• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Monitorix SSL

Sheratan

Well-known member
#1
So @Tracy Perry mentioned some monitoring program named Monitorix.

I try to install Monitorix in my Debian PC, this PC is my server replica. The installation is smooth, using izzy APT. The problem is, I can't access Monitorix in 8080, because it always redirect to HTTPS. FYI, my site is running HTTPS (nginx).

So, why, nginx, who is running in 80 and 443, is redirecting monitorix access in 8080 to https?
 

Tracy Perry

Well-known member
#2
So @Tracy Perry mentioned some monitoring program named Monitorix.

I try to install Monitorix in my Debian PC, this PC is my server replica. The installation is smooth, using izzy APT. The problem is, I can't access Monitorix in 8080, because it always redirect to HTTPS. FYI, my site is running HTTPS (nginx).

So, why, nginx, who is running in 80 and 443, is redirecting monitorix access in 8080 to https?
You need to set up a proxy for it.
I set up a subdomain for it and created a vhost just for it on my Debian servers (on my CentOS ones I just did it as an include in the main vhost).
Code:
server {
# ipv4
listen 80;
# ipv6
listen [::]:80;
    server_name monitorix.yourdomain.com;


    error_log /var/log/nginx/stats-error.log warn;
    access_log /var/log/nginx/stats-access.log;
    root /var/lib/monitorix/www;
    #end changes needed to begin

location /monitorix {
   auth_basic "Restricted";
   auth_basic_user_file /etc/monitorix/monitorix-users;

    include proxy_params;
    proxy_pass          http://localhost:8080/monitorix;
    allow               127.0.0.0/8;

    # for old versions up to 3.4.0
#    location ~* \.png$ {
#       root /usr/share;
#    }

    # since 3.5.0 version
    location ~ ^/monitorix/(.+\.png)$ {
        alias /var/lib/monitorix/www/$1;
    }
}

}
 

Sheratan

Well-known member
#3
I know I need to setup a proxy for it.

I just wanted to know why nginx is redirecting 8080 to https, event nginx is not listening in 8080?
 

Tracy Perry

Well-known member
#6
Well, in my case, all http request to 8080 is redirected to https://localhost:8080/monitorix

Even after I put accept_selfsigned_certs = n in monitorix.conf :unsure:

What do I miss in here?
Mine is not redirecting to an https site. It (using the setup I showed above) redirects to a non-https site (and my main site is https).
You will have to create a new DNS entry to duplicate the setup, and then go to it by http://monitorix.yourdomain.com (or whatever you change the monitorix to).
 

Sheratan

Well-known member
#7
Trying to install in a fresh system...

502 Bad Gateway - NGINX

Code:
recv() failed (104: Connection reset by peer) while reading response header from upstream,
:(

I guess I'm stick with cacti
 

Tracy Perry

Well-known member
#8
Trying to install in a fresh system...

502 Bad Gateway - NGINX

Code:
recv() failed (104: Connection reset by peer) while reading response header from upstream,
:(

I guess I'm stick with cacti
Depends on your nginx setup. There is no PHP needed so just that simple process should work. You want to send me your vhost configs in a convo and I can take a quick look at them. It is probably something to do with your nginx setup.
 

Sheratan

Well-known member
#9
/sites-available/mon

Code:
server {
    listen 80;
        server_name monitoring.localhost;

    error_log /var/log/nginx/stats-error.log warn;
    access_log /var/log/nginx/stats-access.log;
    root /var/lib/monitorix/www;
  
    location /monitorix {
    auth_basic "Staff Only";
    auth_basic_user_file /etc/monitorix/monitorix-users;

    include proxy_params;
        #proxy_pass          http://localhost:8080/monitorix;
    proxy_pass       http://unix:/var/run/php5-fpm.sock:8080/monitorix;
        allow               127.0.0.0/8;

        # for old versions up to 3.4.0
    #location ~* \.png$ {
    #root /usr/share;
    #}

        # since 3.5.0 version
        location ~ ^/monitorix/(.+\.png)$ {
        alias /var/lib/monitorix/www/$1;
        }
    }
}
/sites-available/default

