ALPN support for network tests
list Mark Felder
Hello,
I had a need to monitor some services that are being multiplexed/proxied by Nginx with the stream module like so:
stream {
map $ssl_preread_alpn_protocols $proxy {
default 127.0.0.1:8443;
~\bsmtp\b 127.0.0.1:465;
~\bimap\b 127.0.0.1:993;
}
server {
listen 443;
listen [::]:443;
proxy_pass $proxy;
ssl_preread on;
}
}
This detects the ALPN handshake and passes the traffic through to the real IMAP or SMTP backend. Monitoring this was not possible with Xymon, but I have a working implementation attached. This will allow you to define a new protocol like
[imaps443]
options ssl,alpn=imap
port 443
Now I can successfully monitor these services. I considered trying to extend the http monitoring tests to allow this as well so you can force HTTP/2 or HTTP/3 even but I don't think that's possible. Perhaps in another life the HTTP testing should be refactored around libcurl so a giant featureset becomes automatically available... :)
Disclaimer: this patch was only made possible with the help of Qwen as I'm not super experienced in C. I didn't bother cleaning up its obnoxious inline comments, but after a cursory review it doesn't seem like bad code...
Mark
Attachments (1)