I'd like to enable --sni on the Nagios cert check to force it to check the correct certificate on some of our sites (which use SNI). I'd also like to add checks for whatcanidoforfedora.org, release-monitoring.org, and pagure.io. +1's?

diff --git a/roles/nagios_server/files/nagios/commands/httpd.cfg b/roles/nagios_server/files/nagios/commands/httpd.cfg index 944cb50..21843f4 100644 --- a/roles/nagios_server/files/nagios/commands/httpd.cfg +++ b/roles/nagios_server/files/nagios/commands/httpd.cfg @@ -63,7 +63,7 @@ define command{ define command{ command_name check_ssl_cert - command_line $USER1$/check_http -I $HOSTADDRESS$ -H $ARG1$ -C $ARG2$ + command_line $USER1$/check_http --sni -I $HOSTADDRESS$ -H $ARG1$ -C $ARG2$ } define command{ diff --git a/roles/nagios_server/files/nagios/services/ssl.cfg b/roles/nagios_server/files/nagios/services/ssl.cfg index 150411d..81e4b4a 100644 --- a/roles/nagios_server/files/nagios/services/ssl.cfg +++ b/roles/nagios_server/files/nagios/services/ssl.cfg @@ -32,3 +32,24 @@ define service { check_command check_ssl_cert!pkgs.fedoraproject.org!60 use defaulttemplate } + +define service { + hostgroup_name proxies + service_description https-whatcanidoforfedora-cert + check_command check_ssl_cert!whatcanidoforfedora.org!25 + use defaulttemplate +} + +define service { + host_name anitya-frontend01.fedoraproject.org + service_description https-release-monitoring-cert + check_command check_ssl_cert!release-monitoring.org!60 + use defaulttemplate +} + +define service { + host_name pagure-proxy01.fedoraproject.org + service_description https-pagure-cert + check_command check_ssl_cert!pagure.io!60 + use defaulttemplate +} _______________________________________________ infrastructure mailing list -- infrastructure(a)lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave(a)lists.fedoraproject.org