1) It is true that each user's Monit instance will need a unique TCP
port, but its the same with unix sockets, a unique file is required
per instance. 2) Even if a unix socket is used, I still think you
would like to use some form of authentication and not solely base
access on file permission. 3) The miniscule benefit of using unix
sockets in your special use case does not justify the work needed for
adding this feature IMHO. Not that it would require a lot of work
though and if you would want to give it a stab please do.
On 17. juli. 2009, at 18.45, Matt Goodall wrote:
Hi,
I've been using monit on a per-user basis for a while now, i.e. giving
each user account a "personal monit" instance. I find it a really nice
setup because it keeps a user's services self-contained and
self-managed.
Monit's HTTPD is basically essential to using monit in daemon mode
(monit status and monit summary don't work without it for instance)
but I find it quite inconvenient for my "personal monit" usecase:
1. Each user's monit needs a unique port
2. You need to configure some sort of authentication
(username/password or SSL) to stop other users accessing it
3. I don't actually use the HTML user interface, I only need the HTTPD
for full stateful operation.
So, I wonder what people think about being able to start the HTTPD on
a unix socket that can only be accessed by the user by default? For
instance, "set httpd unix /path/to/file". Once you're using a unix
socket with restricted privileges points 1 and 2 simply go away,
making it really simple to set up.
Without trying to design the configuration language at this time (in
case this idea gets shot down ;-)) I think you'd need to be able to
configure:
* the path to the unix socket
* the ownership of the file
* the file's permissions
Oh, using a socket might even be a nice way to allow authentication to
be moved to a front-end HTTP server that proxies to the monit HTTP
server. For instance, an nginx server handling the authentication that
then proxies through to a unix: upstream server.
- Matt
--
To unsubscribe:
http://lists.nongnu.org/mailman/listinfo/monit-general
