monit-general
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTPS connection to mmonit

From: Paul Theodoropoulos
Subject: Re: HTTPS connection to mmonit
Date: Wed, 1 May 2019 10:40:11 -0700
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
Is there any chance you could share the actual URL you are using? If, as you mentioned the server has publi DNS and is in the cloud on a public machine, there's really no additional risk to sharing it here - within minutes of it being on the public internet, it will be probed relentlessly by bots and malefactors - the handful of readers of this list will pose no additional threat.

Working blind on the issue makes it much harder for others to assist. We can only guess at the failure modes for the most part.

On 5/1/19 09:06, Mr Subs wrote:
Thanks for the advice. I have made some progress, but am now getting another error.

I changed server.xml, so the Host address=“172.31.24.86” (which is the private IP address, even though I am connecting to it via it’s public IP address. The domain name is correct, and is public DNS.

Now, when connecting, mmonit -id reports:
2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
2019-05-01 16:02:23 SSL read error [172.31.24.86] error:140A1175:SSL routines:ssl_bytes_to_cipher_list:inappropriate fallback

Any other ideas?

Thanks


On 1 May 2019, at 00:14, Jan-Henrik Haukeland <address@hidden> wrote:


What is strange is that 172.31.24.86 is neither the address of my server OR my client - it is completely unknown to me (and a reverse lookup just tells me it is a private address).

172.31.24.86 is part of a private IP-range, like 192.168.0.0 and 10.0.0.0 and probably setup by the system you use or your network admin. 


I have tried with both the supplied mmonit.pem and a self-generated certificate, but I get the same error.

The bits of server.xml that I changed are:

<Connector scheme="https" address="*" port="8443" processors="10" secure="true" />
..
<Engine name="mmonit" defaultHost=“my-hostname.com" fileCache="10MB">
..
<Host address=“xx.xx.xx.xx" name="my-hostname.com" appBase="." certificate="conf/mmonit.pem” >

Any ideas on what I have misconfigured?

When configuring SSL it is important that your hostname is in DNS, you can unfortunately not just invent a hostname here. The name attribute in <Host> (and defaultHost in <Engine>) must point to a real hostname in DNS.  If “my-hostname.com” is not in DNS try using your IP address instead. You must then access mmonit using https://<your-ip-address>/ The manual and the chapter about setting up M/Monit with SSL has more information, https://mmonit.com/documentation/mmonit_manual.pdf

Best regards
-- 
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general


    

    

    

    
-- 
Paul Theodoropoulos
www.anastrophe.com

  















reply via email to








[Prev in Thread]
Current Thread
[Next in Thread]