Monitoring Cached Websites

2023/10/26 by Leave a comment

Websites that use CDN or caching services like Cloudflare or Amazon Cloudfront can be a little tricky to monitor. You need to make sure all the regular website stuff is working along with additional monitoring for the backend web server and the caching service itself.

NodePing has you covered on both ends: the regular website monitoring and some powerful features specifically for monitoring CDN websites.

The Basics

When someone wants to connect to your website, there are 4 things that have to be working correctly:

  1. DNS
  2. Routing
  3. SSL
  4. Web Server response

DNS

If your DNS servers aren’t available, your visitor’s browser won’t be able to translate the FQDN in the URL to a routable IP address so monitoring each of your nameservers is vital to website availability.

Create a DNS check for each nameserver and be sure the query for your FQDN is being answered.

Routing

Now that the browser has the IP address of a web server, it needs to be able to reach out across the interwebs and request content. Incorrect routing and packet loss can make your website unreachable.

Use our PING and MTR checks to ensure that routing is working and that there is no packet loss.

We often get questions from site owners when the monitoring says their site is failing, but they can get to it fine from their device. Upstream connectivity issues are often the reason, and having the PING or MTR check in place and running from different geographical regions can help identify those troubles quickly.

SSL

Visitors expect websites to use industry best-practices for security, including transport encryption using TLS/SSL. You don’t want them to see that embarrassing “Unsafe” warning when they hit your website because your SSL certs are expired or incorrectly configured.

Create an SSL check to warn you before the cert expires.

Web Server Response

If everything mentioned above is firing on all cylinders, the web server will respond to the visitor’s request and reply with the expected content.

Using NodePing HTTP Content checks, you can verify that the web server is returning the expected HTTP response code and content.

With the basics of website monitoring nailed down, there’s a couple of additional challenges that caching services create that need special monitoring.

Monitor the Back-end Server

If your back-end server isn’t functioning, your CDN or caching service will continue to respond normally, at least for a while. But you’ll want to know right away if that back-end server is offline. You won’t be able to monitor that back-end server using the regular FQDN in the URL because it points to the caching service, not your back-end server.

NodePing can monitor a back-end server using an IP in the URL. The IP address can be either an IPv4 or an IPv6 address.

Example: https://192.168.1.1/index.html

Example: https://%5Bfe80::ec4:7aff:fe06:c186]/index.html

Note: When using IPv6, use square brackets around the IPv6 address.

To get the SSL to respond properly, use an HTTP Advanced check and send a special request header of “Hostname” set to the FQDN of the website.

Example: “Hostname” “example.com”

Cache-busting

To make sure the caching service or CDN is able to communicate properly with your back-end server, you need to send an HTTP request to the service with a URL it hasn’t cached. That will force the service to talk with your back-end server to get fresh content. To do that, it has to be a different URL each time it’s monitored. This is called cache-busting.

NodePing has a cool cache-busting feature on the HTTP Advanced check that will slightly change the URL each time it monitors so that it always causes the caching service to talk with your back-end server.

To use cache-busting, modify the URL query string. Add a non-essential element with the value of “{{now}}”. NodePing will replace that value with a millisecond timestamp each time the check is run.

Example URL: https://nodeping.com/?cachebusting={{now}}

When the URL is run, it will look like: https://nodeping.com/?cachebusting=1697232757035

Each time it is run, the value will be different: https://nodeping.com/?cachebusting=1697232816021

Since each URL is unique each time, there will be no cached entry and the caching service will hit your back-end server on each check run. If the service isn’t able to reach your back-end server, it should return a 522 error or something similar, which will make the NodePing check fail and alert you to the issue.

Website Monitoring

Using a CDN or caching service with your website can speed things up but it can also make things break in ways that basic website monitoring may miss. NodePing’s features allow you to ensure that your back-end web server is up and running and that your caching service is operating as expected.

If you don’t yet have a NodePing account, please avail yourself to our 15-day, free trial. You’ll see why those who know, use NodePing.

Filed under DNS, HTTP, Monitoring, MTR, PING, SSL, website monitoring Tagged with , , ,

Database Monitoring with NodePing

2023/09/26 by Leave a comment

In our recent post ‘Beyond “Is It Up?” – Website Monitoring should be Comprehensive‘ we talked about how website monitoring should be wider than just measuring if a website responds to requests.  If you are responsible for website availability or performance you should of course be monitoring if the website responds in a timely manner, but you also should be monitoring status codes in the response, validating certificates and domain expiration, and DNS.  In today’s post I wanted to extend that discussion to another critical component of your infrastructure: monitoring database accessibility and performance.  Not only are databases a critical part of your web infrastructure, NodePing’s database monitoring can be a key element in your overall infrastructure monitoring that goes well beyond the web.

