We run blackbox checks against various internal tools (including Phabricator) using Prometheus' blackbox exporter. I want to add a healthcheck for our alternate file domain, for a few different reasons:
- To provide alerts when our SSL certificates need to be renewed.
- To ensure that CloudFront is operational (so that we can bypass CloudFront if necessary, I guess).
- To get some insights into response times.
Currently it doesn't seem easy to do this because there is no static endpoint that I can point at for healthchecks. Ideally I would use the existing /status/ endpoint, but that endpoint throws an exception when accessed through the alternate file domain:
> curl -I https://REDACTED/status/ HTTP/1.1 500 Internal Server Error Content-Type: text/html; charset=UTF-8 Content-Length: 1979 Connection: keep-alive Cache-Control: no-store Content-Encoding: gzip Date: Wed, 12 Jul 2017 21:46:01 GMT Expires: Sat, 01 Jan 2000 00:00:00 GMT Server: nginx Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Content-Type-Options: nosniff X-Frame-Options: Deny Vary: Accept-Encoding Age: 43 X-Cache: Error from cloudfront Via: 1.1 REDACTED.cloudfront.net (CloudFront) X-Amz-Cf-Id: MTKiBNt0E6W5cmFsKOufjzYMvzsr8K82R_eSo8_py0Wsotij3CD6uA==
The exception message is as follows:
This Phabricator install is configured as https://BASE_URL, but you are using the domain name ALTERNATE_FILE_DOMAIN to access a page which is trying to set a cookie. Access Phabricator on the configured primary domain or a configured alternate domain. Phabricator will not set cookies on other domains for security reasons.
It's worth noting that the /status/ does work on p.phcdn.net, but I suspect that's because of some hacky Apache voodoo.