monit with ssl (https)
Seems you did not generate a SSL certificate. Here some pointers (i've done it on my Ubuntu).
Ensure Openssl
is available on your system, if not apt-get install openssl
- Create folder
/var/certs
- Navigate to this folder
cd /var/certs
- create a file named
monit.cnf
and copy/paste the following into it, then save and close the file :
#create RSA certs - Server RANDFILE = ./openssl.rnd [ req ] default_bits = 2048 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type [ req_dn ] countryName = Country Name (2 letter code) countryName_default = MO stateOrProvinceName = Ile de France stateOrProvinceName_default = Monitoria localityName = Paris localityName_default = Monittown organizationName = the_company organizationName_default = Monit Inc. organizationalUnitName = Organizational Unit Name organizationalUnitName_default = Dept. of Monitoring Technologies commonName = Common Name (FQDN of your server) commonName_default = server.monit.mo emailAddress = Email Address emailAddress_default = [email protected] [ cert_type ] nsCertType = server
- Then run (press
enter
each time you are prompted for infos) :
openssl req -new -x509 -days 365 -nodes -config ./monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem
- Set permissions :
chmod 700 /var/certs/monit.pem
(in my caseuser:group
for pem file isroot:root
)
Set the following in your monitrc
config file :
set httpd port 2812
ssl enable
pemfile /var/certs/monit.pem
allow user:pass
Restart monit
And then it works ! Now it's up to you to put your real infos in the monit.cnf
file and run the openssl
command again.
Related videos on Youtube
Georg Pfolz
Updated on September 18, 2022Comments
-
Georg Pfolz over 1 year
I recently installed monit (on debian) and everything is working fine. Now I would like to enable ssl support. I did what I found in the documentation:
set httpd port 2812 ssl enable pemfile /etc/ssl/certs/ssl-cert-snakeoil.pem
Now not only can I not reach the server through the web with https://myserver.com:2812, but the communication between the monit daemon and the monit command fails as well:
$# monit status monit: Openssl read timeout error! monit: error connecting to the monit daemon
-
Andrew Schulman over 10 yearsWhat is your question?
-
Georg Pfolz over 10 yearsHow can I get it working? ;)
-
misacek007 over 6 yearsThe problem is missing
allow user:pass
line.
-
-
Georg Pfolz over 10 yearsThanks a lot, that worked. I thought I could use the snakeoil certificate already present in the system which I already use for https. What's wrong with this one?
-
Georg Pfolz over 10 yearsI'll upvote your answer as soon as I have some reputation ;)