[monit] HTTPD on unix/local socket

[Matt Goodall]

Hi,

I've been using monit on a per-user basis for a while now, i.e. giving
each user account a "personal monit" instance. I find it a really nice
setup because it keeps a user's services self-contained and
self-managed.

Monit's HTTPD is basically essential to using monit in daemon mode
(monit status and monit summary don't work without it for instance)
but I find it quite inconvenient for my "personal monit" usecase:

1. Each user's monit needs a unique port
2. You need to configure some sort of authentication
(username/password or SSL) to stop other users accessing it
3. I don't actually use the HTML user interface, I only need the HTTPD
for full stateful operation.

So, I wonder what people think about being able to start the HTTPD on
a unix socket that can only be accessed by the user by default? For
instance, "set httpd unix /path/to/file". Once you're using a unix
socket with restricted privileges points 1 and 2 simply go away,
making it really simple to set up.

Without trying to design the configuration language at this time (in
case this idea gets shot down ;-)) I think you'd need to be able to
configure:

* the path to the unix socket
* the ownership  of the file
* the file's permissions

Oh, using a socket might even be a nice way to allow authentication to
be moved to a front-end HTTP server that proxies to the monit HTTP
server. For instance, an nginx server handling the authentication that
then proxies through to a unix: upstream server.

- Matt