" = {
value = "$chp_timeout$"
description = "Seconds to wait for connection (timeout) (default: 5)"
}
"-C" = {
value = "$chp_certificate$"
description = "Path to a client certificate (PEM and DER file types supported)"
}
}
}
Usage in /etc/icinga2/conf.d/hosts.conf
object Host "sub.domain.ch" {
check_command = "check-http-proxy"
vars.chp_hostname = "sub.domain.ch"
vars.chp_proxy = "127.0.0.1:5016"
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Nagios returning OK with check_http and status 303
How to have custom warning and critical time for nagios check_http?
Nagios check_http gives 'HTTP/1.0 503 Service Unavailable' for HAProxy site
HTTP Connect via NTLM authenticating proxy server
nagios - nrpe - check_http - works from command prompt but fails on nrpe
HTTP/1 to HTTP/2 translation via proxy
HTTP proxy server
HTTP Proxy server [Python]
Buffered uploading via HTTP Proxy
wget - download file from ftp server (with auth) via http proxy (with auth)
Related Tags