[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [monit] HTTPD on unix/local socket

From: Matt Goodall
Subject: Re: [monit] HTTPD on unix/local socket
Date: Wed, 22 Jul 2009 08:48:44 +0100

2009/7/22 Jan-Henrik Haukeland <address@hidden>:

> 1) It is true that each user's Monit instance will need a unique TCP port,
> but its the same with unix sockets, a unique file is required per instance.

Sure, but that's easy to arrange, e.g.~/.monit.sock.

> 2) Even if a unix socket is used, I still think you would like to use some
> form of authentication and not solely base access on file permission.

The authentication in the HTTPD would still be available if really
needed but surely 0600 permissions would typically be sufficient, i.e.
just like for ~/.monitrc.

> 3) The
> miniscule benefit of using unix sockets in your special use case does not
> justify the work needed for adding this feature IMHO. Not that it would
> require a lot of work though and if you would want to give it a stab please
> do.

Fair enough, I might have a go myself sometime.

Thanks for your feedback.

- Matt

> On 17. juli. 2009, at 18.45, Matt Goodall wrote:
>> Hi,
>> I've been using monit on a per-user basis for a while now, i.e. giving
>> each user account a "personal monit" instance. I find it a really nice
>> setup because it keeps a user's services self-contained and
>> self-managed.
>> Monit's HTTPD is basically essential to using monit in daemon mode
>> (monit status and monit summary don't work without it for instance)
>> but I find it quite inconvenient for my "personal monit" usecase:
>> 1. Each user's monit needs a unique port
>> 2. You need to configure some sort of authentication
>> (username/password or SSL) to stop other users accessing it
>> 3. I don't actually use the HTML user interface, I only need the HTTPD
>> for full stateful operation.
>> So, I wonder what people think about being able to start the HTTPD on
>> a unix socket that can only be accessed by the user by default? For
>> instance, "set httpd unix /path/to/file". Once you're using a unix
>> socket with restricted privileges points 1 and 2 simply go away,
>> making it really simple to set up.
>> Without trying to design the configuration language at this time (in
>> case this idea gets shot down ;-)) I think you'd need to be able to
>> configure:
>> * the path to the unix socket
>> * the ownership  of the file
>> * the file's permissions
>> Oh, using a socket might even be a nice way to allow authentication to
>> be moved to a front-end HTTP server that proxies to the monit HTTP
>> server. For instance, an nginx server handling the authentication that
>> then proxies through to a unix: upstream server.
>> - Matt
> --
> To unsubscribe:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]