httpproxyicinga

Icinga check_http via Proxy Server


I can't figure out how to use the check_http module of Icinga to use a http proxy.

I tried to achieve this using the following entry in hosts.conf.

object Host "host.local.ch" {
  import "generic-host"
  address = "192.168.200.20"
  vars.http_vhosts["http"] = {
    http_uri = "/"
    http_proxy = "127.0.0.1"
    http_proxy_port = 5016
  }
}

Solution

  • I found a script, edited it and create files for the example usage with Icinga, find it here: https://github.com/ozzi-/icinga-check-http-proxy

    Save the following script (/etc/icinga2/scripts/check_http_proxy.sh):

    #!/bin/bash
    # Author: ozzi- , forked from scott.liao (https://github.com/shazi7804/icinga-check-http-proxy)
    # Description: ICINGA2 http check with proxy support
    
    # startup checks
    if [ -z "$BASH" ]; then
      echo "Please use BASH."
      exit 3
    fi
    if [ ! -e "/usr/bin/which" ]; then
      echo "/usr/bin/which is missing."
      exit 3
    fi
    wget=$(which wget)
    if [ $? -ne 0 ]; then
      echo "Please install wget."
      exit 3
    fi
    
    # Default Values
    ssl=""
    useragent=""
    host=""
    port=""
    proxy=""
    url="/"
    times=1
    timeout=5
    warning=700
    critical=2000
    certificate=""
    bindaddress=""
    
    #set system proxy from environment
    getProxy() {
      if [ -z "$1" ]; then
        echo $http_proxy | awk -F'http://' '{print $2}'
      else
        echo $https_proxy | awk -F'http://' '{print $2}'
      fi
    }
    
    # Usage Info
    usage() {
      echo '''Usage: check_http_proxy [OPTIONS]
      [OPTIONS]:
      -p PORT        Port to connect to (default: 80)
      -u URL         URL path (default: /)
      -H HOSTNAME    Destination Hostname
      -a USERAGENT   Sends a useragent and mimics other request headers of a browser
      -s             Use HTTPS proxy (default connecting to proxy via http)
      -P PROXY       Sets the proxy ip:port (i.e. 127.0.0.1:8840)
      -w WARNING     warning threshold in milliseconds (default: 700)
      -c CRITICAL    Critical threshold in milliseconds (default: 2000)
      -n TRIES       Number of connection attempts (default: 1)
      -t TIMEOUT     Seconds to wait for connection (timeout) (default: 5)
      -C CERTIFICATE Path to a client certificate (PEM and DER file types supported)
      -b IP          Bind address for wget (default: IP of primary networking interface)'''
    }
    
    # Check which threshold was reached
    checkTime() {
      if [ $1 -gt $critical ]; then
        echo -n "CRITICAL"
      elif [ $1 -gt $warning ]; then
        echo -n "WARNING"
      else
        echo -n "OK"
      fi
    }
    
    # Return code value
    getStatus() {
      if [ $1 -gt $critical ]; then
        return 2
      elif [ $1 -gt $warning ]; then
        return 1
      else
        return 0
      fi
    }
    
    #main
    #get options
    while getopts "c:p:s:a:w:u:P:H:n:t:C:b:" opt; do
      case $opt in
        c)
          critical=$OPTARG
          ;;
        p)
          port=$OPTARG
          ;;
        s)
          ssl=1
          ;;
        a)
          useragent=$OPTARG
          ;;
        w)
          warning=$OPTARG
          ;;
        u)
          url=$OPTARG
          ;;
        P)
          proxy=$OPTARG
          ;;
        H)
          hostname=$OPTARG
          ;;
        n)
          times=$OPTARG
          ;;
        t)
          timeout=$OPTARG
          ;;
        C)
          client_certificate=$OPTARG
          ;;
        b)
          bindaddress=$OPTARG
          ;;
        *)
          usage
          exit 3
          ;;
      esac
    done
    
    #define host with last parameter
    host=$hostname
    
    #hostname is required
    if [ -z "$host" ] || [ $# -eq 0 ]; then
      echo "Error: host is required"
      usage
      exit 3
    fi
    
    #set proxy from environment if available and no proxy option is given
    if [ -z "$proxy" ]; then
      proxy="$(getProxy ssl)"
    fi
    
    #use ssl or not
    if [ -z "$ssl" ]; then
      header="HTTP"
      proxy_cmd="http_proxy=$proxy"
      url_prefix="http://"
    else
      header="HTTPS"
      proxy_cmd="https_proxy=$proxy"
      url_prefix="https://"
    fi
    