Monitoring Database Connectivity and Accessibility

As with any server monitoring, the first layer to consider is connectivity and accessibility.  Depending on your network infrastructure, this might mean some combination of PING, MTR, and PORT checks.  These check types can tell you if the database is accessible from places it should be, and make sure it remains inaccessible when it shouldn’t be.  In fact, it is a good idea to monitor your firewalls and routers with these check types.  At its most basic level, the PORT check tells us if your database servers are listening and responding on the expected ports.  The flip side of this is also important.  If your database should not be accessible from the Internet, running a check that monitors that can be just as important to make sure it stays that way. 

In testing connectivity, the PORT check can test just about any service.  For databases specifically, NodePing adds protocol aware monitoring for databases that respond to HTTP requests, as well as check types that understand the specifics of connecting to Redis, MySQL, PostgreSQL, and MongoDb databases.

Querying HTTP based databases with advanced HTTP check types

For databases with native HTTP support, using NodePing’s HTTP based check types can be really useful for monitoring the database performance, as well as monitoring specific responses.  For example, internally we have used our own monitoring to keep track of CouchDB databases for years.  This is useful for answering questions like 

  • Is the database responding in a reasonable time frame?
  • Is the database accessible using SSL/TLS, and is the certificate valid or about to expire?
  • Is the database listening and accessible to non-encrypted ports?  In our use case, this answer needs to be “No,” so NodePing’s capability to monitor that a port is not accessible is important here.
  • Are Couchdb views responding?  We keep some indexes that don’t get constant use warm with monitoring checks.
  • Are the actual values returned within expected ranges?  NodePing’s HTTP Parse check can make an HTTP request and then monitor specific fields within a JSON response to make sure it is within the expected range.  This is particularly useful in monitoring a Couch view that uses reduce.

Running Queries on MySQL, PostgreSQL, and MongoDb

NodePing has specialized check types that can monitor MySQL, PostgreSQL, and MongoDB specifically.  For these databases, NodePing’s monitoring can run a user-defined query and report on the response.  This allows you to run a custom query to track performance metrics, data counts, or set up alerts based on whether the responses are within a defined range.  If the expected response is a string, you can use regex to match the response to ensure it is what is expected.  These responses can be used to trigger notifications, graph values in your database, and store the data for future reference and analytics.

Security considerations for database monitoring

We already mentioned a few of the considerations around the security implications of database monitoring.  The database queries discussed above can use authentication where applicable.  For HTTP connections, as well as MySQL and PostgreSQL, the checks can be used to verify the encryption and certificates.  But a key element in monitoring databases is that in the vast majority of cases the databases should not be universally accessible.  NodePing’s AGENT based checks allow you to run these checks from your own networks, which means you get the full robust monitoring of NodePing’s checks, without opening your database ports to the outside world. In addition, our PUSH check type allows you to script database verification and push the results into NodePing for alerts and reporting.  This suite of check types and options together allow you to do robust monitoring for your databases without compromising your security.  In addition, we recommend that you use authentication to provide the monitoring with the least required access to do the necessary monitoring.

Monitoring Should be Comprehensive

From the outset NodePing has sought to provide website and server monitoring at a price point that allows you to run all the checks you need cost-effectively.  That’s because we believe that monitoring should be comprehensive.  You should be monitoring all of the components of your infrastructure in a way that when you are notified, you know immediately where a sysadmin response is needed.  Database monitoring is a critical component of this.  NodePing’s database monitoring can be a key part of your overall solution to ensure your services are all working as they should, and quickly tell you where the problem is in order to minimize disruptions.

Give it a try!  NodePing has a free, 15-day trial, so there is no risk to trying it out.  We think you’ll be impressed by how easy it is to get comprehensive monitoring in place, including for your databases, and how cost-effective and timesaving it can be as a part of your overall infrastructure management.

Filed under MongoDB, Monitoring, PostgreSQL, Redis, SSL, Using NodePing Tagged with , , , ,

Free SSL Certificates for Public Status Reports

2021/11/23 by

We’ve added a free ACME SSL provider integration to our Status Reports so your public status pages can be accessed on TLS-secure URLs.

NodePing public status reports provide a visible indicator of your website and service status and you can set those reports to be accessible to any subdomain you control. It’s easy to have your status page show up on http://status.example.com. You need only add the custom domain to your public report and set a DNS record.

Now with free SSL certs from Let’s Encrypt™, just by setting one additional CNAME record in your DNS, you can also have your public status pages show up on TLS-secure URLs like https://status.example.com.

Detailed instructions about adding SSL to your public status report is available in our documentation.

The new SSL certs are available to both ‘Professional’ and ‘Premiere’ accounts.

If you don’t have a NodePing account yet, please sign up for our free, 15-day trial.

