Recommendation for Monit UI (2812) in production?
Issue #849
new
Not sure if this is right place to ask a question.
Are there any recommendations for using Monit UI on a production server? Are there any authentication approaches other than password?
My preferred approach is not letting any software beside my primary HTTPd (= nginx) communicate with the outside world.
So I always keep a reverse proxy layer between my monit and the outer world. I prefer this approach, because HTTP-Attacks are often seen in-the-wild and implementing a secure HTTPd is (in my believe) not the first target in monit-dev.
Configuring this in nginx is straight forward (if you exclude the ssl config):
Note: The ssl config will give you an A+ rating over at Qualys SSL Labs Test; If you want to use it, source it out as a param file to include it everywhere you need it. As SSL is free nowadays, I do never run any service without it...
To NOT allow external logins directly to the monit interface, you want to limit the allowed hosts in
monitrc
PS: Apache also provides reverse proxy support with mod_proxy. Due to the better approach at handling connections I prefer nginx over apache and never used the module...