Page MenuHomePhabricator

Healthcheck endpoint for alternate file domain
Open, Needs TriagePublic

Description

We run blackbox checks against various internal tools (including Phabricator) using Prometheus' blackbox exporter. I want to add a healthcheck for our alternate file domain, for a few different reasons:

  1. To provide alerts when our SSL certificates need to be renewed.
  2. To ensure that CloudFront is operational (so that we can bypass CloudFront if necessary, I guess).
  3. To get some insights into response times.

Currently it doesn't seem easy to do this because there is no static endpoint that I can point at for healthchecks. Ideally I would use the existing /status/ endpoint, but that endpoint throws an exception when accessed through the alternate file domain:

> curl -I https://REDACTED/status/
HTTP/1.1 500 Internal Server Error
Content-Type: text/html; charset=UTF-8
Content-Length: 1979
Connection: keep-alive
Cache-Control: no-store
Content-Encoding: gzip
Date: Wed, 12 Jul 2017 21:46:01 GMT
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: Deny
Vary: Accept-Encoding
Age: 43
X-Cache: Error from cloudfront
Via: 1.1 REDACTED.cloudfront.net (CloudFront)
X-Amz-Cf-Id: MTKiBNt0E6W5cmFsKOufjzYMvzsr8K82R_eSo8_py0Wsotij3CD6uA==

The exception message is as follows:

This Phabricator install is configured as https://BASE_URL, but you are using the domain name ALTERNATE_FILE_DOMAIN to access a page which is trying to set a cookie. Access Phabricator on the configured primary domain or a configured alternate domain. Phabricator will not set cookies on other domains for security reasons.

It's worth noting that the /status/ does work on p.phcdn.net, but I suspect that's because of some hacky Apache voodoo.