0

I'm having some difficulty getting M/Monit to work behind a proxy. I'm trying to proxy HTTPS connections from https: //monit.mydomain.com to http: //monit.realserver.com:8082.

With the configuration below, if I visit https: //monit.mydomain.com/index.csp or any other valid path then everything works fine. However, if I try to visit just https:/ /monit.mydomain.com or https: //monit.mydomain.com/, it redirects to http: //monit.mydomain.com:8082/index.csp

[root@uk1001 conf.d]# curl -k -v --fail https://monit.mydomain.com
* About to connect() to monit.mydomain.com port 443 (#0)
*   Trying 10.0.35.80... connected
* Connected to monit.mydomain.com (10.0.35.80) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
... omitted cert details ...
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.3.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: monit.mydomain.com
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Date: Thu, 26 Jan 2017 11:20:01 GMT
< Server: mmonit/3.5
< Content-Type: text/plain; charset=UTF-8
< Location: http://monit.mydomain.com:8082/index.csp
< Connection: close
< Transfer-Encoding: chunked
<

Here's my vhost config:

<VirtualHost *:443 >
  ServerName monit.mydomain.com
  SSLEngine on
  SSLProxyEngine on

  ProxyRequests Off
  ProxyPreserveHost On

  RequestHeader set X-FORWARDED-PROTO "https"

  ProxyPass / http://monit.realserver.com:8082/ connectiontimeout=5 timeout=300
  ProxyPassReverse / http://monit.realserver.com:8082/

</VirtualHost>
RCross
  • 449
  • 2
  • 6
  • 19
  • Since you're using the commercial M/Monit, I'd really suggest you contact them for support. It's available and they will help you! – ewwhite Jan 26 '17 at 13:49
  • From https://mmonit.com/contact/ "If you have questions or comments about Monit, please subscribe to the Monit mailing list and post your questions there or use stackoverflow." – RCross Feb 20 '17 at 17:15
  • "If you have trouble implementing or have a technical problem related to Monit or M/Monit we can help. Incident Support for both Monit and M/Monit can be purchased". The cost of each support Incident €120 – RCross Feb 20 '17 at 17:18
  • Yes. Use the mailing list. – ewwhite Feb 20 '17 at 19:19

2 Answers2

0

Page 83 of documentation tell you how to do it look at: https://mmonit.com/documentation/mmonit_manual.pdf

You forgot to tell M/Monit that it get proxified and should advertise with another data Pay attention to the attributes of the Connector.

proxyScheme="https" proxyName="monit.mydomain.com" proxyPort="443"
DevOps
  • 720
  • 3
  • 15
  • Ok, I didn't think this necessary as I was able to proxy other applications like Nexus and SonarQube without having to set anything in the application. – RCross Feb 02 '17 at 11:40
0

I know this is an old question, but since I stumbled across the same problem: Somewhere inside the Monit Configuration, the Location Header is set to : http://monit.mydomain.com:8082/index.csp

But your ProxyPassReverse directive: ProxyPassReverse / http://monit.realserver.com:8082/ is listening for the Location http://monit.realserver.com:8082/ - so the location header is not changed. Change the directive to: ProxyPassReverse http://monit.mydomain.com:8082/ and it should work.

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
user466980
  • 1