[HOWTO]Munin HTTPS on MultiServer

Discussion in 'Installation/Configuration' started by Tuumke, Dec 1, 2017.

  1. Tuumke

    Tuumke Active Member

    I'm assuming the following:
    - ISPConfig Multiserver (in my case 1 main with WEB/FTP/DB/DNS/MAIL and a 2nd DNS server)
    - You have a valid (letsencrypt) cert for the server where ISPConfig webinterface is not running. (If not try this tutorial)
    - Munin is already installed and working withouht HTTPS
    All the information is scraped from various tutorials already on the website/forum, so not much credit for me ;)

    What i think worked for me in the end, but i might need you guys to help me out here a bit with testing, is the following:

    Since this server wont be using other certs, i replaced the originals selfsigned certs in /usr/local/ispconfig/interface/ssl/.
    I placed my LetsEncrypt certs in here with:
    acme.sh --installcert -d ns2.tsictdiensten.nl \
    --certpath /usr/local/ispconfig/interface/ssl/ispserver.crt \
    --keypath /usr/local/ispconfig/interface/ssl/ispserver.key \
    --fullchainpath /usr/local/ispconfig/interface/ssl/ispserver.bundle
    Then i turned on default apache SSL so that when someone browses to the default apache page, they get a nice ssl default apache page :p
    find and edit SSLCertificateFile  and SSLCertificateKeyFile and make it look like:
    SSLCertificateFile  /usr/local/ispconfig/interface/ssl/ispserver.pem
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    Turn on the config
    a2ensite default-ssl
    And test it by visiting: https://2nd.domain.tld

    If all goes well, continue. If not, debug or post below.

    Next we need another site-available for munin. Since we already have a conf-available and enabled (munin.conf linking to the apache24.conf) but we cant put our ssl stuff in there.
    cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/100-munin.conf
    nano /etc/apache2/sites-available/100-munin.conf
    I would change and edit:  ServerAdmin
    You need to change and edit:
     DocumentRoot and set it to /var/cache/munin/ww
    Enable the site
    a2ensite 100-munin && service apache restart
    That should do it!
    ahrasis likes this.
  2. ahrasis

    ahrasis Well-Known Member

    If https://2nd.domain.tld is a publicly accessible website, we can also use certbot to issue and automatically renew its LE SSL, without a need to acme.sh. This applies to multiple (sub)domains within that https://2nd.domain.tld. The only thing I'd personally prefer using acme.sh is when I do not have a publicly accessible website for that server. Just my 2 cents.
    Tuumke likes this.
  3. Tuumke

    Tuumke Active Member

    Hm i guess that is true. But woudlnt know how to set that up though :p
  4. ahrasis

    ahrasis Well-Known Member

    Tuumke likes this.
  5. Tuumke

    Tuumke Active Member

    On the other hand, normally, you wouldnt setup apache on a 2nd dns server. But since i also run Monit and Munin..

Share This Page