™ is a trademark of Internet Security Research Group. All rights reserved.

Filed under Announcement, reporting, reports, SSL Tagged with ,

Email monitoring done right

2013/02/25 by Leave a comment

For several years before starting NodePing I worked in a number of different roles in IT, including system administration, project management, infrastructure and network management, and development. A sizable chunk of that time was spent at an organization that ran email servers in a number of different countries scattered around the world. Making sure that all of those email systems were working properly and generating useful reporting was a huge challenge, and involved a lot of repetitive manual steps.

Availability report outputNodePing’s monitoring services were largely motivated by the desire to make widespread monitoring of web sites and other Internet accessible services as simple and automatic as possible. One of the reasons I’m so excited about our suite of email monitoring checks is that I know from personal experience how important these tools are, both from a sys admin’s point of view as well as from technical management roles.

The core of this set of tools is SMTP monitoring. This check has several options that allow you to check the remote SMTP server in a variety of ways. At its most basic, it can be used to check that the server is operating and answering to SMTP connections and is accessible. It can also watch the SSL/TLS certificates, and notify you in advance of when certificates will expire. The check also can be used to monitor if the SMTP server accepts or denies specific email addresses, which can be used for open relay monitoring. Authentication verification can make sure that the server is logging people in properly. This is particularly important when email servers are integrated with separate directory services, such as an LDAP service or Active Directory.

SMTP server monitoring should also be paired with RBL monitoring. This checks the server’s address against a number of different RBL services, and can notify you if the server has been blacklisted. Any experienced email administrator knows that staying off of these lists is critically important, and it is possible to get on a black list without doing anything outside of normal business practices. When it happens you need to know quickly so you can remedy or clarify the situation and get off of the black list before it negatively impacts business.

The IMAP and POP checks go hand in hand with the SMTP check to ensure that your customers and employees can retrieve mail from their inboxes. Like the SMTP check, these checks not only monitor that the server is accepting connections, but can verify authentication and warn you in advance if an SSL certificate is nearing expiration.

The final piece of the email service monitoring tool set is monitoring the web interface. Here NodePing’s HTTP Content check can be used to make sure that the service is responding with the proper web page, and the SSL check can verify that the web interface’s SSL certificate is in place and working properly, as well as warn of a nearing expiration date.

These checks together provide a full complement of tools for monitoring email services. For most systems, we’d suggest a full set of checks:

  • The SMTP service is operating properly on port 25, accept a STARTTLS command, accepts authentication, and accepts a given address for relay from an authenticated user. All of this, with verification of the TLS certificate, can be done with one check.
  • The SMTP service is listening and accepting SSL based connections on port 587.
  • The SMTP service rejects open relay requests.
  • The SMTP service accepts a local address from non-authenticated hosts.
  • The server is not on any RBL’s.
  • The IMAP server is operating properly on port 143 and authenticating properly
  • The IMAP server is operating properly on port 993 and the SSL certificate is good
  • The POP server is operating properly on port 110 and authenticating properly
  • The POP server is operating properly on port 995 and the SSL certificate is good
  • The web interface is operating properly on port 80 (if that is supported)
  • The web interface is operating properly on port 443 and the certificate is good.

This is a long way from a check that just monitors if a port is listening somewhere. It is the full set of checks that together help to ensure a healthy email system. We continue to extend our monitoring service and make our checks smarter, with the goal to take as much of the manual busy work out of the hands of busy administrators and allow them to focus on tasks that use their actual skills.

If you are responsible for email servers and haven’t added NodePing’s monitoring to your tool set yet, sign up for our free trial and give a try!

Filed under Email, POP, RBL, SMTP, SSL, Using NodePing Tagged with ,

Don’t let your certificate expirations catch you offguard

2013/02/23 by Leave a comment

Microsoft’s recent slipup with a certificate that caused outages for the Azure service is a reminder for the rest of us to make sure we are keeping a close eye on certificate expirations. Having a certificate expire on you makes you company look really inept, but in practice keeping track of certificates and when they expire can be a pain if you are trying to do it manually. A system that monitors certificates and reminds you before they will expire can be an excellent way to avoid having this happen to you, and is much easier than tracking them in a spreadsheet or sticky notes.

NodePing provides a few different ways to keep ahead of certificate expirations. For web servers, we have an SSL Check specifically designed to check the validity of SSL certificates and warn you a set number of days before they expire. You can set the number of days to anything that is useful for you. We typically suggest a couple of weeks in advance of the expiration.

Certificate expirations can also hit other types of services as well. Our email checks (SMTP, POP, and IMAP) can verify the SSL/TLS certificates used by each of these servers. Similar to the SSL check for web services, these checks verify that the SSL certificate is valid and working, and also can be set to warn you a certain number of days before they expire.

