Installation of Monit and access to webinterface

Hi all,

I installed the monit addon any also configured a file to check the correct running of
unbound.

I created a folder monit.d
and place a file

-rw-r–r-- 1 root root 325 May 23 17:46 checkunbound

the file includes the following lines

IPFire - monit control file - unbound

check process unbound with pidfile “/var/run/unbound.pid”
not every “40-50 2 * * 1”
start program = “/etc/init.d/unbound start”
stop program = “/etc/init.d/unbound stop”
if not exist then alert
if not exist for 2 cycles then restart
if 3 restarts within 3 cycles then alert

After this i restarted the monit again.

How can I check, if the monit configuration really works.
I stopped the /unbound task and was waiting for the restart of the task ?

I try to access the webinterface of the monit, which should on http://ipfire:2812
I tried http and https and did not get the interface.

I released the port 2812 in the firewall and in the web proxy .

Where is my problem ?

Best regards
R.

Hi,

perhaps some hints may help.

Check if monit is really running:

root@ipfire: / # /etc/init.d/monit status
monit is running with Process ID(s) 21454.

Check if monit is “monitoring” and which services it is looking for:

root@ipfire: / # monit summary
Monit 5.28.0 uptime: 6d 1h 4m
┌─────────────────────────────────┬────────────────────────────┬───────────────┐
│ Service Name                    │ Status                     │ Type          │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ ipfire.localdomain              │ OK                         │ System        │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ unbound                         │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ suricata                        │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ squid                           │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ privoxy                         │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ ntpd                            │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ httpd                           │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ hostapd                         │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ dhcpd                           │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ collectd                        │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ clamd                           │ OK                         │ Process       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ hp5652                          │ OK                         │ Remote Host   │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ brother5350                     │ OK                         │ Remote Host   │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ red0                            │ OK                         │ Network       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ green0                          │ OK                         │ Network       │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ blue0                           │ OK                         │ Network       │
└─────────────────────────────────┴────────────────────────────┴───────────────┘

Or, if you want this output in detail, use:

root@ipfire: / # monit status

And check contents of /etc/monitrc - this file might need adjustments.

E.g.:

  • Is the line include /etc/monit.d/* uncommented?
  • Check the settings of the web server.

Example:

...
set httpd port [CHOOSE_YOUR_PORT]
   allow [IP_ADDRESS_OF_MY_PC]/32
   ssl enable
   pemfile  /etc/httpd/server.pem
#    use address localhost  # only accept connection from localhost
    allow localhost        # allow localhost to connect to the server and
# allow md5 /var/ipfire/auth/users
    allow [CHOOSE_A_USERNAME]:[CHOOSE_PASSWORD]      # require user 'admin' with password 'monit'
...

You don’t need to open ports in the firewall or in the web proxy.

Just read the comments in /etc/monitrc and take your picks.

HTH,
Matthias

1 Like

Hello Matthias,

thanks for the detailed description.
The monit task is running and it will check the “unbound” process.
I still did not get the web interface to run (first only http and then https)

I may have to check the permissions and the access range as well.

Best regards
R.

Hi,

I didn’t get the web interface to run.

I guess it will not run without ssl, because the main website for ipfire is running with
ssl.

Here is the important part for the monitrc file

set httpd port 2812
use address localhost
allow < ip address of ipfire > allow localhost
allow < ip address of pc1 > # desk top pc
allow < ip address of pc2 > # my handy
ssl enable
pemfile /var/ipfire/ovpn/certs/serverkey.pem

When I try to start the service, I always the the message,
that the permission of the file is wrong.
But the file is chown with 700 or less.

When I try to use a connection without ssl, I always get the message,
that the service could not connect the main ip address.

Any idea ?

Best regards
R.

Hi All,

the web interface is now running.
change to
set httpd port 2812
use address < ip Adress of IPfire >
allow < ipaddress of ipfire >
allow localhost
allow < ip address of PC 1 > # desk top pc
allow < ip address of pc 2 > # my handy

I did not get the ssl connection to run.

Question to backup

What files are included within the backup done in the backup of the add on ?

Best regards
R.

Hi @ritchie

The monit includes file contains

/etc/monitrc
/etc/monit.d

So it is backing up the configuration file and anything that is in the monit.d directory

Hello Adolf,

thanks for the information. That is exactly what I need.

Best regards
R.

Glad to be of help.