Dear all,
I am trying to use https on M/monit, but whithout success, probably for
a stupid raeson, but i dont see where ?.
My platform
ansible@srv-mmonit-1:~$ uname -a
Linux srv-mmonit-1 4.11.6-sunxi #6 SMP Fri Jun 23 19:56:18 CEST 2017
armv7l GNU/Linux
ansible@srv-mmonit-1:~$ cat /etc/debian_version
9.0
ansible@srv-mmonit-1:~$ ls -altr /usr/local/mmonit-3.7.1/
total 16
drwxr-xr-x 3 root root 1024 avril 18 14:33 doc
-rw-r--r-- 1 root root 5590 avril 18 14:33 README
drwxr-xr-x 2 root root 1024 avril 18 14:33 logs
drwxr-xr-x 13 root root 1024 avril 18 14:33 docroot
drwxr-xr-x 2 root root 1024 avril 18 23:29 lib
drwxr-xr-x 4 root root 1024 avril 18 23:41 upgrade
drwxr-xr-x 2 root root 1024 avril 18 23:41 bin
drwxr-xr-x 10 root root 1024 avril 18 23:41 .
drwxrwsr-x 12 root staff 1024 juil. 9 22:19 ..
drwxr-xr-x 2 root root 1024 juil. 9 22:20 conf
drwxr-xr-x 2 root root 1024 juil. 9 22:25 db
ansible@srv-mmonit-1:~$ ip route ls
default via 192.168.8.252 dev eth-user
192.168.6.0/24 dev eth-srv proto kernel scope link src 192.168.6.200
192.168.8.0/24 dev eth-user proto kernel scope link src 192.168.8.189
192.168.9.0/24 dev eth-admin proto kernel scope link src 192.168.9.219
192.168.11.0/24 dev eth-wifi-usr proto kernel scope link src 192.168.11.237
ansible@srv-mmonit-1:~$ sudo /usr/local/mmonit-3.7.1/bin/mmonit -w /tmp/
-p /var/run start -d -i
Start parsing the server xml file
Warning: Unknown configure parameter 'scheme'
Warning: Unknown configure parameter 'certificate'
Warning: Unknown configure parameter 'scheme'
Warning: Unknown configure parameter 'certificate'
Starting Database reaper thread
Log file '/var/log/mmonit/mmonit_error.log' opened
Log file '/var/log/mmonit/mmonit_virtual_host.log' opened
Log file '/var/log/mmonit/mmonit_all.log' opened
End parsing the server xml file
Setting Host 'srv-mmonit-1-service.mydomain1.noip.org' as default Host
Start parsing the standard deployment descriptor
'/usr/local/mmonit-3.7.1/conf/web.xml'
End parsing the deployment descriptor '/usr/local/mmonit-3.7.1/conf/web.xml'
Starting Scheduler
Loading cache, please wait...
Cache loaded in 2.677 s
Loading events statistics, please wait...
Events statistics loaded within 6 ms
Alert Manager: loading message queue
Alert Manager: 0 messages loaded
Engine started
Host 'srv-mmonit-1-service.mydomain1.noip.org' started
Context '' for Host 'srv-mmonit-1-service.mydomain1.noip.org' started
Loader for Context '' started
Start parsing the deployment descriptor
'/usr/local/mmonit-3.7.1/docroot/WEB-INF/web.xml'
Starting Alert Manager transmit thread
End parsing the deployment descriptor
'/usr/local/mmonit-3.7.1/docroot/WEB-INF/web.xml'
SessionManager for Context '' started
Context '/collector' for Host 'srv-mmonit-1-service.mydomain1.noip.org'
started
Loader for Context '/collector' started
Start parsing the deployment descriptor
'/usr/local/mmonit-3.7.1/docroot/collector/WEB-INF/web.xml'
End parsing the deployment descriptor
'/usr/local/mmonit-3.7.1/docroot/collector/WEB-INF/web.xml'
Service started
Starting IPv4 Connector with scheme 'https' at
srv-mmonit-1-wifi-usr.mydomain1.noip.org:8443 with 10 processor threads
Starting IPv4 Connector with scheme 'https' at
srv-mmonit-1-service.mydomain1.noip.org:8443 with 10 processor threads
Starting IPv4 Connector with scheme 'http' at
srv-mmonit-1-service.mydomain1.noip.org:8080 with 10 processor threads
mmonit 3.7.1 started
Starting Reactor using epoll (max concurrent connections = 3996)
And on my firefox.....when i try to connect to :
https://srv-mmonit-1-service.mydomain1.noip.org:8443/
SSL Connector: No host registered to accept secure connection for
192.168.6.200.
