[patch] Added support for external HTTP/HTTPS proxy, ex. lighttpd

Issue #135 wontfix

Lonnie Abelbeck created an issue 2014-12-14

Hi,

We (AstLinux) use lighttpd for our web server and would like to keep Monit listening only on 127.0.0.1:2812 with HTTP and then use lighttpd as an HTTPS proxy to Monit.

To enable such a proxy in lighttpd (others are similar) is adding a section as follows:

$HTTP["scheme"] == "https" {
     proxy.server += ( "/admin/monit/" =>
                       ( "localhost" =>
                         (
                           "host" => "127.0.0.1",
                           "port" => "2812"
                         )
                       )
                     )
}

The problem is the leading "/admin/monit" that is added to the Monit URL queries, which does not match what Monit expects.

The simple solution is in "src/http/processor.c" to remove the leading predefined (ex. "/admin/monit") string for the received URL, doing so allows lighttpd to do all the heavy lifting and Monit HTTP is only on 127.0.0.1:2812 .

Attached is "monit-0110-http-base-url.patch" or can be found here: http://svn.code.sf.net/p/astlinux/code/branches/1.0/package/monit/monit-0110-http-base-url.patch

Of course the "#define HTTP_BASE_URL" would be generated via autoconf, or this could be set via a command line option such as:

--base /admin/monit

BTW, the open source project "darkstat" uses the --base command line option method for the same reason.

I hope you find this idea useful.

Lonnie

monit-0110-http-base-url.patch

Comments (9)

Lonnie Abelbeck reporter
- changed component to Monit
- 2014-12-14T23:43:21+00:00
Eugen Mayer
I dont think this would be the most flexible solution, but still a really needed one ( we run into the same issue, and even PassProxyReverse did not hel ).

I think the most f;exible version is to be able to run several HTTP servers on monit, not only one. This would solve - different access-schema kombinations ( without extending ACLs ) - different ports for different tools ( e.g. end-user web access and mmonit internal network ) - being able to define a base-path for the rever-proxy setup for each access-type

The issue with changing type base type of the monit http processor would be, that if you then access 2812 internally e.g. using mmonit, it would fail? or is access using a browser agent differen then using a bot like monit (html / json? ) so it would not matter?
- 2014-12-16T07:54:43+00:00
Tildeslash repo owner
Hello Lonnie,

we test Monit behind HTTPS proxy too - Apache and nginx work with the following setup fine:

http://mmonit.com/wiki/Monit/Apache http://mmonit.com/wiki/Monit/Nginx

Please can you check it? It is most probably just proxy configuration issue.
- 2014-12-16T15:50:06+00:00
Eugen Mayer
It does not work with apache, esp. with interal Domains. You get an "Could not resolve DNS issue" - even if you bind to an IP and also use /etc/hosts additionally - not working ( apache 2.2 ).
- 2014-12-16T15:51:18+00:00
Lonnie Abelbeck reporter
Yes tildeslash, Apache and nginx can rewrite proxy URL's, but with the current lighttpd 1.4 and earlier it's mod_proxy module does not support that. (the future lighttpd 1.5 will have a mod_proxy_core module which can rewrite proxy URL's, but that is a moot point today)

The attached patch allows our web interface (using lighttpd) to use:
```
https://pbx/admin/monit.php
```
and then place "/admin/monit/" in an iframe to reach the localhost:2812 . Also this URL reaches directly to the Monit server via lighttpd:
```
https://pbx/admin/monit/
```
To take this further, if a remote M/Monit server were to reach our Monit, it would need to add "/admin/monit" to the URL over HTTPS 443 or in the Monit config also allow the public interface to listen on 2812 for M/Monit to reach it.

Given how simple this patch is, and it solves problems for some proxy solutions, IMHO it seems like a good addition, and possibly also supported in reverse in M/Monit.
- 2014-12-16T16:31:34+00:00
Tildeslash repo owner
- changed status to wontfix
Since this will be solved in lighthttpd 1.5 and already is solved in nginx and apache, the need to add this and clutter the path is probably not critical.
- 2014-12-19T13:14:10+00:00
Lonnie Abelbeck reporter
BTW, lighttpd 1.5 has been a "Preview release" since 2009, lighttpd 1.4 is the production version.

Let's say you add in the scope of "set httpd" a "proxybase" keyword, ex.: proxybase /admin/monit

I would suggest from a M/Monit support point of view "proxybase" would be far easier to explain than instructing users about rewriting URL's in their proxy server, if even possible.

Regardless MMonit should have such a feature for outgoing URL's for general proxy support in the path.
- 2014-12-19T14:23:51+00:00
Tildeslash repo owner
Let's say you add in the scope of "set httpd" a "proxybase" keyword, ex.: proxybase /admin/monit

That's not a bad idea, but I'm kind of like meh on this as it will be a special workaround for a 0.005% http server. It is great that you found a solution, but do we want to add and maintain a workaround for a problem every http-server really should be able to handle. Need to think about this.
- 2014-12-19T18:52:46+00:00
Tildeslash repo owner
- removed version
Removing version: 5.10 (automated comment)
- 2016-06-19T18:47:37+00:00
Log in to comment

Assignee: –

Type: enhancement

Priority: major

Status: wontfix

Component: Monit

Version: –

Votes: 0

Watchers: 3