Bernhard's Homepage

Monitorix with NGINX

Monitorix with NGINX

Monitorix is a lightweight system monitoring tool, perfect for small servers. As I’m already running the NGINX web server, I want to use it for accessing Monitorix.

The FAQ documents NGINX as a reverse proxy for the built-in HTTP server, but I prefer to integrate Monitorix directly into NGINX. As a starting point I used an outdated HOWTO and modified it to use it on Debian Buster with Monitorix 3.x.

Installation

I assume you have already installed NGINX, if not install it with apt-get install nginx. For calling CGI scripts, we need the fcgiwrap server, install it with apt-get install fcgiwrap. Additionally we need to manage web password files, I’m using htpasswd (apt-get install apache2-utils).

And, of course, we need Monitorix, in Debian Buster it can be easily installed by apt-get install monitorix.

Monitorix Configuration

First we need to set the hostname and disable the builtin web server in the Monitorix configuration. For that I’m creating /etc/monitorix/conf.d/50-local.conf, which overwrites the defaults:

title = Server Stats
hostname = monitorix.example.com

<httpd_builtin>
    enabled = n
</httpd_builtin>

As documented in the FAQ the web server needs write permissions in the imgs directory:

chown -R www-data:www-data /var/lib/monitorix/www/imgs

Restart Monitorix with service monitorix restart.

NGINX Configuration

The following configuration allows password protected HTTPS access to Monitorix, HTTP gets redirected to HTTPS. The users/passwords are stored in /etc/monitorix/monitorix-users, they can be manged by the htpasswd program.

server {
    server_name	monitorix.example.com;

    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    access_log /var/log/nginx/monitorix_access.log;

    auth_basic "Restricted";
    auth_basic_user_file /etc/monitorix/monitorix-users;

    location /monitorix {
        alias /var/lib/monitorix/www/;
    }

    location /monitorix-cgi/ {
        alias /var/lib/monitorix/www/cgi/;
        include fastcgi_params;
        fastcgi_pass unix:/run/fcgiwrap.socket;
        fastcgi_param SCRIPT_FILENAME $request_filename;
    }

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    server_name	monitorix.example.com;

    listen 80;
    listen [::]:80;

    access_log /var/log/nginx/monitorix_access.log;

    return 301 https://monitorix.example.com$request_uri;
}

If you want to access the Monitorix page via the root page, you can setup a redirection from / to /monitorix/.

    location = / {
        return 301 /monitorix/;
    }

Alternatively set base_url = / in the Monitorix configuration and in the NGINX config change the line location /monitorix { to location / {. Afterwards restart both services.