Icinga Configuration For Nginx On Debian Wheezy/Ubuntu 11.10

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 02/09/2012

Icinga is an enterprise grade open source monitoring system which keeps watch over networks and any conceivable network resource, notifies the user of errors and recoveries and generates performance data for reporting. It is a fork of Nagios. This tutorial explains how to serve the Icinga Web interface from an nginx server on Debian Wheezy/Ubuntu 11.10 (the tutorial might work for Debian Squeeze as well but I didn't test; Squeeze's Icinga version is a lot older than the versions for Wheezy and Ubuntu 11.10, so there might be small differences).

I do not issue any guarantee that this will work for you!

1 Preliminary Note

I want to serve the Icinga web interface from a vhost called www.example.com/example.com here with the document root /var/www/www.example.com/web.

You should have a working LEMP installation, as shown in this tutorial:

• Installing Nginx With PHP5 (And PHP-FPM) And MySQL Support On Ubuntu 11.10

A note for Ubuntu users:

Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing

sudo su

2 Installing Fcgiwrap

As Icinga mostly uses CGI scripts, we need to install a CGI wrapper so that nginx can serve those scripts. We install fcgiwrap for this:

apt-get install fcgiwrap

3 Installing Icinga

Icinga can be installed as follows:

apt-get install icinga icinga-doc icinga-phpapi

You might see the following questions:

General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
Apache servers to configure for icinga: <-- none (we don't use Apache, so we don't need to configure it)
Configure database for icinga-idoutils with dbconfig-common? <-- No
Workgroup/Domain Name: <-- WORKGROUP

4 Configuring PHP

Icinga has a PHP API, therefore we need PHP support if you want to use that API.

APC is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and XCache. It is strongly recommended to have one of these installed to speed up your PHP page.

APC can be installed as follows:

apt-get install php-apc

If you use PHP-FPM as your FastCGI daemon (like in Installing Nginx With PHP5 (And PHP-FPM) And MySQL Support On Ubuntu 11.10), restart it as follows:

/etc/init.d/php5-fpm restart

If you use lighttpd's spawn-fcgi program as your FastCGI daemon (like in Installing Nginx With PHP5 And MySQL Support On Debian Squeeze), we must kill the current spawn-fcgi process (running on port 9000) and create a new one. Run

netstat -tap

to find out the PID of the current spawn-fcgi process:

root@server1:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN      734/portmap
tcp        0      0 *:www                   *:*                     LISTEN      2987/nginx
tcp        0      0 *:ssh                   *:*                     LISTEN      1531/sshd
tcp        0      0 *:57174                 *:*                     LISTEN      748/rpc.statd
tcp        0      0 localhost.localdom:smtp *:*                     LISTEN      1507/exim4
tcp        0      0 localhost.localdom:9000 *:*                     LISTEN      1542/php5-cgi
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN      1168/mysqld
tcp        0     52 server1.example.com:ssh 192.168.0.198:2462      ESTABLISHED 1557/0
tcp6       0      0 [::]:www                [::]:*                  LISTEN      2987/nginx
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1531/sshd
tcp6       0      0 ip6-localhost:smtp      [::]:*                  LISTEN      1507/exim4
root@server1:~#

In the above output, the PID is 1542, so we can kill the current process as follows:

kill -9 1542

Afterwards we create a new spawn-fcgi process:

/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid

5 Configuring nginx

We must password-protect the Icinga web interface, therefore I create the password file /etc/icinga/htpasswd.users with the username icingaadmin. To create the password file, we need the tool htpasswd which is part of the apache2-utils package which we install as follows:

apt-get install apache2-utils

Afterwards we create the password file:

htpasswd -c /etc/icinga/htpasswd.users icingaadmin

The document root of my www.example.com web site is /var/www/www.example.com/web - if it doesn't exist, create it as follows:

mkdir -p /var/www/www.example.com/web

Next we create an nginx vhost configuration for our www.example.com vhost in the /etc/nginx/sites-available/ directory as follows:

vi /etc/nginx/sites-available/www.example.com.vhost

server {
       listen 80;
       server_name www.example.com example.com;
       root /var/www/www.example.com/web;
       if ($http_host != "www.example.com") {
                 rewrite ^ http://www.example.com$request_uri permanent;
       }
       index index.php index.html index.htm;
       location = /favicon.ico {
                log_not_found off;
                access_log off;
                expires max;
       }
       location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
       }
       # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }
       location / {
                root   /usr/share/icinga/htdocs;
                index  index.html;
                auth_basic              "Restricted";
                auth_basic_user_file    /etc/icinga/htpasswd.users;
       }
       location /icinga/stylesheets {
                alias /etc/icinga/stylesheets;
       }
       location /stylesheets {
                alias /etc/icinga/stylesheets;
       }
       location /icinga/images {
                alias /usr/share/icinga/htdocs/images;
       }
       location ~ \.cgi$ {
                # define root directory for CGIs
                root /usr/lib/cgi-bin/icinga;
                rewrite ^/icinga/cgi-bin/(.*)\.cgi /$1.cgi break;
                rewrite ^/cgi-bin/icinga/(.*)\.cgi /$1.cgi break;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass  unix:/var/run/fcgiwrap.socket;
                fastcgi_index index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                auth_basic              "Restricted";
                auth_basic_user_file    /etc/icinga/htpasswd.users;
                fastcgi_param  AUTH_USER          $remote_user;
                fastcgi_param  REMOTE_USER        $remote_user;
       }
       location ~ ^/icinga-api/(.+\.php)$ {
                root   /usr/share/icinga/htdocs;
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_index index.php;
                auth_basic              "Restricted";
                auth_basic_user_file    /etc/icinga/htpasswd.users;
                fastcgi_param  AUTH_USER          $remote_user;
                fastcgi_param  REMOTE_USER        $remote_user;
       }
}

To enable the vhost, we create a symlink to it from the /etc/nginx/sites-enabled/ directory:

cd /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/www.example.com.vhost www.example.com.vhost

Reload nginx for the changes to take effect:

/etc/init.d/nginx reload

That's it! Now we can go to http://www.example.com. Log in with the username icingaadmin...

... and afterwards you should see the Icinga web interface:

If you want to learn more about Icinga configuration, please check out this tutorial: Server Monitoring With Icinga On Debian Squeeze

6 Links

• Icinga: https://www.icinga.org/
• Icinga Documentation: http://docs.icinga.org/latest/en/
• Nagios: http://www.nagios.org/
• nginx: http://nginx.org/
• nginx Wiki: http://wiki.nginx.org/
• Debian: http://www.debian.org/
• Ubuntu: http://www.ubuntu.com/

About The Author

Falko Timme is the owner of Timme Hosting (ultra-fast nginx web hosting). He is the lead maintainer of HowtoForge (since 2005) and one of the core developers of ISPConfig (since 2000). He has also contributed to the O'Reilly book "Linux System Administration".