Netdata Community

Constant alerts when forwarding all http to https

Evening all,

I’m sorry if this has been asked elsewhere. I assumed it would be a common question, but have trawled the interwebs, and failed to find anything.

I have a Raspberry Pi with Apache and Nextcloud installed. I created a certificate with LetsEncrypt and, as advised by sslLabs, set Apache to redirect all http requests to https. I am now getting lots of alerts from web_log_1m_redirects and web_log_1m_successful.

My understanding is that Netdata queries http://raspberrypi/server-status every second, gets a 301 redirect, and then queries the https server. So, with no other traffic, ND is creating 120 requests per min, 60 redirects and 60 successful, and thus the 1m_redirects alert triggers because the ratio is over is 20%, and the 1m_successful triggers because the ratio is under 85%.

I assume the health.d/web_log.conf file is trying to account for this issue, since it specifically won’t trigger anything until $1m_requests > 120, but natural variations mean it creeps over that number fairly regularly. Naively, my initial thought was that I could just nudge that number up to 123, but as soon as I attach a client to Nextcloud, I’m over 123 all the time, and I’ve only improved the ratios by a few %.

I’ve spent a bit of time looking into rewriting the conf file so that it subtracts 60 from both numbers before doing its calculations. I think this is a reasonable approach, but I worked out I wasn’t going to have the experience to test it properly, which is unsatisfactory.

I considered trying to get ND to treat 301 as successful, but that’s not ideal.

What I’d like at this point, but what I’m completely failing to find, is a way of getting ND to ignore http, and just use https. Is this possible?

Any help greatly appreciated! Many thanks in advance,

Davii

I finally found this:

As darioseidl suggests down at the bottom, I’ve edited /etc/netdata/python.d/apache.conf with https, which I’m assuming will solve my problem.

It would have been nice if Netdata had done this automatically, but I imagine it only checks at install time, which is why it didn’t work for me. Anyway, hopefully someone else will find this useful, and won’t spend quite as much time as I have :slight_smile:

Hello @Davii, welcome in our community.

First of all, there is a distinction between the Xm_[successful,redirects,w/e] group of alerts and the ones with the web_log_ prefix. The first ones are managed from the python.d.plugin collectors and the second ones from the go.d.plugin. One of these plugins is running at the time for web log analysis. So whatever changes you have to do, must be focused on the go.d.plugin collectors.

The most recent and related to your problem thread/topic/issue is this Why does web_log_1m_successful count redirects as failure? and how to change it one, in which we explain how we define the classes of the responses code. In your case, and since this is a private RPi you can assume that the 301 codes as successful.

Best regards,
Tasos.

Many thanks @Tasos.

I hadn’t realised the distinction:
Xm_ = python.d
web_log_ = go.d
So I’ve now modified /etc/netdata/python.d/apache.conf to use https as well.

I had seen the other post, but I don’t consider counting 301 as successful to be a solution, and that post doesn’t really provide a means of doing so anyway.

Many thanks again.

1 Like