Server Monitoring With munin And monit - Page 2

Discussion in 'Server Operation' started by Hans, Apr 27, 2006.

  1. Hans

    Hans Moderator Moderator

    Falko,

    On the Debian server i want to monitor there is ISPConfig installed.
    Can i enable SSL and create a certicate via ISPConfig in stead of doing this:

    Now we create the certificate like this:

    Now we must create the file /var/www/www.example.com/web/monit/token and write some random string into it:

    mkdir /var/www/www.example.com/web/monit
    echo "hello" > /var/www/www.example.com/web/monit/token

    Next we create the pem cert (/var/certs/monit.pem) we need for the SSL-encrypted monit web interface:

    mkdir /var/certs
    cd /var/certs

    We need an OpenSSL configuration file to create our certificate. It can look like this:

    vi /var/certs/monit.cnf

    # create RSA certs - Server


    RANDFILE = ./openssl.rnd


    [ req ]

    default_bits = 1024

    encrypt_key = yes

    distinguished_name = req_dn

    x509_extensions = cert_type


    [ req_dn ]

    countryName = Country Name (2 letter code)

    countryName_default = MO


    stateOrProvinceName = State or Province Name (full name)

    stateOrProvinceName_default = Monitoria


    localityName = Locality Name (eg, city)

    localityName_default = Monittown


    organizationName = Organization Name (eg, company)

    organizationName_default = Monit Inc.


    organizationalUnitName = Organizational Unit Name (eg, section)

    organizationalUnitName_default = Dept. of Monitoring Technologies


    commonName = Common Name (FQDN of your server)

    commonName_default = server.monit.mo


    emailAddress = Email Address

    emailAddress_default = [email protected]


    [ cert_type ]

    nsCertType = server

    Now we create the certificate like this:

    openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
    openssl gendh 512 >> /var/certs/monit.pem
    openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem
    chmod 700 /var/certs/monit.pem


    ---
    Hans
     
  2. falko

    falko Super Moderator Howtoforge Staff

    No. The certificate is for the monit web interface on port 2812; it has nothing to do with your Apache web sites.
     
  3. Hans

    Hans Moderator Moderator

    Learning all the time

    Thanks Falko,

    I had to ask you that because i do not know a lot about SSL and certificates.

    I want you to know that Monit and Munin are up and running now on my Debian server.

    Now i am going to create a new small website for my subdomain:
    monitor.myhostingcompany.tld and i integrate the links under the buttons to Monit and Munin. I also add some other administrative tools too.

    It looks really cool already.

    Thanks again for this really nice "How to".

    Hans
     
  4. sjau

    sjau Local Meanie Moderator

  5. Hans

    Hans Moderator Moderator

    Monit alert

    Nice to know.

    I received two times an e-mail from the system since i have installed monit:

    The contents is:

    Changed Service postfix

    Date: Thu, 27 Apr 2006 23:59:08 +0200
    Action: alert
    Host: server1.mydomain.tld

    Your faithful employee,
    monit

    'postfix' process PID changed to <IDnr>

    Why do i receive this and is it something to worry about?
     
  6. falko

    falko Super Moderator Howtoforge Staff

    This means that Postfix has been restarted and has a different PID now. It's just a notification. Postfix has been restarted by an ISPConfig cron job, so that's ok. :)
     
  7. Hans

    Hans Moderator Moderator

    Good to know.

    The info generated by the two apps is really nice.
    I have to teach about the interpretation. But everything looks good.

    Hans
     

Share This Page