If you try to monitor a cloudflare fronted website with NagiosXI check_http you may get this:
[root@wtgc-nagios-01 libexec]# ./check_http -H www.mysite.com -S
HTTP WARNING: HTTP/1.1 403 Forbidden - 378 bytes in 0.029 second response time |time=0.028586s;;;0.000000 size=378B;;;0
After much fiddling found that if you formulate the check string as:
./check_http -H www.mysite.com -S --sni
HTTP OK: HTTP/1.1 200 OK - 2175 bytes in 0.556 second response time |time=0.555568s;;;0.000000 size=2175B;;;0
You’ll get a result like this, which is what we want!
You need to use this:
--sni
Enable SSL/TLS hostname extension support (SNI)
The SNI is Server Name Indication, you can read about it here, https://www.cloudflare.com/en-gb/learning/ssl/what-is-sni/, basically a mechanism to improve security by stopping name mis-matching and SSL certificate matching. (put simply).