Skip to content

Instantly share code, notes, and snippets.

@mckaygerhard

mckaygerhard/server-alpine-NAGIOS-fastforward-alpine3.14.md

Last active October 31, 2024 22:00
Show Gist options
  • Save mckaygerhard/eb5becafa7176578b4c8492815b1a6a0 to your computer and use it in GitHub Desktop.
Save mckaygerhard/eb5becafa7176578b4c8492815b1a6a0 to your computer and use it in GitHub Desktop.
Download ZIP
Alpine3.14 + Apache2 + Php7 + Nagios4
Raw
server-alpine-NAGIOS-fastforward-alpine3.14.md

Alpine3.14 + Apache2 + Php7 + Nagios4

The recommendation its to use apache2 behind a reverse proxy setup, such like lighttpd or hiawatta servers. Check for more at https://venenux.github.io/alpine-wiki.

Warning those are for php 7 (php7) due composer dependencies on alpine 3.14 if you runs newers alpine: 3.19 uses php82, 3.18/3.17 uses php81, 3.16/3.15 uses php8

Sorry, I won't explain anything, you'll just be forced to obey, as it should be, because it works and it works very well:

install alpine linux

If you have bare metall follow this guide https://venenux.github.io/alpine-wiki/#/tutorials/README#install

mkdir -p /home/general/VM/alpine314 && cd /home/general/VM/alpine314

qemu-img create -f raw computerint1alpine-vitualdisk1-file.raw 6G

wget -c -t8 --no-check-certificate http://dl-cdn.alpinelinux.org/alpine/v3.14/releases/x86_64/alpine-extended-3.14.0-x86_64.iso

qemu-system-x86_64  -m 2048 -name "computerint1alpine314" \
 -cpu host -machine q35 \
 -device rtl8139,netdev=nd1 -netdev user,id=nd1,restrict=off,hostfwd=tcp::3222-:22,hostfwd=tcp::9080-:80,hostfwd=tcp::9443-:443 \
 -device virtio-keyboard -device virtio-mouse -device virtio-tablet -device virtio-vga,max_outputs=1 \
 -drive file=computerint1alpine-vitualdisk1-file.raw,format=raw \
 -cdrom alpine-extended-3.14.0-x86_64.iso -boot d
  • When start it, will ask for root just write "root"# and enter to start the command setup-alpine

the setup-alpine command procedure

  • keyboard and variant, example for Latin is es and after then es-winkeys
  • hostname: just hit enter, it's the name of the computer, must be only strings.
  • Network: select the eth0 one that is the network cable and answer dhcp.
  • Network (again): only happends if you have wifi or second card.. must ignore it
  • DNS Options: It is recommended to use 8.8.8.8 and none for the domain
  • Root: password for the administrative account, take care and dont forgive it
  • Timezone: use UTC only for one OS, otherwise America/Panama or something similar
  • Proxy Options: Use none if you are connecting directly to the Internet.
  • NTP Options: Use chrony the packet already in the medium (extended).
  • APK mirror: if you are over slow or no interent, type Skip or none
  • User: modern alpine releases allows user creation, skip by typing no
  • SSH Options: Use openssh the package that already comes in the medium (extended).
  • Root allow: here you must type yes because we do not setup user yet!
  • SSH key: just type here none
  • Disk Options: Use sda as the entire hard drive present will be used.
  • Mode: Select sys to install the system on disk.

Then reboot and if you are using a virtual machine change the line -boot d to -boot c

