Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow HTTP to /api/status even when HTTPS is configured #1567

Open
jdixon-86 opened this issue Jun 17, 2022 · 0 comments
Open

Allow HTTP to /api/status even when HTTPS is configured #1567

jdixon-86 opened this issue Jun 17, 2022 · 0 comments

Comments

@jdixon-86
Copy link

Describe the enhancement:
Add the ability to access the /api/status using GET with HTTP even if the fleet server is configured for HTTPS.

Describe a specific use case for the enhancement or feature:
Some load balancers do not have the ability to check the response of a HTTPS request to a back end server and can only check the response of a HTTP request.

For example a Fortigate load balancer on a firewall can check the HTTP response to verify it received "{"name":"fleet-server","status":"HEALTHY"}" back from the fleet server but it is unable to do this for HTTPS. If you configure the fleet server for HTTPS then it will respond with "Client sent an HTTP request to an HTTPS server." with a status code of 400.

This should not pose as a security risk since it is just a status check of the server. Simply doing a TCP check is not enough because there are a issues with open file limits that the fleet server can hit which results in TCP opening a connection but the server not able to actually respond with a response. (Ticket 00975556)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jdixon-86