Module: check_mk
Branch: master
Commit: 4dd2c672edd6ba42f9cb24d45fc33c5f9f9e619f
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4dd2c672edd6ba…
Author: Tom Baerwinkel <tb(a)mathias-kettner.de>
Date: Fri Jun 29 13:08:38 2018 +0200
6117 check_http: Add the possibility to perform certificate checks over a proxy
Change-Id: Id9fe1410ab0ebd4a6b237cce6f7fc036cb5d5cbf
---
.werks/6117 | 10 ++++++++++
checks/check_http | 11 ++++++++++-
web/plugins/wato/active_checks.py | 22 ++++++++++++++++++++++
3 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/.werks/6117 b/.werks/6117
new file mode 100644
index 0000000..dc53989
--- /dev/null
+++ b/.werks/6117
@@ -0,0 +1,10 @@
+Title: check_http: Add the possibility to perform certificate checks over a proxy
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1530270478
+Class: feature
+
+
diff --git a/checks/check_http b/checks/check_http
index 60fa94f..52b13e1 100644
--- a/checks/check_http
+++ b/checks/check_http
@@ -47,7 +47,12 @@ def _certificate_args(address_family, address, settings):
args = []
if "cert_host" in settings:
- if settings.get("sni"):
+ if settings.get('proxy'):
+ args += [ '-I', settings['proxy'] ]
+ args += [ '-H', settings['cert_host'] ]
+ args.append('--ssl')
+ args += ['-j', 'CONNECT']
+ elif settings.get("sni"):
args += [ '-H', settings['cert_host'] ]
else:
args += [ '-I', settings['cert_host'] ]
@@ -61,6 +66,10 @@ def _certificate_args(address_family, address, settings):
if "port" in settings:
args += [ '-p', settings["port"] ]
+ if "proxy_auth" in settings:
+ username, password = settings["proxy_auth"]
+ args += [ "-b", passwordstore_get_cmdline("%s:%%s" %
username, password) ]
+
if "cert_days" in settings:
# legacy behavior
if type(settings["cert_days"]) == int:
diff --git a/web/plugins/wato/active_checks.py b/web/plugins/wato/active_checks.py
index 269aab7..aae43a2 100644
--- a/web/plugins/wato/active_checks.py
+++ b/web/plugins/wato/active_checks.py
@@ -1196,6 +1196,28 @@ register_rule(group,
title = _("Enable SSL/TLS hostname extension
support (SNI)"),
),
),
+ ( "proxy",
+ TextAscii(
+ title = _("Proxy host"),
+ help = _("To use a proxy you have to specify the
Port of the proxy. ")
+ ),
+ ),
+ ( "proxy_auth",
+ Tuple(
+ title = _("Proxy-Authorization"),
+ help = _("Credentials for HTTP Proxy with basic
authentication"),
+ elements = [
+ TextAscii(
+ title = _("Username"),
+ size = 12,
+ allow_empty = False
+ ),
+ IndividualOrStoredPassword(
+ title = _("Password"),
+ ),
+ ]
+ )
+ ),
],
required_keys = [ "cert_days" ],
),