0 - Setup environment

cat > /etc/apk/repositories << EOF
http://dl-4.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/main
http://dl-4.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/community
EOF

apk update

apk add man-pages nano binutils coreutils readline \
 sed attr dialog lsof less groff wget curl terminus-font \
 file lz4 gawk tree pciutils usbutils lshw tzdata \
 zip p7zip xz tar cabextract cpio binutils lha acpi musl-locales musl-locales-lang \
 e2fsprogs btrfs-progs exfat-utils f2fs-tools dosfstools xfsprogs jfsutils \
 arch-install-scripts util-linux docs

rc-update add consolefont boot

1 - apache2

apk add apache2 apache2-utils apache2-error apache2-proxy-html apache2-proxy

mkdir -p /etc/skel/Devel
mkdir -p /var/www/localhost/cgi-bin /var/www/localhost/htdocs /var/log/apache2
sed -i -r 's#^Listen.*#Listen 80#g' /etc/apache2/httpd.conf
sed -i -r 's#^ServerTokens.*#ServerTokens Minimal#g' /etc/apache2/httpd.conf
chown -R apache:www-data /var/www/localhost/
chown -R apache:wheel /var/log/apache2
sed -i -r 's#.*LoadModule.*modules/mod_cgid.so.*#LoadModule cgid_module modules/mod_cgid.so#g' /etc/apache2/httpd.conf
sed -i -r 's#.*LoadModule.*modules/mod_cgi.so.*#LoadModule cgi_module modules/mod_cgi.so#g' /etc/apache2/httpd.conf
sed -i -r 's#.*LoadModule.*modules/mod_alias.so.*#LoadModule alias_module modules/mod_alias.so#g' /etc/apache2/httpd.conf
sed -i -r 's#.*ScriptAlias /cgi-bin/.*#    ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin"#g' /etc/apache2/httpd.conf
sed -i -r 's#.*LoadModule.*modules/mod_usertrack.so.*#LoadModule usertrack_module modules/mod_usertrack.so#g' /etc/apache2/httpd.conf
sed -i -r 's#.*LoadModule.*modules/mod_userdir.so.*#LoadModule userdir_module modules/mod_userdir.so#g' /etc/apache2/httpd.conf
sed -i -r 's#public_html#Devel#g' /etc/apache2/conf.d/userdir.conf
sed -i -r 's#AllowOverride.*#AllowOverride All#g' /etc/apache2/conf.d/userdir.conf
sed -i -r 's#/usr/lib/libxml2.so.*#/usr/lib/libxml2.so.2#g' /etc/apache2/conf.d/proxy-html.conf

rc-update add apache2 default

rc-service apache2 restart

echo "it works" > /var/www/localhost/htdocs/index.html
for i in $(ls /home/*); do mkdir $i/Devel ; done

For testing open a browser and go to http://<webserveripaddres> but for secure way or SSL support: https://venenux.github.io/alpine-wiki/#/tutorials/server-alpine-LAMP-professional-fast-forward

2 - PHP

apk add php7-opcache php7-openssl php7-json php7-bcmath php7-mbstring php7-bz2 \
 php7-ctype php7-dev php7-dom php7-enchant php7-fileinfo php7-shmop php7-simplexml php7-tidy \
 php7-tokenizer php7-sysvmsg php7-sysvsem php7-sysvshm php7-xml php7-xmlreader \
 php7-xmlwriter php7-xsl php7-zip php7-intl php7-gettext php7-pspell php7-calendar \
 php7-exif php7-gd php7-pcntl php7-gmp php7-imap php7-session php7-curl php7-pear \
 php7-phar php7-doc php7-embed php7-posix php7-fpm php7-cgi php7-dba php7-mysqli \
 php7-mysqlnd php7-odbc php7-pgsql php7-sodium php7-sqlite3 php7-apache2 \
 php7-pdo php7-pdo_dblib php7-pdo_mysql php7-pdo_odbc php7-pdo_pgsql php7-pdo_sqlite

