zigford/zigford.org
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7633402843
zigford.org/nagios-core-on-gentooraspberry-pi-with-nginx.html
Jesse Harris 7633402843 initial push
2020-07-21 06:49:32 +10:00

201 lines
9.6 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="main.css" type="text/css" />
<link rel="stylesheet" href="blog.css" type="text/css" />
<link rel="alternate" type="application/rss+xml" title="Subscribe to this page..." href="feed.rss" />
<title>Nagios Core on Gentoo/Raspberry Pi with Nginx</title>
</head><body>
<div id="divbodyholder">
<div class="headerholder"><div class="header">
<div id="title">
<h1 class="nomargin"><a class="ablack" href="http://zigford.org/index.html">zigford.org</a></h1>
<div id="description"><a href="about.html">About</a><a href="links.html"> | Links</a><a href="scripts.html"> | Scripts</a><br>Sharing linux/windows scripts and tips</br></div>
</div></div></div>
<div id="divbody"><div class="content">
<!-- entry begin -->
<h3><a class="ablack" href="nagios-core-on-gentooraspberry-pi-with-nginx.html">
Nagios Core on Gentoo/Raspberry Pi with Nginx
</a></h3>
<!-- bashblog_timestamp: #202002292306.38# -->
<div class="subtitle">February 29, 2020 &mdash;
Jesse Harris
</div>
<!-- text begin -->
<p>I haven't posted in a while due to a change in my work. I'm currently working in
the Server and Storage team at my workplace for a 6 month secondment. The role
is much more aligned with my enjoyment of using GNU/Linux.</p>
<hr />
<p><strong>Note</strong> These notes are incomplete, but I'm posting them anyway.</p>
<p>One of the responsibilities I've picked up is maintaining our Nagios monitoring
system. While I won't go into too much detail about that here, I thought I'd
install it at home to monitor things and get a bit more experience on it.</p>
<p>Thankfully <a href="https://packages.gentoo.org/net-analyzer/nagios-core">ebuilds exist</a>
in Gentoo which means I don't have to compile it myself. Unfortunately,
the integrations with web servers doesn't cover nginx.</p>
<p>Nagios-Core will be installed on a Raspberry Pi running NGinx. If your already
running Apache, or lighttp, then your in luck, as the ebuilds for Nagios-Core
support those out of the box. The setup for the rest of that won't be covered
here.</p>
<p><strong>Assumptions</strong> This guide will assume you are already serving content from
nginx and it won't cover initial setup and install.</p>
<h2 id="nginx">Nginx</h2>
<p>The default USE flags and modules built for nginx should cover what is required
for nagios, but just to be sure, these will be needed:</p>
<pre><code> fastcgi scgi
</code></pre>
<h2 id="php">PHP</h2>
<p>Modern versions of Nagios, use a bit of PHP, so we are going to need php
compiled with the following USE flags</p>
<pre><code> fpm
</code></pre>
<p>FPM is a method of invoking php through a unix socket so as not to have to spawn
new child processes every time someone hits a .php file.</p>
<h2 id="glue-packages">Glue packages</h2>
<p>We need a spawner and fastcgi wrapper to launch cgi scripts for the nagios site.</p>
<pre><code> emerge www-misc/fcgiwrap www-servers/spawn-fcgi
</code></pre>
<p>Both these applications were hard masked on arm64, but they are running fine for
me.</p>
<h2 id="nagios-core">Nagios Core</h2>
<p>I didn't use any special use flags for nagis core.</p>
<h2 id="setting-it-all-up">Setting it all up</h2>
<h1 id="getting-info">Getting info</h1>
<p>To get this working you need a few bits of info</p>
<p>Where is nagios cgi scripts installed to?</p>
<pre><code> equery files net-analyzer/nagios-core | grep cgi | head -1
/usr/lib64/nagios/cgi-bin/
</code></pre>
<p>Where are the html files?</p>
<pre><code> equery files net-analuyer/nagios-core | grep htdocs | head -1
/usr/share/nagios/htdocs
</code></pre>
<h1 id="fpm-config">fpm config</h1>
<p>When php was compiled with the <code>fpm</code> USE flag we should have an php fpm service
file and configuration files. We could make fpm listen on a service or to a unix
socket. On my system, everything will be hosted together so using a unix socket
will be the most ideal.</p>
<p>Edit the config at <code>/etc/php/fpm-php7.3/fpm.d</code> and set the <code>listen</code> value like
so:</p>
<pre><code> listen = /var/run/php7-fpm.socket
</code></pre>
<p>This is the socket file that we will configure nginx to connect to later so that
it can run php stuff.</p>
<p>Next skip through the file a bit to find the <code>listen.owner</code> and <code>listen.group</code>
settings. Set them both to <strong>nginx</strong></p>
<p>Save and close that config file and go edit <code>/etc/php/fpm-php7.3/php.ini</code>
Find and uncomment out <code>;cgi.fix_pathinfo=1</code> and change it to equal <strong>0</strong>.</p>
