Richard Bernecker

Random Solutions to Random Problems

A Note on Checking HTTPS Services with LibreNMS

If using LibreNMS to check website availability, you’ll likely be using Nagios Plugins behind the scenes. check_http is the most stable plugin for this task, but there are some considerations when deploying it for HTTPS websites.

The principal quirk of check_http is that SNI is not enabled by default regardless of whether SSL support is enabled for a given service. In my case, I use SNI with my intranet reverse proxy to shunt HTTPS web requests to the correct service. Without SNI support enabled, check_http will report a socket timeout error.

To enable successful checks over a reverse proxy utilizing SNI, the following options must be configured at a bare minimum:

--sni #Enables SNI support in check_http
-S #Enables SSL/TLS support and defaults to port 443

You’ll also want to set the -f follow option if the service being checked redirects the user when navigating via hostname. This option is key for getting Nagios to report a 200 status code rather than 301 or 302 as check_http’s default behavior will not follow redirects.

That’s it! Those options should be all you need to consider for most websites. You may find that another parameter is required for your specific use case. Please use the documentation linked above if further tuning is required.