sed -i -r 's|.*cgi.fix_pathinfo=.*|cgi.fix_pathinfo=1|g' /etc/php*/php.ini
sed -i -r 's#.*safe_mode =.*#safe_mode = Off#g' /etc/php*/php.ini
sed -i -r 's#.*expose_php =.*#expose_php = Off#g' /etc/php*/php.ini
sed -i -r 's#memory_limit =.*#memory_limit = 536M#g' /etc/php*/php.ini
sed -i -r 's#upload_max_filesize =.*#upload_max_filesize = 128M#g' /etc/php*/php.ini
sed -i -r 's#post_max_size =.*#post_max_size = 256M#g' /etc/php*/php.ini
sed -i -r 's#^file_uploads =.*#file_uploads = On#g' /etc/php*/php.ini
sed -i -r 's#^max_file_uploads =.*#max_file_uploads = 12#g' /etc/php*/php.ini
sed -i -r 's#^allow_url_fopen = .*#allow_url_fopen = On#g' /etc/php*/php.ini
sed -i -r 's#^.default_charset =.*#default_charset = "UTF-8"#g' /etc/php*/php.ini
sed -i -r 's#^.max_execution_time =.*#max_execution_time = 150#g' /etc/php*/php.ini
sed -i -r 's#^max_input_time =.*#max_input_time = 90#g' /etc/php*/php.ini
mkdir -p /var/run/php-fpm7/
sed -i -r 's|^.*listen.owner = .*|listen.owner = apache|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen.group = .*|listen.group = www-data|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen.mode = .*|listen.mode = 0660|g' /etc/php*/php-fpm.d/www.conf
chown apache:www-data /var/run/php-fpm7

sed -i -r 's|^.*listen =.*|listen = /run/php-fpm7/php-fpm.sock|g' /etc/php7/php-fpm.d/www.conf
sed -i -r 's|^pid =.*|pid = /run/php-php7/php-fpm.pid|g' /etc/php7/php-fpm.conf
rc-update add php-fpm7
rc-service php-fpm7 restart

sed -i -r 's|.*LoadModule.*modules/mod_mpm_event.so.*|LoadModule mpm_event_module modules/mod_mpm_event.so|g' /etc/apache2/httpd.conf
sed -i -r 's|.*LoadModule.*modules/mod_mpm_prefork.so.*|#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so|g' /etc/apache2/httpd.conf
rm /etc/apache2/conf.d/php*.conf
cat >> /etc/apache2/conf.d/php7-fpm.conf << EOF
<FilesMatch \\.php\$>
   <If "-f %{REQUEST_FILENAME}">
    SetHandler "proxy:unix:/run/php-fpm7/php-fpm.sock|fcgi://localhost"
   </If>
</FilesMatch>
EOF
rc-update add apache2
rc-service apache2 restart

echo -e "<?php\nphpinfo( );\n?>" > /var/www/localhost/htdocs/index.php

3 - Databases mysql

apk add mysql mysql-client mariadb-doc mariadb-server-utils mariadb-mytop

mysql_install_db --user=mysql --datadir=/var/lib/mysql

sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/mysql/my.cnf
sed -i "s|.*max_allowed_packet\s*=.*|max_allowed_packet = 100M|g" /etc/my.cnf.d/mariadb-server.cnf
sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/mysql/my.cnf
sed -i "s|.*bind-address\s*=.*|bind-address=0.0.0.0|g" /etc/my.cnf.d/mariadb-server.cnf
sed -i "s|.*skip-networking.*|#skip-networking|g" /etc/mysql/my.cnf
sed -i "s|.*skip-networking.*|#skip-networking|g" /etc/my.cnf.d/mariadb-server.cnf
rc-update add mariadb
rc-service mariadb restart

mysqladmin -u root password root

mkdir -p /usr/share/webapps/adminer && wget https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1.php -O /usr/share/webapps/adminer/adminer-4.8.1.php

ln -s adminer-4.8.1.php /usr/share/webapps/adminer/index.php
cat >> /etc/apache2/conf.d/adminer.conf << EOF
Alias /adminer /usr/share/webapps/adminer/
<Directory /usr/share/webapps/adminer/>
    Require all granted
    DirectoryIndex index.php
</Directory>
EOF
rc-service apache2 restart

4 - nagios

apk add net-snmp net-snmp-perl net-snmp-tools unzip

cat > /etc/snmp/snmpd.conf << EOF
rocommunity  venenux
rocommunity  public localhost
sysLocation    zabbix fusilsystem
sysContact     infoadmin <[email protected]>
EOF

rc-update add snmpd default
rc-service snmpd restart


apk add nrpe nrpe-plugin

IPAD=$(ip add | grep inet | grep -v inet6 | tail -n 1 | cut -dt -f 2 | cut -d' ' -f 2 | cut -d/ -f1) ; \
sed -i "s|.*server_address=.*|server_address=$IPAD|g" /etc/nrpe.cfg