Tracking your certificates can be a pain, but it doesn’t have to be. Using an automated monitoring system like NodePing for SSL Certificate monitoring can make the task easy and painless, and let you focus on more interesting things.

Filed under SSL, Using NodePing Tagged with , ,

POP Monitoring Enhancements

2013/01/10 by Leave a comment

As part of strengthening our email server monitoring solutions, we’ve added a bunch of new features to the POP3 check type. They nicely complement our recent changes to our SMTP and IMAP checks.

New features include:

  • Non-standard ports. Specify any port, not just POP default port 110
  • SSL/TLS support on any port – not just 995.
  • SSL certificate validation
  • SSL certificate expiration warnings – configurable to X days before expiration
  • User login verification.

More details about the new POP server monitoring enhancements can be found in our documentation.

These features are available to all NodePing server monitoring accounts today. If you don’t have an account yet, you can sign up for a free 15-day trial at https://nodeping.com.

Now, if you just had a way to monitor spam blacklists for your server ip addresses… RBL Check is on its way!

Filed under Monitoring, NodePing Updates, POP, SSL Tagged with , , , ,

SMTP Check Enhancements

2013/01/02 by Leave a comment

We’ve rolled out some important enhancements to our SMTP check that will help ensure your email server is running as it should be.

Added enhancements include:

  • Non-standard ports
  • SSL/TLS support including certificate verification and expiration warning
  • STARTTLS support
  • AUTH with support for PLAIN, LOGIN, and CRAM-MD5
  • Mail acceptance verification including open relay notification

The SMTP check will now not only verify that your email server is running but can also optionally check to see if your server is an open relay or properly accepting mail for a particular email address.

The new open relay functionality will test to see if your mail server will accept mail for an address that should not be allowed. If your server is an open relay, we will send you a notification.

It’s also important to verify that your email server is not rejecting mail that it should be accepting. There are many reasons an SMTP server may reject email. The configuration may have changed or a particular mailbox may be over its quota. This enhancement verifies that your server will accept messages to an email address of your choice and send you a notification if it is rejected.

We’ve added extensive SSL/TLS support including STARTTLS as well as certificate verification and certificate expiration warnings. Simply set how many days in advance of the expiration you would like to be notified and we’ll send you an alert, giving you time to renew and install your new certificates.

The new optional AUTH support allows you to verify that users can log in and send mail using industry standard PLAIN, LOGIN, and CRAM-MD5 AUTH mechanisms.

You can find more information about our new SMTP check enhancements in our documentation.

These enhancements are available now to all NodePing customers. If you don’t currently have an account, please sign up for our free 15 day trial.

Filed under Monitoring, NodePing Updates, SMTP, SSL Tagged with , , , ,

SSL Check Now Supports SNI and UCC Certificates

2012/11/26 by Leave a comment

We’re happy to announce a couple of enhancements to our SSL certificate check. We now support SNI and UCC certificates

SNI (Server Name Indication) passes the hostname to the server when we request the certificate. That allows you to serve multiple SSL certificates on a single IP address.

UCC (Unified Communications Certificates) allow you use one certificate for multiple hostnames. Unlike wildcard certificates, which NodePing has supported from the beginning, UCC certificates can cover multiple hostnames on multiple domains.

As IPV4 addresses keep getting scarcer, the ability to monitor your SNI and UCC certificates for validity and expiration dates will become increasingly more important. NodePing is glad to be able to offer reliable monitoring for these SSL types.

If you’re not already a NodePing customer, please sign up for our free trial and see how SNI and UCC certificate monitoring can be easy and economical.

Filed under Monitoring, NodePing Updates, SSL Tagged with , , , ,

SSL Certificate Check

2012/03/28 by 2 Comments

An SSL certificate is an important part of serving up secure websites. It puts the ‘S’ in HTTPS and gives your visitors that warm fuzzy feeling when they see that padlock in their browsers. But those SSL certificates don’t last forever. Most have to be renewed every 1-3 years and should you forget and let that certificate expire, your visitors will be met with an ugly “This Site is Untrusted‘ message instead of your great content. Let NodePing keep an eye on your SSL certificates with our new SSL check available today.

Monitoring your SSL certificate with NodePing will allow you to receive notifications if the certificates is nearing its expiration, is replaced with an invalid certificate, or if your webserver is incorrectly serving it. You can also configure how many days in advance of expiration you’d like to receive the notification, giving you time to renew and install a new certificate without interruption.

The new SSL check is just one more link in your comprehensive server monitoring chain. NodePing is happy to keep an eye on your SSL certificates. If you don’t have an account yet, sign up for a free 15 day trial at http://nodeping.com.

Let us know what you think of the new SSL check in the comments below.

Filed under Monitoring, NodePing, NodePing Updates, SSL, Using NodePing