Please set the attributes; address and certificate for the <Host> in
server.xml
which should process SSL requests directed at this interface
Thanks in advance for your help.
Please find in attached file my configuration
--
--------------------------------------
-- Jean-Marc LACROIX --
-- mailto : [email protected] --
---------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!--
M/Monit configuration file
-->
<!--
The Server element represents the entire Servlet Container and is the
single outermost element in the configuration file. Only one Service
element may be nested inside a Server element
-->
<Server>
<!--
A Service element represents the combination of one or more Connector
components that share a single Engine component for processing incoming
requests. The only components that may be nested inside a Service
element are one or more Connector elements, followed by exactly one
Engine element.
-->
<Service>
<!--
The Connector element represents a Connector component that
supports the HTTP/1.1 protocol. It enables the Servlet Container to
function as a stand-alone web server, in addition to its ability to
execute servlets. A particular instance of this component listens
for connections on a specific TCP port number on the server. One or
more such Connectors can be configured as part of a single Service,
each forwarding to the associated Engine to perform request
processing and create the response.
At server startup time, the Connector will create a pool of servlet
request processing threads. The maximum number of threads in the
pool is specified by the attribute; processors. Each incoming
servlet request requires a thread for processing. Usually, only CPU
bound operations are performed in the servlet thread, while a
separate thread handle i|o bound operations for all servlet
requests and responses. Recommended settings for the processor
attribute is 10 or the number of CPU cores on the system if that
number is higher.
If more simultaneous servlet requests are received than can be
handled by the currently available thread pool, requests are
queued up inside the Connector, up to the systems maximum
available descriptors and when a processor thread becomes available
it will immediately start to consume requests from the queue.
The attribute, processorTimeout sets the number of seconds a
processor thread will wait for more work before timeout. The
Connector increase and reduce the number of processor threads
available depending on the work load. The default timeout value
is 30 seconds.
The attribute, connectionTimeout specify the number of seconds a
Connector will wait, after accepting a connection, for the client
to send a HTTP request. The default value is 30 seconds.
The attributes, address and port, specify respectively the network
interface M/Monit binds to and the port number M/Monit listen to
for incoming connections. Address may be specified as an IP address
string, as a host name or you can use '*' to bind to all available
interfaces.
The attribute ipversion specify the IP-version the Connector should
use. If not specified, IP-version 4 will be used. To support both
IPv4 and IPv6, specify two Connectors, one setting ipversion to 4
and the other setting ipversion to 6.
By default, a non-SSL HTTP/1.1 Connector is established on port
8080. You may also enable a SSL HTTP/1.1 Connector on port 8443 by
uncommenting the second Connector entry. To make a Connector secure
and use SSL, set the secure attribute to true - that's all. The
Container will use either SSLv3 or TLSv1. SSLv2 is never used. In
addition, each virtual Host below must specify a certificate file
to be used for that specific Host. It is possible to run the
Container with both a secure Connector using SSL and a non-secure
Connector.
By default, DNS lookup is disabled and the Access Logger will log
the IP address instead of the host name. You can enable DNS lookup
by setting the enableLookups attribute to "true", but notice that
DNS lookups will have an adverse impact on performance if you use
an Access Logger.
-->
<!--
<Connector address="srv-mmonit-service-vrrp.mydomain1.noip.org" port="8080" processors="6" />
-->
<Connector address="srv-mmonit-1-service.mydomain1.noip.org" port="8080" processors="10" />
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 -->
<Connector scheme="https" address="srv-mmonit-1-service.mydomain1.noip.org" port="8443" processors="10" secure="true" certificate="conf/mmonit.pem" />
<Connector scheme="https" address="srv-mmonit-1-wifi-usr.mydomain1.noip.org" port="8443" processors="10" secure="true" certificate="conf/mmonit.pem" />
<!-- Define a Connector for using a HTTPS proxy in-front of M/Monit -->
<!--
<Connector address="srv-mmonit-1-service.mydomain1.noip.org" port="8080" processors="10" proxyScheme="https" proxyName="proxy.server.name" proxyPort="443" />
-->
<!--
The Engine element represents the entire request processing
machinery associated with a particular Service. It receives and
processes all requests from one or more Connectors, and returns the
completed response to the Connector for ultimate transmission back
to the client. Exactly one Engine element MUST be nested inside a
Service element.