Code:
server {
    listen 80;
    server_name localhost;
    return 301 https://localhost$request_uri;
    server_tokens off;
}

# HTTPS server
#
server {
    listen 443 ssl spdy default_server;
    server_name localhost;
    spdy_headers_comp 5;
  
    root /usr/share/nginx/html;
    index index.php index.html index.htm;
    server_tokens off;

    ssl on;
    ssl_certificate /myssl/ssl.pem;
    ssl_certificate_key /myssl/ssl.key;
    ssl_dhparam /myssl/dhparam.pem;
  
    ssl_session_timeout 10m;
  
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-CAMELLIA256-SHA:ECDHE-ECDSA-AES256-CBC-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-CBC-SHA:DHE-RSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:RC4-SHA;
  
    add_header Strict-Transport-Security max-age=31536000;
  
    location / {
        try_files $uri $uri/ /index.php?$uri&$args;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param HTTPS on;
        fastcgi_param HTTP_SCHEME https;
        include fastcgi_params;
        try_files $uri $uri =404;
        fastcgi_read_timeout 600;
    }

    location ~ /\.ht {
        deny all;
    }

    error_page 404 /404.html;
    error_page 401 403 /401-403.html;
    error_page 504 /504.html;
    error_page 503 /503.html;

    location ~* \.(?:ico|jpe?g|gif|png|css|js|xml)(\?.+)?$ {    
        access_log    off;    
        log_not_found    off;    
        expires     1y;
    }

    location /internal_data/ {    
        internal;  
    }


    location /library/ {    
        internal;  
    }

    location /error_page/ {    
        internal;  
    }

    location  /404.html {
          internal;
    }

    location  /401-403.html {
          internal;
    }

    location  /504.html {
          internal;
    }
  
    location  /503.html {
          internal;
    }

    location /install {
                auth_basic "Staff Only";
                auth_basic_user_file /htpasswd;
        }
}
 

Tracy Perry

Well-known member
#12
This is really sound silly. I'm not a native english user. Care to explain what do you mean? :D
On your computer that you have the localhost setup installed (if a Linux box) in /etc you have a file called hosts
Code:
127.0.0.1 localhost
127.0.0.1 monitorix.localhost
needs to be in there at least. That way nginx knows that monitorix.localhost is a local vhost.
 

Sheratan

Well-known member
#13
On your computer that you have the localhost setup installed (if a Linux box) in /etc you have a file called hosts
Code:
127.0.0.1 localhost
127.0.0.1 monitorix.localhost
needs to be in there at least. That way nginx knows that monitorix.localhost is a local vhost.
Oh. I have done that. I can call monitorix.localhost in my browser. I can see "Hostname", "Graph", "Daily", "Weekly" etc but after I click "Ok" I got 502 Gateway.
 

Tracy Perry

Well-known member
#14
Honestly, I haven't installed it on a localhost environment, so it may be something specific to that - or the way you have your nginx/php-fpm (and there are several different ways) configured.
My "localhost" testing environment consists of an actual VPS I have set out on my server.
 

MattW

Well-known member
#16
Code:
location /monitorix {
                include proxy_params;
                proxy_pass              http://127.0.0.1:8080/monitorix;
                allow           127.0.0.0/8;

                location ~* \.png$ {
                        root /usr/share;
                }
        }
You also need to set up some proxy parameters
Code:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 

MattW

Well-known member
#19
http://nginx.org/en/docs/http/ngx_http_proxy_module.html

An unchanged “Host” request header field can be passed like this:
Code:
proxy_set_header Host $http_host;
However, if this field is not present in a client request header then nothing will be passed. In such a case it is better to use the $host variable - its value equals the server name in the “Host” request header field or the primary server name if this field is not present:
Code:
proxy_set_header Host $host;
The settings I posted is what I used to get it working on my server, with the domain on HTTPS.