I'd like to enable --sni on the Nagios cert check to force it to check
the correct certificate on some of our sites (which use SNI).
I'd also like to add checks for
whatcanidoforfedora.org,
release-monitoring.org, and pagure.io.
+1's?
diff --git a/roles/nagios_server/files/nagios/commands/httpd.cfg
b/roles/nagios_server/files/nagios/commands/httpd.cfg
index 944cb50..21843f4 100644
--- a/roles/nagios_server/files/nagios/commands/httpd.cfg
+++ b/roles/nagios_server/files/nagios/commands/httpd.cfg
@@ -63,7 +63,7 @@ define command{
define command{
command_name check_ssl_cert
- command_line $USER1$/check_http -I $HOSTADDRESS$ -H $ARG1$ -C $ARG2$
+ command_line $USER1$/check_http --sni -I $HOSTADDRESS$ -H
$ARG1$ -C $ARG2$
}
define command{
diff --git a/roles/nagios_server/files/nagios/services/ssl.cfg
b/roles/nagios_server/files/nagios/services/ssl.cfg
index 150411d..81e4b4a 100644
--- a/roles/nagios_server/files/nagios/services/ssl.cfg
+++ b/roles/nagios_server/files/nagios/services/ssl.cfg
@@ -32,3 +32,24 @@ define service {
check_command check_ssl_cert!pkgs.fedoraproject.org!60
use defaulttemplate
}
+
+define service {
+ hostgroup_name proxies
+ service_description https-whatcanidoforfedora-cert
+ check_command check_ssl_cert!whatcanidoforfedora.org!25
+ use defaulttemplate
+}
+
+define service {
+ host_name
anitya-frontend01.fedoraproject.org
+ service_description https-release-monitoring-cert
+ check_command check_ssl_cert!release-monitoring.org!60
+ use defaulttemplate
+}
+
+define service {
+ host_name
pagure-proxy01.fedoraproject.org
+ service_description https-pagure-cert
+ check_command check_ssl_cert!pagure.io!60
+ use defaulttemplate
+}