Nagios + nginx + FreeBSD

Installing Nagios

pkg_add -r nagios.  Yup, that’s all it will take.

Modifying the nginx.conf

If you don’t have nginx installed, you’ll want to run pkg_add -r nginx.  You’ll also want the spawn-fcgi, php5, and fcgiwrap packages, if you don’t have them already.  Unless you changed the configuration around, your nginx.conf should be in /usr/local/etc/nginx/nginx.conf.  It should have most of the below elements, if not all, tuned to your liking:

server {
listen 80 default;
server_name _;

index index.html index.php;
root /usr/local/www;

# IP and IP ranges which should get access
allow 10.0.0.0/24;
allow 10.1.0.1;
# all else will be denied
deny all;

# basic HTTP auth
auth_basic "Restricted";
auth_basic_user_file htpasswd;

location ~ \.cgi$ {
  try_files $uri =404;
  include fastcgi_params;
  fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  fastcgi_param REMOTE_USER $remote_user;
}

location ~ \.php$ {
  try_files $uri =404;
  include fastcgi_params;
  fastcgi_pass 127.0.0.1:9000;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

As to the location blocks above, the first says that if nginx runs into a request that ends in .cgi, that it should send that off to the fcgiwrap service.  Similarly, .php files go to the spawn-fcgi service running on port 9000.

You can skip the try_files directives if you’d like; it basically is saying that if nginx can’t find the .cgi or .php file then it should throw up a 404: i.e., don’t send on what isn’t visible to nginx itself.

Be sure to enable basic HTTP auth, since that provides nginx the $remote_user variable, which is passed to the CGI scripts as the REMOTE_USER environment variable that Nagios expects. If you don’t have Apache installed, you can generate your own htpasswd file with a perl one-liner:

perl -le 'print "nagiosadmin:".crypt("password","salt");' > htpasswd

The username nagiosadmin is also important here, since that’s the default administrative user for the system.

Modifying /etc/rc.conf

Now that you have all these services somewhat configured, you can enable them all in the /etc/rc.conf.  Here’s what I have:

nginx_enable="YES"
spawn_fcgi_enable="YES"

fcgiwrap_enable="YES"
fcgiwrap_user="www"

nagios_enable="YES"

It is important to set the fcgiwrap_user to www; else, nginx, which runs as the www user, won’t be able to speak with the fcgiwrap socket properly.

Configuring Nagios

In order to get Nagios running, you have to copy a bunch of the .cfg-sample files in /usr/local/etc/nagios to the more usable .cfg files. You can test out your config by running nagios -v /usr/local/etc/nagios/nagios.cfg. It will rather verbosely say what is not OK if you’re missing any config files or have any improper directives.  Once that check comes out clean, you can spin up your services using the service command.

You hopefully will now be running Nagios on FreeBSD without Apache, with a minimal amount of work.  In case it’s not obvious, the URL you want is http://server-name/nagios/, which is the default location for the service.  You’ll want to use nagiosadmin as the username and the password you set via the perl script in order to get in, at which point you’ll have admin access and full reign of the installation.

I hope this helps!  Please leave a comment if something went awry, or if you have any questions about the above.

Leave a Reply

Your email address will not be published. Required fields are marked *

*