In the load balancing setup when using HTTPMonitor is it possible to override SSL settings defined in the TargetServer?
For my particular case I would like HTTPMonitor to perform checks on unsecure path, while all requests incoming to the Target Endpoint I would like go through 2-way-SSL defined in the TargetServer.
It looks like impossible. HTTPMonitor uses settings the way they are defined in the TargetServer. And also by trying to add <SSLInfo> segment in the configuration, like when defining regular HTTPTargetConnection, nothing happens - like APIGEE is ignoring that.
After some time all of my target servers, even ones that should be passing the check from HTTPMonitor, are ejected from the load balancing.
Also, if disabling HTTPMonitor my endpoint start works correctly, all requests are served successfully and load-balancing is according to the selected algorithm distributed to Target Servers. So it is not a problem with connection, SSL itself, certificates...
Any help appreciated.
Thanks!
Code:
Target Endpoint:
<HTTPTargetConnection>
<Path>/DiscoveryWeb/v1/rest</Path>
<SSLInfo>
<Enabled>false</Enabled>
<ClientAuthEnabled>false</ClientAuthEnabled>
</SSLInfo>
<HealthMonitor>
<IsEnabled>true</IsEnabled>
<IntervalInSec>5</IntervalInSec>
<HTTPMonitor>
<Request>
<ConnectTimeoutInSec>10</ConnectTimeoutInSec>
<SocketReadTimeoutInSec>30</SocketReadTimeoutInSec>
<Port>443</Port>
<Verb>GET</Verb>
<Path>/flags/active</Path>
</Request>
<SuccessResponse>
<ResponseCode>200</ResponseCode>
</SuccessResponse>
</HTTPMonitor>
</HealthMonitor>
<LoadBalancer>
<Server name="cft1-test-ssl"/>
<MaxFailures>5</MaxFailures>
<Server name="cft3-test-ssl"/>
<MaxFailures>5</MaxFailures>
</LoadBalancer>
</HTTPTargetConnection>
Target Server:
{
"host": "mfapi-cft1.***.com",
"isEnabled": true,
"name": "cft1-test-ssl",
"port": 443,
"sSLInfo": {
"ciphers": [],
"clientAuthEnabled": true,
"enabled": true,
"ignoreValidationErrors": false,
"keyAlias": "mfapiKey",
"keyStore": "mfapiKeystore",
"protocols": []
}
}
LinkedIn
Twitter