<p>I'm using systemd, so I ran <code>systemctl enable php-fpm@7.3 --now</code> to start and
enable the service at boot. Take a peek in /var/run/</p>
<pre><code> ls -l /var/run/php7-fpm.socket
srw-rw---- 1 nginx nginx 0 Jan 27 10:08 /var/run/php7-fpm.socket
</code></pre>
<p>Notice it is owned by nginx.</p>
<h1 id="fastcgi">Fastcgi</h1>
<p>Fastcgi will be responible for serving cgi bin files for nagios. These are
nagios programs written in C. To do so, Nginx talks to a spawner which spawns
fcgiwrap which in turn runs the programs.</p>
<p>spawn-fcgi doesn't really have a configuration file from what I can tell. When
merged onto my system, it's configuration is handled by the init.d service
script reading variables from /etc/conf.d/spawn-fcgi and setting command line
options.</p>
<p>To simplify things, I just created a simple systemd service unit and hard coded
the options I needed into it. Here is the service file I came up with:</p>
<pre><code> [Unit]
Description=Simple spawn-fcgi service
[Service]
Type=simple
ExecStart=/usr/bin/spawn-fcgi -n -U 999 -G 235 -s /var/run/fcgiwrap.socket /usr/sbin/fcgiwrap
[Install]
WantedBy=multi-user.target
</code></pre>
<p>Explanation of parameters:</p>
<ul>
<li><code>-n</code> don't fork</li>
<li><code>-U 999</code> set socket user permissions to UID 999 which is Nginx</li>
<li><code>-G 235</code> set socket group permissions to GID 235 which is Nginx</li>
<li><code>-s /var/run/fcgiwrap.socket</code> create a unix socket at this path</li>
<li><code>/usr/sbin/fcgiwrap</code> spawn this fcgi binary</li>
</ul>
<p>Start and enable this service with <code>systemctl enable spawn-fcgi --now</code> should
produce a socket file similar to the php7 one created earlier. This will be used
in our nginx config later.</p>
<h1 id="nginx-config">Nginx Config</h1>
<p>My nginx config is all in one file, so adjust my changes as per your needs.
The first change we need to make is inside the <code>http</code> declaration. We need to
specify the two upstream servers (in this case servers on the local system via
sockets). One for php and one for cgi-bin.</p>
<p>Each one will reference the sockets we created earlier.</p>
<pre><code> upstream php {
server unix:/var/run/php7-fpm.socket;
}
upstream fcgiwrap {
server unix:/var/run/fcgiwrap.socket;
}
</code></pre>
<p>The default nginx config will have a server declaration for your site. Nested
in here you will need the following location declarations. The location
declaration <code>/nagios</code> and will result in being able to access nagios by
navigating to the website url like so: randomsite.com/nagios</p>
<pre><code> location ~ /nagios/ {
alias /usr/share/nagios/htdocs;
auth_basic &quot;Nagios Restricted Access&quot;;
auth_basic_user_file /etc/nagios/htpasswd.users;
</code></pre>
<p><em>note here the path to htdocs was discovered earlier</em></p>
<pre><code> index index.php index.html;
location ^~ /nagios/cgi-bin {
alias /usr/lib64/nagios/cgi-bin;
include /etc/nginx/fastcgi_params;
fastcgi_param AUTH_USER $remote_user;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_param PATH_INFO $fastcgi_script_name;
}
location ~ .php$ {
proxy_set_header REMOTE_USER $remote_user;
include fastcgi_params;
fastcgi_param AUTH_USER $remote_user;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_pass unix:/var/run/php7-fpm.socket;
fastcgi_param PATH_INFO $fastcgi_script_name;
}
}
location /nagios/stylesheets {
alias /usr/share/nagios/htdocs/stylesheets;
}
</code></pre>
<p>What's happening here:</p>
<ul>
<li>location ~ /nagios/ causes the uri to match <code>/nagios/</code> as a case sensitive
regular expression. Without the <code>~</code>, an article like this with it's name
starting with nagios might also fall into that location</li>
<li>location ^~ is a non regular expression match of the uri</li>
<li>fastcgi_param directives are passing parameters from the browser to the cgi
script.</li>
<li>fastcgi_pass passes the request to the socket setup as an upstream server.</li>
</ul>
<p>Read more about locations on <a href="https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms">digitalocean</a></p>
<p>Tags: <a href='tag_gentoo.html'>gentoo</a>, <a href='tag_linux.html'>linux</a>, <a href='tag_nagios.html'>nagios</a></p>
<!-- text end -->
<!-- entry end -->
</div>
<div id="footer">&copy <a href="http://twitter.com/zigford_org">Jesse Harris</a> &mdash; <a href="mailto:jesse&#64;zigford&#46;org">jesse&#64;zigford&#46;org</a><br/>
Generated with <a href="https://github.com/cfenollosa/bashblog">bashblog</a>, a single bash script to easily create blogs like this one</div>
</div></div>
</body></html>
Reference in New Issue View Git Blame Copy Permalink