Forum Discussion
AltocumulusQuestion about healthchecks
Hello,
We're publishing quite old server behind XC load balancer, and to make it work I had to lower "TLS Security Level" to Medium under Origin Pool > TLS.
This works fine, however, without healthchecks. If I enable a simple healthcheck, for example:
Host Header Value = my.hostname
Path = /
I start getting "503 Service Unavailable" errors.
I checked the web server logs on the server and there are no hits, so I suspect the healthcheck uses newer TLS protocols/ciphers, therefore, it fails (as it used to fail when TLS Security Level was set by default to High).
Can TLS protocols/ciphers used by the healthecks be configured?
And second question, are there any logs that could be enabled for healthchecks?
Thank you.
2 Replies
- tysmith
MVP
I don't see any option to configure the http health check's tis settings (though I could swear it was previously an option). It could be worth exploring meeting in the middle and leveraging instead a TCP health check? You can drop in custom send/receive payloads to do more introspection than a simple connection check (but even that is better than no checking at all).
- Nikoolayy1
The XC health checks use the same ciphers that you client traffic uses so if the client traffic can connect to the test web page without an issue it is not that. You can stop the health checks and try to connect to the test web page with a browser or postman through the Virtual server.
Add also the correct hostname is configured and under the health checks maybe stop or enable HTTP/2 .
See the links below as well
https://my.f5.com/manage/s/article/K000147503
https://my.f5.com/manage/s/article/K000156742
A quick post on how F5 XC Health Checks are different from BIG-IP | DevCentral
