Forum Discussion

eagertolearn's avatar
eagertolearn
Icon for Nimbostratus rankNimbostratus
Jun 24, 2024

Curl usage

Hi Experts, 

 

We want to check the status of pool members Eg. service status locally on server, wanted to ensure that user is not offloading any SSL certificate on server locally, Ciphers on servers etc through F5 CLI. 

Can anyone share the exact CURL command to  check  , In addition to this...as per our knowledge curl command should work only in BASH mode and not in tmsh.

Would be great if suggestion can be made in response for which curl output to be check against each service status.

  • svs's avatar
    svs
    Icon for Cirrostratus rankCirrostratus

    A simple curl command to check, whether your HTTP service works as you want would be

    curl -vk https://<IP of your server>[:<Port of your Service>]<URI of your Service>

    A full example could be

    curl -vk https://192.168.10.15/path/to/my/app

    This would result in an HTTP request

    GET /path/to/my/app HTTP/1.1 Host: 192.168.10.15 Connection: keep-alive ...

    If your server uses name-based Virtual Hosts, you have to adjust the Host-header field, to get the correct response:

    curl -vk https//192.168.10.15/path/to/my/app -H "Host: myapp.example.com"

    You can set more custom headers with `-H`, if necessary.

     

    curl can only be used within the advanced shell (=Bash). A good practice to check for the health status of your app depends on you. A simple HTTP monitor, which checks the response code of your app is better than a simple tcp check, i.e.

    HTTP/1.(0|1) (200|404|403)

    would check for a HTTP/1.0 or HTTP/1.1 response, accepting response codes 200, 404 and 403 - for whatever reason this may make sense...

     

    A better approach is a built-in health check in your applications, where the application owner has created an health endpoint, which is callable via HTTP, i.e.

    curl -vk https//192.168.10.15/status/health

    returns

    HTTP/1.1 200 OK ... Content-Type: application/json {"status": "ok"}

     

    These are just some ideas, based on you questions. From my experience such advanced monitors are rare. In the cases I know of, they are mostly simple monitors that only check for response status code 200.

  •  

    curl -vk https://..............

    it will show deatils of the tls session setup

  • Hi, 

     

    Thanks for quick response.

     

    But, if we use "k" (-vk) then this means ignore to check the SSL Certificate status on pool member.

    if we want to check whether application team is offloading any ssl certificate on backend server or not OR if they are offloading then is certificate valid or expired , how to ensure this using curl command.

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP

      don't get the offloading part. do you mean if they have a certificate or not?

      if they don't and you do a curl -vk https://ip it will fail.

      if they do and you do a curl -vk https://ip it will contain the certificate date.

      • eagertolearn's avatar
        eagertolearn
        Icon for Nimbostratus rankNimbostratus

        Thanks for reply boneyard !

         

        One more information, If pool member is not on https (443) then . For Example , pool member is on port 5442  and  now we just wanted to check the port service status during troubleshooting.

         

        What should be the curl command coordinates for this case 

         

  • Hi, 
    I am adding a very important usage for curl command. 

    curl -Ik https://<Virtual_server_Ip>/path1/path2/........

    This command shows you accessing Virtual server throughout Bigip itself , this very very useful when you need to test the virtual server from internal network and isolate the external one , also if there are an issue or something drops packets on your Bigip like ( AWAF , APM ... ) this will confirm that something configured wrong in bigip or Virtual server Configuration and it needs to be reviewed and modified.

    Also you can see logs from this curl test: 
    When doing this Curl command, Bigip will use its external self IP address as a source IP and the destination is the Virtual server. 

     

    Take this note beside svs & boneyard zamroni777 eagertolearn 

     

    thanks

    • svs's avatar
      svs
      Icon for Cirrostratus rankCirrostratus

      That's a really good point. I personally prefer Postman for tests "from the outside", if possible.

      I would like to emphasize the flag -I that you mentioned. Especially when it comes to test health monitors I usually use the HEAD-Method, instead of GET, if I only check the response code. This reduces the amount of unnecessary data between the BIG-IP and server drastically.