Greetings list, Long story short, we're moving from some alteon AD3's to openbsd, and in support of that effort I've constructed a small testing environment including two carp'd openbsd boxes running hoststated, and a single webserver sitting behind them.
The problem is that I can't seem to get hoststated to recognize via "check https digest" that the webserver is up and running. Check http works for the non-ssl side of the site, and changing the ssl check to "check https code" yields an operational ssl rdr. Since the webserver runs a small healthcheck jsp which outputs simply "healthy", I'd like to use the digest method if possible. I'm generating the digest with: wget -O - https://172.16.51.31/healthcheck/tomcatok.jsp \ --no-check-certificate | sha1 I'm wondering how sensitive hoststated is to the certificate (might "check https digest" fail because the server certificate and the name I'm asking for don't match?), or could it be that hoststated computes the https digest before the html output is decrypted? Thanks advance for your help. Configs pasted below. hoststated.conf: # Macros # extern_addr="192.168.26.53" intern_addr="172.16.51.31" table generic_vhosts { real port http check http "/healthcheck/tomcatok.jsp" digest 187ddb23c590d6b7e576313b135e7201099cf726 host $intern_addr } table ssl_box { real port https check https "/dbghealth/tomcatok.jsp" code 200 #check https "/healthcheck/tomcatok.jsp" digest 187ddb23c590d6b7e576313b135e7201099cf726 host $intern_addr } service generic_http { virtual host $extern_addr port http interface fxp3 tag HOSTSTATED sticky-address table generic_vhosts } service ssl { virtual host $extern_addr port https interface fxp3 tag HOSTSTATED sticky-address table ssl_box } -dave josephsen [demime 1.01d removed an attachment of type application/pgp-signature]