The Host defined in the defaultHost attribute is used to process
Requests directed at Virtual Hosts not configured in this
configuration file. The default Host will also handle HTTP/1.0
based requests without a Host header.
The fileCache attribute is used to set the file cache size for the
Engine. The Engine cache static files to speed up transmission. The
cache size attribute is set in number of megabytes (MB). The
default size is 10MB. You can disabled the cache by setting
fileCache to 0. Disabling the file cache is strongly advised
against for production systems
You can nest one or more Host elements inside the Engine element,
each representing a different virtual host associated with this
server. At least one Host is required, and one of the nested Hosts
MUST have a name that matches the name specified for the
defaultHost attribute, mentioned above.
You can also nest at most one instance of the following utility
components inside an Engine element:
* Realm - The security realm database used to authenticate
individual users and store persistent sessions. The Realm
database is also used by M/Monit to store its data.
* ErrorLogger - Configure an error logger that is used by
the Server to dump error and warning messages.
-->
<Engine name="mmonit" defaultHost="srv-mmonit-1-service.mydomain1.noip.org" fileCache="10MB">
<!--
The Realm element specify the database to be used by M/Monit
and the underlying security realm to authenticate individual
users and store HTTP sessions. If the Realm database is not
defined, M/Monit will not start and abort its operation.
Connections from M/Monit to the Realm database is maintained by
a database Connection Pool. The url attribute specify the
connection to the database server on a standard URL format. The
format of the connection URL is defined as:
database://[user:password@][host][:port]/database[?[property1
=value1][&property2=value2]...]
The property names, user and password are always recognized and
specify how to login to the database. Other properties depends
on the database server in question. User name and password can
alternatively be specified in the auth-part of the URL. If port
number is omitted, the default port number for the database
server is used.
The optional attributes, minConnections and maxConnections,
specify respectively, the minimum number of concurrent
available connection and the maximum number of database
connections that can be created. The pool will dynamically
increase and reduce the number of active Connections in the
pool between minConnections and maxConnections depending on the
load.
If not set, minConnections is 5 and maxConnections is 20.
The attribute reapConnections specify if the Connection Pool
should run a reaper thread, which will close and remove unused
Connections from the Pool. The value is sweep time in seconds.
I.e. the reaper thread will sleep for reapConnections seconds,
wake up, clean up the pool if necessary and go back to sleep.
If this attribute is not set, the Connection Pool will not
start with a reaper thread.
The location of the default SQLite Realm database may be given
as an absolute or relative path. If relative, the absolute path
is computed relative to M/Monit home.
As mentioned above, instead of SQLite you may use MySQL or
PostgreSQL as demonstrated in the commented out Realms below.
Notice for MySQL connection, if the host name is localhost,
connection to MySQL is attempted via a unix socket and the
default location for the socket file is /tmp/mysql.sock. If
located elsewhere, use the unix-socket property to specify the
location. For more information about the Connection URL options,
see http://tildeslash.com/libzdb/api-docs/mysqloptions.html and
http://tildeslash.com/libzdb/api-docs/postgresoptions.html
Only one Realm database should be defined in this file.
-->
<Realm url="sqlite:///db/mmonit.db?synchronous=normal&heap_limit=8000&foreign_keys=on&journal_mode=wal"
minConnections="5"
maxConnections="20"
reapConnections="300" />
<!--
<Realm url="mysql://mmonit:[email protected]/mmonit"
minConnections="5"
maxConnections="25"
reapConnections="300" />
<Realm url="postgresql://mmonit:[email protected]:5432/mmonit"
minConnections="5"
maxConnections="25"
reapConnections="300" />
-->
<!--
The global error logger for the Engine. Only one
ErrorLogger is permitted.
-->
<ErrorLogger directory="/var/log/mmonit" fileName="mmonit_error.log" timestamp="true" />
<!--
The Host element represents a virtual host, which is an
association of a network name for a server (such as
"www.mycompany.com" with the particular server on which the
Servlet Container is running. This name must be registered in
the Domain Name Service (DNS) server that manages the Internet
domain you belong to - contact your Network Administrator for
more information.
In many cases, System Administrators will wish to associate
more than one network name (such as www.mycompany.com and
company.com) with the same virtual host. This can be
accomplished by using the alias attribute. You may add as many
Host aliases as you like, but note that a Host alias must also
be a valid DNS name.
