How-To: Monitoring a Server with Munin — page 2

3 minute read

2. Setting up apache

Okie, now we are going to set up an apache virtual host called monitoring.example.com in order to be able to access our statistics through http://monitoring.example.com url.

To do so, you need to have a working apache server. If you do not yet. Please install apache with:

$ sudo apt-get install apache2

The settings given below should be enough to get you running. If you need more information on apache virtual host, you might want to check How-to virtual hosting with apache2.

2.1. the virtual host

Okie, first of all, go to the virtual host configuration directory:

$ cd /etc/apache2/sites-availab

create and edit file monitoring and make it look like:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName      monitoring.example.com
        DocumentRoot /var/www/munin
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
        LogLevel notice
        CustomLog /var/log/apache2/access.log combined
        ErrorLog /var/log/apache2/error.log
        ServerSignature On
</VirtualHost>

Make sure DocumentRoot has the same value as htmldir from /etc/munin/munin.conf

Now, enable that virtual host:

$ sudo a2ensite monitoring

check that the syntax is correct:

$sudo apache2ctl -t
Syntax OK

If the syntax is correct, reload apache:

$ sudo /etc/init.d/apache2 force-reload

Open your favorite web browser and start accessing your stats from http://monitoring.example.com

Munin generate stats every 5 minutes. You might have to wait 5 minutes in order to start having your first result

Well this is great, we can now access our server statistics. But actually everybody can :s. If you don’t want that, you can control the access by using apache built-in authentication methods.

2.2. Enabling Authentication

There is actually 2 different ways of getting authenticated with apache.

  • Basic Authentication: password is passed from client to server in plain text across the network
  • Digest Authentication: password is transmitted as a MD5 digest which is more secure

In order to avoid to have our password transmitted as clear text, we are going to use the Digest Authentication.

This kind of authentication actually relies on an apache module which is not enable by default: auth_digest. To enable it, simply run:

$ sudo a2enmod auth_digest

Now that apache can handle Digest Authentication, we need to set up a user/password/realm using:

htdigest -c /var/www/munin/.htpasswd munin foo

default apache configuration forbid access to files like “.ht*”, therefore this file won’t be readable though HTTP

Where munin is the realm and foo the username. htdigest will prompt you for “foo” user password. Supply it and go back to /etc/apache2/sites-available/monitoring.

We are going to add a few lines to this file in order to make authentication required.

The modifications we are going to make are between the <Directory />....</Directory> tags. This bit should look like this to enable authentication:

<Directory />
       Options FollowSymLinks
       AllowOverride None
       #authentification
       AuthType Digest
       AuthName "munin"
       AuthDigestFile /var/www/munin/.htpasswd
       #people using apache 2.2 will use instead:
       #AuthUserFile  /var/www/munin/.htpasswd
       require valid-user
</Directory>

Make sure that the AuthName value is the one from the htdigest realm

And that’s it! We just need to make the change effectives by reloading apache configuration. As usual, we check that the syntax is right and if it is, we reload apache configuration.

$ sudo apache2ctl -t
Syntax OK
$ sudo /etc/init.d/apache2 force-reload

Now, go to http://monitoring.example.com with your browser. A box should prompt you for a username and password. Supply the one you define above and you should be given access to munin statistics.

3. Conclusion

Munin is simple to install and yet gives nice graph from your server health which will allow you to easily spot out if you are going to run out of memory, disk space and resource.

If you have only one machine to monitor, it is not worth the trouble setting up tools like cacti which require snmp in order to get the same result.