How-To: Monitoring a Server with Munin — page 2
2. Setting up apache
Okie, now we are going to set up an apache virtual host called monitoring.example.com in order to be able to access our statistics through http://monitoring.example.com url.
To do so, you need to have a working apache server. If you do not yet. Please install apache with:
$ sudo apt-get install apache2
The settings given below should be enough to get you running. If you need more information on apache virtual host, you might want to check How-to virtual hosting with apache2.
2.1. the virtual host
Okie, first of all, go to the virtual host configuration directory:
$ cd /etc/apache2/sites-availab
create and edit file monitoring and make it look like:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName monitoring.example.com
DocumentRoot /var/www/munin
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel notice
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
ServerSignature On
</VirtualHost>
Make sure DocumentRoot has the same value as htmldir from /etc/munin/munin.conf
Now, enable that virtual host:
$ sudo a2ensite monitoring
check that the syntax is correct:
$sudo apache2ctl -t
Syntax OK
If the syntax is correct, reload apache:
$ sudo /etc/init.d/apache2 force-reload
Open your favorite web browser and start accessing your stats from http://monitoring.example.com
Munin generate stats every 5 minutes. You might have to wait 5 minutes in order to start having your first result
Well this is great, we can now access our server statistics. But actually everybody can :s. If you don’t want that, you can control the access by using apache built-in authentication methods.
2.2. Enabling Authentication
There is actually 2 different ways of getting authenticated with apache.
- Basic Authentication: password is passed from client to server in plain text across the network
- Digest Authentication: password is transmitted as a MD5 digest which is more secure
In order to avoid to have our password transmitted as clear text, we are going to use the Digest Authentication.
This kind of authentication actually relies on an apache module which is not enable by default: auth_digest. To enable it, simply run:
$ sudo a2enmod auth_digest
Now that apache can handle Digest Authentication, we need to set up a user/password/realm using:
htdigest -c /var/www/munin/.htpasswd munin foo
default apache configuration forbid access to files like “.ht*”, therefore this file won’t be readable though HTTP
Where munin is the realm and foo the username. htdigest will prompt you for “foo” user password. Supply it and go back to /etc/apache2/sites-available/monitoring.
We are going to add a few lines to this file in order to make authentication required.
The modifications we are going to make are between the <Directory />....</Directory> tags. This bit should look like this to enable authentication:
<Directory />
Options FollowSymLinks
AllowOverride None
#authentification
AuthType Digest
AuthName "munin"
AuthDigestFile /var/www/munin/.htpasswd
#people using apache 2.2 will use instead:
#AuthUserFile /var/www/munin/.htpasswd
require valid-user
</Directory>
Make sure that the AuthName value is the one from the htdigest realm
And that’s it! We just need to make the change effectives by reloading apache configuration. As usual, we check that the syntax is right and if it is, we reload apache configuration.
$ sudo apache2ctl -t
Syntax OK
$ sudo /etc/init.d/apache2 force-reload
Now, go to http://monitoring.example.com with your browser. A box should prompt you for a username and password. Supply the one you define above and you should be given access to munin statistics.
3. Conclusion
Munin is simple to install and yet gives nice graph from your server health which will allow you to easily spot out if you are going to run out of memory, disk space and resource.
If you have only one machine to monitor, it is not worth the trouble setting up tools like cacti which require snmp in order to get the same result.