The appBase attribute defines the application root directory
for the Host. This directory may contain web applications to be
deployed on this virtual host.
The certificate attribute is used to specify the SSL
certificate file for the Host. Certificates must be in the PEM
format and the file must contain the following entries in this
order: The Host certificate private key, the Host certificate
and finally, the certificate of the authority that signed the
Host certificate. When SSL is used, the Host IP-address is
needed for the Container to know which Host to route the
connection to and you should specify the IP-address of the Host
by using the address attribute. You may also want to consult
the manual for more information about setting up M/Monit to use
SSL.
If you don't already have a SSL certificate you can create a
self-signed certificate yourself using this OpenSSL command:
openssl req -new -newkey rsa:2048 -x509 -days 730 -nodes \
-out mmonit.pem -keyout mmonit.pem
The certificate file can be placed in conf/ and the certificate
attribute for <Host> should be specified like so:
certificate="conf/mmonit.pem".
You can nest one or more Context elements inside the Host
element, each representing a different web application
associated with the virtual host.
You can also nest at most one instance of the following
utility components by nesting a corresponding element inside
your Host element:
* AccessLogger - When you run a web server, one of the
output files normally generated is an
access log, which generates one line of
information for each request processed by
the server, in a standard format.
* Logger - A Logger shared by all Contexts related to
this virtual host. The Logger will process
all log messages for a Host, plus messages
from Contexts and Servlets associated with
the Host.
-->
<!--
Define the default virtual host which name must match the
Engine defaultHost attribute
-->
<Host name="srv-mmonit-1-service.mydomain1.noip.org" appBase=".">
<!--
Access logger that logs all requests for this virtual host.
The rotate attribute may be used to rotate the log file.
The value is either "day", "week" or "month". If the value
is "day" then on the first logged message after midnight
each day, the current log file will be closed and renamed
with a postfix date and a new log file is opened with the
file name given in the fileName attribute. If the value is
"week" then on the first logged message after midnight each
Saturday the log file is rotated. Likewise if the value is
"month" then on the first logged message in a new month the
log file is rotated. The current log file, that is, the
file the server writes to is *always* the file given in the
fileName attribute.
The access logger is turned off by default to avoid creating
large log-files that are seldome read. To activate the access
logger, uncomment the entry below.
-->
<AccessLogger directory="/var/log/mmonit" fileName="mmonit_virtual_host.log" timestamp="true" />
<!--
Logger shared by all Contexts related to this virtual host.
M/Monit will log application specific entries to this file.
-->
<Logger directory="/var/log/mmonit" fileName="mmonit_all.log" timestamp="true" />
<!--
The Context element represents a web application, which is
run within a particular virtual host. A web application is a
collection of servlets, html documents, images and other
resources put in a directory structure with a standard
layout.
The web application used to process each HTTP request is
selected by the Container based on matching the longest
possible prefix of the Request URI against the context path
of each defined Context. Once selected, that Context will
select an appropriate servlet to process the incoming
request, according to the servlet mappings defined in the
web application deployment descriptor file (which MUST be
located at WEB-INF/web.xml within the web app's directory
hierarchy).
You may define as many Context elements as you wish, nested
within a Host element. Each such Context MUST have a unique
context path, which is defined by the path attribute. In
addition, you can define a Context with a context path equal
to a zero-length string. This Context becomes the default
web application for this virtual host, and is used to
process all requests that do not match any other Context's
context path.
M/Monit is bound to the default context and its path must
remain '' and cannot be changed. Likewise, the collector
context path can also not be changed. Please use a HTTP proxy
in front of M/Monit if, for some reasons, either of these
paths must be changed.
Each Context utilize a Session Manager to manage HTTP
sessions. The maxActiveSessions attribute specify the
maximum number of active sessions (i.e. sessions joined by
clients) that will be created for the Context. The manager
expire idle sessions after sessionTimeout seconds. Note that
sessions are not enabled unless maxActiveSessions is defined
and set to a positive value. To enable persistent Sessions,
set the saveSessions attribute to "true". This tell M/Monit
to store and load Sessions from the Realm database at server
start and stop. That is, Sessions are persistent between
server restart
-->
<!-- The Default Context -->
<Context path="" docBase="docroot" sessionTimeout="1800"
maxActiveSessions="1024" saveSessions="true" />
<!--
The Collector is defined in its own Context so
it can be protected with Basic Authentication
-->
<Context path="/collector" docBase="docroot/collector" />
</Host>
</Engine>
</Service>
</Server>
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