    #different port
    if [ -z "$port" ]; then
      url="${url_prefix}${host}${url}"
    else
      url="${url_prefix}${host}:${port}${url}"
    fi
    
    start=$(echo $(($(date +%s%N)/1000000)))
    
    if [ -z "$useragent" ]; then
      if [ -z "$client_certificate" ]; then
        #execute and capture execution time and return status of wget
        $wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} $url
        status=$?
      elif [ -n "$client_certificate" ]; then
        #execute and capture execution time and return status of wget with client certificate
        $wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} --certificate=$client_certificate $url
        status=$?
      fi
    else
      if [ -n "$client_certificate" ]; then
        $wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} --certificate=$client_certificate $url \
        --header="User-Agent: $useragent" \
        --header="Accept: image/png,image/*;q=0.8,*/*;q=0.5" \
        --header="Accept-Language: en-us,en;q=0.5" \
        --header="Accept-Encoding: gzip, deflate"
        status=$?
      else
        #execute with fake user agent and capture execution time and return status of wget
        $wget -t $times --timeout $timeout -O /dev/null -q -e $proxy_cmd --bind-address=${bindaddress} $url \
        --header="User-Agent: $useragent" \
        --header="Accept: image/png,image/*;q=0.8,*/*;q=0.5" \
        --header="Accept-Language: en-us,en;q=0.5" \
        --header="Accept-Encoding: gzip, deflate"
        status=$?
      fi
    fi
    end=$(echo $(($(date +%s%N)/1000000)))
    
    #decide output by return code
    if [ $status -eq 0 ] ; then
      echo "${header} $(checkTime $((end - start))): $((end - start))ms - ${url}|time=$((end - start))ms;${warning};${critical};0;"
      getStatus $((end - start))
      exit $?
    else
      case $status in
        1)
          echo "${header} CRITICAL: Generic error code ($status) - ${url}"
          ;;
        2)
          echo "${header} CRITICAL: Parse error ($status) - ${url}"
          ;;
        3)
          echo "${header} CRITICAL: File I/O error ($status) - ${url}"
          ;;
        4)
          echo "${header} CRITICAL: Network failure ($status) - ${url}"
          ;;
        5)
          echo "${header} CRITICAL: SSL verification failure ($status) - ${url}"
          ;;
        6)
          echo "${header} CRITICAL: Authentication failure ($status) - ${url}"
          ;;
        7)
          echo "${header} CRITICAL: Protocol errors ($status) - ${url}"
          ;;
        8)
          echo "${header} CRITICAL: Server issued an error response ($status) - ${url}"
          ;;
        *)
          echo "${header} UNKNOWN: $status - ${url}"
          exit 3
          ;;
      esac
      exit 2
    fi
    

    Icinga command definition (/etc/icinga2/conf.d/commands.conf):

    object CheckCommand "check-http-proxy" {
      command = [ ConfigDir + "/scripts/check_http_proxy.sh" ]
      arguments += {
        "-p" = {
          value = "$chp_port$"
          description = "Port to connect to (default: 80)"
        }
        "-u" = {
          value = "$chp_url$"
          description = "URL path (default: /)"
        }
        "-H" = {
          required = true
          value = "$chp_hostname$"
          description = "Destination Hostname"
        }
        "-s" = {
          value = "$chp_ssl$"
          description = "Use HTTPS proxy (default: http proxy)"
        }
        "-P" = {
          required = true
          value = "$chvp_proxy$"
          description = "Sets the proxy ip:port (i.e. 127.0.0.1:8840)"
        }
        "-a" = {
          value = "$chp_useragent$"
          description = "Sends a useragent and mimics other request headers of a browser"
        }
        "-w" = {
          value = "$chp_warning_timeout$"
          description = "Warning threshold in milliseconds (default: 700)"
        }
        "-c" = {
          value = "$chp_critical_timeout$"
          description = "Critical threshold in milliseconds (default: 2000)"
        }
        "-b" = {
          value = "$chp_bind_adr$"
          description = "Bind address for wget (default: IP of primary networking interface)"
        }
        "-n" = {
          value = "$chp_tries$"
          description = "Number of connection attempts (default: 1)"
        }
        "-t" = {
          value = "$chp_timeout$"
          description = "Seconds to wait for connection (timeout) (default: 5)"
        }
        "-C" = {
          value = "$chp_certificate$"
          description = "Path to a client certificate (PEM and DER file types supported)"
        }
      }
    }
    

    Usage in /etc/icinga2/conf.d/hosts.conf

    object Host "sub.domain.ch" {
      check_command = "check-http-proxy"
      vars.chp_hostname = "sub.domain.ch"
      vars.chp_proxy = "127.0.0.1:5016"
    }