We brought you Monit, where we showed you how to install Monit on a Debian server. If you missed it then check it out so to help you get up to speed. We configured email alerts and a few services. Did you know you could actually see a panel right in your browser from your workstation? This can all be done without ever exposing a port publicly. Making it easier to monitor your server without having to SSH in every time you want to see your server performance. Similar to Cockpit, which is for server configuration, you get a panel for monitoring anything you selected in your monitrc. This is truly very cool. We are going to learn some networking tricks to help us on our mission to make Linux software more accessible to anyone willing to take in the subject-matter.
We are going to pick up where we left off. Making sure to give ourselves access to the web browser control panel. This will take some SSH magic, a little port forwarding. The traffic will be directed to a local port on our workstation. Giving you access to boot, opening the door to other fun tricks you may then be inspired to check out. Now let’s get ready to learn something new and put it into practice to level up our professional edge.
Monit Setup
Now we will need to change one thing about our configuration from before. In our global settings we need the appropriate section to add this functionality. So, all we need to do is get back to our server and Vim right back into our monitrc file.
sudo vim /etc/monit/monitrc
To edit, type a. Then you can paste in the following.
# Globals #
###########
#
# set daemon interval in seconds
set daemon 60
#
# set monit log
set log /var/log/monit.log
#
# set SMTP email
set mailserver mail.yourmailserver.com port 3567
username "me@yourmailserver.com" password "mypassword" #change for production
using tlsv1
with timeout 30 seconds
#set the from email which should be same as the one above
set mail-format { from: me@yourmailserver.com }
#
# set Local Host httpd Port
set httpd port 2812 and
use address localhost
allow admin:monit # change this username and password on production server
Now you can see, we added a new piece here at the bottom of our global section. This is so we can monitor using our local host on port 2812. To stop editing hit Esc, then type :wq to write and quit the file. To be certain our file has good syntax, we will use the following command for a sanity check.
sudo monit -t
Make sure you get the “Control file syntax ok” message before proceeding. That way you don’t have to suffer through a cycle of restarts until your status comes up clean. To enable this feature, we need to restart Monit.
sudo systemctl restart monit
Now we will check the status to confirm that monit is still running as expected.
sudo systemctl status monit
Now we can check out open ports. For this, we will first make sure to have the net-tools package installed. Then we will go ahead and see what ports are running and their exposure.
sudo apt install net-tools
Now that we have net-tools, we can go ahead and run our command.
netstat -tupln
Now as you can see, we are not exposed to the outside web. We have our port running on the appropriate local host IP address. Now we can proceed to some SSH magic.
SSH Forwarding
With the way monit is configured now, we cannot view anything on our server using a web portal in the browser. To gain access to our web portal we need to Forward our local port to our workstation. This allows us to gain the connection we need to get our monitoring started. To achieve this, we will have to use a modified SSH command to bind the ports locally.
sudo ssh -L 2020:localhost:2812 remoteuser@0.0.0.0
Be sure to add your username on this server and the IP of your server as 0.0.0.0 is routed locally and is just our IP stand-in. The reason we are using this command is we made sure to disable outside access on this port. Giving us an opportunity to use this very useful trick. The -L is for local forwarding. We are basically binding our local port 2020 to the remote port 2812. Then we are connecting to the server much how you would any other day. This also works with SSH keys and specific SSH port.
sudo ssh -L 2020:localhost:2812 -i ~/.ssh/linux -p 6644 remoteuser@0.0.0.0
Here you can see that we have some additional options and indicators. We have an -i operator to indicate we are using an SSH key stored in the mentioned file. Then we are also using the -p operator to indicate the port number we logged in on. This allows you to use extra safety protocols with your SSH usage in general as described in Top 5 settings to harden your Linux SSH Server. By the time you realize, you start controlling your own constructs. Last thing to do is go to your browser and put in the following.
localhost:2020
This is where you need to put in your Monit username and password you configured into the monitrc file. Then you should see something like this.
You should now see your panel and all the set services that you set up Monit to monitor. You can control some programs like fail2ban or apache2. It all depends on what you add to your panel. It could have controls or just be a monitor. As you can see, this is a very useful trick that could very well be used for a few other port forwarding type ventures. All one need to do is think of other uses. Perhaps you make a few tweaks on a website, and you want to see it real time but not expose it to the web during final touches. Keeping your professionalism intact. Monit is definitely a tool to have in your bag of trick’s. It will set you apart from the newbies that don’t monitor their systems.
We will certainly have a blog about how to monitor various system all at once on the regular using Monit. Where we will unfold a little-bit more about what monit has to offer. Until then, you should add some monitoring to your system, you will not have to worry as much about how things are going on your systems. Put in the best of terms, you wouldn’t leave your bank account unmonitored right? That could leave you open to over drafts, debt, or worse yet bank account closed. So, why would you leave your money-maker without a set of purpose-specific monitors? Monit has been around for ages, so the documentation is rich. Monit is free and open source. Until next time, thanks for reading.