Falko, On the Debian server i want to monitor there is ISPConfig installed. Can i enable SSL and create a certicate via ISPConfig in stead of doing this: Now we create the certificate like this: Now we must create the file /var/www/www.example.com/web/monit/token and write some random string into it: mkdir /var/www/www.example.com/web/monit echo "hello" > /var/www/www.example.com/web/monit/token Next we create the pem cert (/var/certs/monit.pem) we need for the SSL-encrypted monit web interface: mkdir /var/certs cd /var/certs We need an OpenSSL configuration file to create our certificate. It can look like this: vi /var/certs/monit.cnf # create RSA certs - Server RANDFILE = ./openssl.rnd [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type [ req_dn ] countryName = Country Name (2 letter code) countryName_default = MO stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Monitoria localityName = Locality Name (eg, city) localityName_default = Monittown organizationName = Organization Name (eg, company) organizationName_default = Monit Inc. organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Dept. of Monitoring Technologies commonName = Common Name (FQDN of your server) commonName_default = server.monit.mo emailAddress = Email Address emailAddress_default = [email protected] [ cert_type ] nsCertType = server Now we create the certificate like this: openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem openssl gendh 512 >> /var/certs/monit.pem openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem chmod 700 /var/certs/monit.pem --- Hans
No. The certificate is for the monit web interface on port 2812; it has nothing to do with your Apache web sites.
Learning all the time Thanks Falko, I had to ask you that because i do not know a lot about SSL and certificates. I want you to know that Monit and Munin are up and running now on my Debian server. Now i am going to create a new small website for my subdomain: monitor.myhostingcompany.tld and i integrate the links under the buttons to Monit and Munin. I also add some other administrative tools too. It looks really cool already. Thanks again for this really nice "How to". Hans
Another nice "stats/monitoring" tool is mailgraph. Maybe you also want to include it into your monitoring subdomain ^^ http://people.ee.ethz.ch/~dws/software/mailgraph/
Monit alert Nice to know. I received two times an e-mail from the system since i have installed monit: The contents is: Changed Service postfix Date: Thu, 27 Apr 2006 23:59:08 +0200 Action: alert Host: server1.mydomain.tld Your faithful employee, monit 'postfix' process PID changed to <IDnr> Why do i receive this and is it something to worry about?
This means that Postfix has been restarted and has a different PID now. It's just a notification. Postfix has been restarted by an ISPConfig cron job, so that's ok.
Good to know. The info generated by the two apps is really nice. I have to teach about the interpretation. But everything looks good. Hans
