Monitoring your server with Monitorix Securely

Printer-friendly versionPDF version
monitorix processor load graph

To start monitoring your server using monitorix you need to install it first.

Installing Monitorix is really simple. Just follow the steps here

Or the guide below. You can do it in 2 ways.

Manually as below :

apt-get update
apt-get install rrdtool perl libwww-perl libmailtools-perl libmime-lite-perl librrds-perl libdbi-perl libxml-simple-perl libhttp-server-simple-perl libconfig-general-perl libio-socket-ssl-perl
dpkg -i monitorix*.deb
apt-get -f install
service monitorix start

Or your second option is that you add the repository listed under the official Monitorix download page for debian. The following 2 commands will add it to your sources list.

wget -q -O - | sudo apt-key add -
sudo sh -c 'echo "deb [arch=all] generic universe" >> /etc/apt/sources.list.d/'


I prefer this later approach. This way I can get updates from synaptic and dont have to manually pull new versions in.

After installation, one correction I had to do was change the value of the key "group" to "nogroup" in /etc/monitorix/monitorix.conf. Seems I need to correct my self. Since I am on debian, this value is overriden to be correct in /etc/monitorix/conf.d/00-debian.conf. So you don't need to change it in the /etc/monitorix/monitorix.conf. Also if your on debian, than this is where you need to add your no privilege mysql user and his password. And your mysql graph will start to work automatically. To create the mysql user do the following:

mysql --host=localhost --user=root --password
CREATE USER 'desired-user'@'localhost' IDENTIFIED BY 'password';

Than run in "/etc/monitorix/monitorix.conf", go to the section "# MYSQL graph" and provide the username and password you have created by the above sql statement

Mysql graph troubleshooting tip

If you still donot see mysql graph after this, when monitorix starts, than make sure that there is no "#" character in your my sql user password you set above. This password is set in the monitorix.conf file and if you have a '#' character than it and everything after it is treated as a comment and doesn't get picked up by the monitorix conf file.


Now lets secure up monitorix a bit. To that end lets turn on basic authentication to start with. You can generate a password as follows. The "htpasswd" utility should exist for you if you have apache installed. Secondly the -d option is important to specify, it just means to use the crpyt system utility instead of the default md5 one. I forgot that and puzzled over the issue for while why basic authentication was not working.

htpasswd -d -c /var/lib/monitorix/htpasswd 
New password:
Re-type new password:

After you password is in place. Just restart monitorix.

With the default file in place your Monitorix page is now accessible over the internet freely, ofcourse with your username and password, if all went well. Test it out, or maybe not. The problem with this is that you wind up sending your password in clear text over the net. If you want to even restrict that, add the value "localhost" to key "host" and "hostname" in /etc/monitorix/monitorix.conf. This way now monitorix is no longer accessible over the net. This is the way I want it to be.

To access your system stats from any PC now, my solution is to SSH to your machine and create a tunnel on port 8080 as below. Than just goto the url http://localhost:8080/monitorix and enojoy your system stats.

ssh -N -L 8080:localhost:8080


Top level category:


the -d option is what i was missing!

I was driving myself nuts with the -d thing. I got my htpasswd file to work outside of monitorix, but it wouldn't work inside monitorix. Also the ssh tunnel is a great idea. Thanks!

Add new comment