- changed component to Monit
[patch] Added support for external HTTP/HTTPS proxy, ex. lighttpd
Hi,
We (AstLinux) use lighttpd for our web server and would like to keep Monit listening only on 127.0.0.1:2812 with HTTP and then use lighttpd as an HTTPS proxy to Monit.
To enable such a proxy in lighttpd (others are similar) is adding a section as follows:
$HTTP["scheme"] == "https" {
proxy.server += ( "/admin/monit/" =>
( "localhost" =>
(
"host" => "127.0.0.1",
"port" => "2812"
)
)
)
}
The problem is the leading "/admin/monit" that is added to the Monit URL queries, which does not match what Monit expects.
The simple solution is in "src/http/processor.c" to remove the leading predefined (ex. "/admin/monit") string for the received URL, doing so allows lighttpd to do all the heavy lifting and Monit HTTP is only on 127.0.0.1:2812 .
Attached is "monit-0110-http-base-url.patch" or can be found here: http://svn.code.sf.net/p/astlinux/code/branches/1.0/package/monit/monit-0110-http-base-url.patch
Of course the "#define HTTP_BASE_URL" would be generated via autoconf, or this could be set via a command line option such as:
--base /admin/monit
BTW, the open source project "darkstat" uses the --base command line option method for the same reason.
I hope you find this idea useful.
Lonnie
Comments (9)
-
Account Deleted reporter -
I dont think this would be the most flexible solution, but still a really needed one ( we run into the same issue, and even PassProxyReverse did not hel ).
I think the most f;exible version is to be able to run several HTTP servers on monit, not only one. This would solve - different access-schema kombinations ( without extending ACLs ) - different ports for different tools ( e.g. end-user web access and mmonit internal network ) - being able to define a base-path for the rever-proxy setup for each access-type
The issue with changing type base type of the monit http processor would be, that if you then access 2812 internally e.g. using mmonit, it would fail? or is access using a browser agent differen then using a bot like monit (html / json? ) so it would not matter?
-
repo owner Hello Lonnie,
we test Monit behind HTTPS proxy too - Apache and nginx work with the following setup fine:
http://mmonit.com/wiki/Monit/Apache http://mmonit.com/wiki/Monit/Nginx
Please can you check it? It is most probably just proxy configuration issue.
-
It does not work with apache, esp. with interal Domains. You get an "Could not resolve DNS issue" - even if you bind to an IP and also use /etc/hosts additionally - not working ( apache 2.2 ).
-
Account Deleted reporter Yes tildeslash, Apache and nginx can rewrite proxy URL's, but with the current lighttpd 1.4 and earlier it's mod_proxy module does not support that. (the future lighttpd 1.5 will have a mod_proxy_core module which can rewrite proxy URL's, but that is a moot point today)
The attached patch allows our web interface (using lighttpd) to use:
https://pbx/admin/monit.php
and then place "/admin/monit/" in an iframe to reach the localhost:2812 . Also this URL reaches directly to the Monit server via lighttpd:
https://pbx/admin/monit/
To take this further, if a remote M/Monit server were to reach our Monit, it would need to add "/admin/monit" to the URL over HTTPS 443 or in the Monit config also allow the public interface to listen on 2812 for M/Monit to reach it.
Given how simple this patch is, and it solves problems for some proxy solutions, IMHO it seems like a good addition, and possibly also supported in reverse in M/Monit.
-
repo owner - changed status to wontfix
Since this will be solved in lighthttpd 1.5 and already is solved in nginx and apache, the need to add this and clutter the path is probably not critical.
-
Account Deleted reporter BTW, lighttpd 1.5 has been a "Preview release" since 2009, lighttpd 1.4 is the production version.
Let's say you add in the scope of "set httpd" a "proxybase" keyword, ex.: proxybase /admin/monit
I would suggest from a M/Monit support point of view "proxybase" would be far easier to explain than instructing users about rewriting URL's in their proxy server, if even possible.
Regardless MMonit should have such a feature for outgoing URL's for general proxy support in the path.
-
repo owner Let's say you add in the scope of "set httpd" a "proxybase" keyword, ex.: proxybase /admin/monit
That's not a bad idea, but I'm kind of like meh on this as it will be a special workaround for a 0.005% http server. It is great that you found a solution, but do we want to add and maintain a workaround for a problem every http-server really should be able to handle. Need to think about this.
-
repo owner - removed version
Removing version: 5.10 (automated comment)
- Log in to comment