Icinga Configuration For Nginx On Debian Wheezy/Ubuntu 11.10
Version 1.0
Author: Falko Timme
Follow me on Twitter
Icinga is an enterprise grade open source monitoring system which keeps watch over networks and any conceivable network resource, notifies the user of errors and recoveries and generates performance data for reporting. It is a fork of Nagios. This tutorial explains how to serve the Icinga Web interface from an nginx server on Debian Wheezy/Ubuntu 11.10 (the tutorial might work for Debian Squeeze as well but I didn't test; Squeeze's Icinga version is a lot older than the versions for Wheezy and Ubuntu 11.10, so there might be small differences).
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I want to serve the Icinga web interface from a vhost called www.example.com/example.com here with the document root /var/www/www.example.com/web.
You should have a working LEMP installation, as shown in this tutorial:
A note for Ubuntu users:
Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing
sudo su
2 Installing Fcgiwrap
As Icinga mostly uses CGI scripts, we need to install a CGI wrapper so that nginx can serve those scripts. We install fcgiwrap for this:
apt-get install fcgiwrap
3 Installing Icinga
Icinga can be installed as follows:
apt-get install icinga icinga-doc icinga-phpapi
You might see the following questions:
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
Apache servers to configure for icinga: <-- none (we don't use Apache, so we don't need to configure it)
Configure database for icinga-idoutils with dbconfig-common? <-- No
Workgroup/Domain Name: <-- WORKGROUP
4 Configuring PHP
Icinga has a PHP API, therefore we need PHP support if you want to use that API.
APC is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and XCache. It is strongly recommended to have one of these installed to speed up your PHP page.
APC can be installed as follows:
apt-get install php-apc
If you use PHP-FPM as your FastCGI daemon (like in Installing Nginx With PHP5 (And PHP-FPM) And MySQL Support On Ubuntu 11.10), restart it as follows:
/etc/init.d/php5-fpm restart
If you use lighttpd's spawn-fcgi program as your FastCGI daemon (like in Installing Nginx With PHP5 And MySQL Support On Debian Squeeze), we must kill the current spawn-fcgi process (running on port 9000) and create a new one. Run
netstat -tap
to find out the PID of the current spawn-fcgi process:
root@server1:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sunrpc *:* LISTEN 734/portmap
tcp 0 0 *:www *:* LISTEN 2987/nginx
tcp 0 0 *:ssh *:* LISTEN 1531/sshd
tcp 0 0 *:57174 *:* LISTEN 748/rpc.statd
tcp 0 0 localhost.localdom:smtp *:* LISTEN 1507/exim4
tcp 0 0 localhost.localdom:9000 *:* LISTEN 1542/php5-cgi
tcp 0 0 localhost.localdo:mysql *:* LISTEN 1168/mysqld
tcp 0 52 server1.example.com:ssh 192.168.0.198:2462 ESTABLISHED 1557/0
tcp6 0 0 [::]:www [::]:* LISTEN 2987/nginx
tcp6 0 0 [::]:ssh [::]:* LISTEN 1531/sshd
tcp6 0 0 ip6-localhost:smtp [::]:* LISTEN 1507/exim4
root@server1:~#
In the above output, the PID is 1542, so we can kill the current process as follows:
kill -9 1542
Afterwards we create a new spawn-fcgi process:
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid
5 Configuring nginx
We must password-protect the Icinga web interface, therefore I create the password file /etc/icinga/htpasswd.users with the username icingaadmin. To create the password file, we need the tool htpasswd which is part of the apache2-utils package which we install as follows:
apt-get install apache2-utils
Afterwards we create the password file:
htpasswd -c /etc/icinga/htpasswd.users icingaadmin
The document root of my www.example.com web site is /var/www/www.example.com/web - if it doesn't exist, create it as follows:
mkdir -p /var/www/www.example.com/web
Next we create an nginx vhost configuration for our www.example.com vhost in the /etc/nginx/sites-available/ directory as follows:
vi /etc/nginx/sites-available/www.example.com.vhost
server { listen 80; server_name www.example.com example.com; root /var/www/www.example.com/web; if ($http_host != "www.example.com") { rewrite ^ http://www.example.com$request_uri permanent; } index index.php index.html index.htm; location = /favicon.ico { log_not_found off; access_log off; expires max; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). location ~ /\. { deny all; access_log off; log_not_found off; } location / { root /usr/share/icinga/htdocs; index index.html; auth_basic "Restricted"; auth_basic_user_file /etc/icinga/htpasswd.users; } location /icinga/stylesheets { alias /etc/icinga/stylesheets; } location /stylesheets { alias /etc/icinga/stylesheets; } location /icinga/images { alias /usr/share/icinga/htdocs/images; } location ~ \.cgi$ { # define root directory for CGIs root /usr/lib/cgi-bin/icinga; rewrite ^/icinga/cgi-bin/(.*)\.cgi /$1.cgi break; rewrite ^/cgi-bin/icinga/(.*)\.cgi /$1.cgi break; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; auth_basic "Restricted"; auth_basic_user_file /etc/icinga/htpasswd.users; fastcgi_param AUTH_USER $remote_user; fastcgi_param REMOTE_USER $remote_user; } location ~ ^/icinga-api/(.+\.php)$ { root /usr/share/icinga/htdocs; try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; auth_basic "Restricted"; auth_basic_user_file /etc/icinga/htpasswd.users; fastcgi_param AUTH_USER $remote_user; fastcgi_param REMOTE_USER $remote_user; } } |
To enable the vhost, we create a symlink to it from the /etc/nginx/sites-enabled/ directory:
cd /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/www.example.com.vhost www.example.com.vhost
Reload nginx for the changes to take effect:
/etc/init.d/nginx reload
That's it! Now we can go to http://www.example.com. Log in with the username icingaadmin...
... and afterwards you should see the Icinga web interface:
If you want to learn more about Icinga configuration, please check out this tutorial: Server Monitoring With Icinga On Debian Squeeze
6 Links
- Icinga: https://www.icinga.org/
- Icinga Documentation: http://docs.icinga.org/latest/en/
- Nagios: http://www.nagios.org/
- nginx: http://nginx.org/
- nginx Wiki: http://wiki.nginx.org/
- Debian: http://www.debian.org/
- Ubuntu: http://www.ubuntu.com/
About The Author
Falko Timme is the owner of Timme Hosting (ultra-fast nginx web hosting). He is the lead maintainer of HowtoForge (since 2005) and one of the core developers of ISPConfig (since 2000). He has also contributed to the O'Reilly book "Linux System Administration".