IPNT=$(ip add | grep inet | grep -v inet6 | tail -n 1 | cut -dt -f 2 | cut -d' ' -f 2) ; \
sed -i "s|.*allowed_hosts=.*|allowed_hosts=127.0.0.1,::1,$IPNT|g" /etc/nrpe.cfg

sed -i "s|.*user=.*|user=nagios|g" /etc/conf.d/nrpe
rc-update add nrpe default
rc-service nrpe restart

apk add nagios iputils nagios-apache nagios-web nagios-plugins-all nrpe-plugin

sed -i "s|nobody|nagios|g" /etc/conf.d/nagios
sed -i "s|\.pid|\.lock|g" /etc/init.d/nagios
sed -i "s|.*lock_file=.*|lock_file=/var/run/nagios\.lock|g" /etc/nagios/nagios.cfg
rc-update add nagios default
rc-service nagios restart

touch /etc/nagios/htpasswd.users
htpasswd -db /etc/nagios/htpasswd.users nagiosadmin admin1
sed -i "s|/usr/sbin|/usr/lib/nagios/cgi-bin|g" /etc/apache2/sites-available/nagios.conf
ln -s ../sites-available/nagios.conf /etc/apache2/conf.d/nagios.conf
rc-update add apache2 default
rc-service apache2 restart


apk add doas bash shadow shadow-uidmap doas musl-locales musl-locales-lang

cat > /etc/doas.conf << EOF
permit nopass nagios as root cmd nmap
EOF
for g in netdev www-data ping; do addgroup nagios $g; done

5 - iDrac checks

Lest configure a device to monitor, a powered older iDrac from DELL, we need to define the object inside nagios, also get the required plugins from other place and put the files in respective order:

apk add git git-doc net-snmp-tools net-snmp-libs python3

mkdir -p /usr/src/Devel && cd /usr/src/Devel
git clone https://github.com/dangmocrang/check_idrac && cd check_idrac
cp -fL check_idrac /usr/lib/nagios/plugins
cp -fL iDRAC-SMIv2.mib /usr/share/snmp/mibs

cat > /etc/nagios/objects/idracserver1.cfg << EOF
define host{
  host_name               idrac-dut
  alias                   iDRAC Server
  address                 192.168.10.15
  check_command           check-host-alive
  check_interval          1
  retry_interval          1
  max_check_attempts      5
  check_period            24x7
  process_perf_data       0
  contact_groups          admins
  retain_nonstatus_information    0
  notification_interval   1
  notification_period     24x7
  notification_options    d,u,r
  }

define command{
  command_name            check-idrac
  command_line            python3 /usr/lib/nagios/plugins/check_idrac -H 192.168.10.15 -c public -v2c -m /usr/share/snmp/mibs/iDRAC-SMIv2.mib -n
  }


define service{
  host_name               idrac-dut
  service_description     ServerReport
  check_command           check-idrac
  max_check_attempts      5
  check_interval  1
  retry_interval  1
  check_period    24x7
  notification_interval   3
  notification_period     24x7
  notification_options    w,c,r
  }
EOF

sed -i '\|/etc/nagios/objects/idracserver1.cfg|d ' /etc/nagios/nagios.cfg
echo "cfg_file=/etc/nagios/objects/idracserver1.cfg"  >> /etc/nagios/nagios.cfg
rc-service nagios restart

Results

  • NAGIOS: http://<ip>/nagios/
  • admin user nagiosadmin, password admin1

see also

LICENSE

CC BY-NC-SA: the project allows reusers to distribute, remix, adapt, and build upon the material in any medium or format for noncommercial purposes only, and only so long as attribution is given to the creators involved. If you remix, adapt, or build upon the material, you must license the modified material under identical terms, includes the following elements:

  • BY – Credit must be given to the creator of each content respectivelly, starting at the first contributor.
  • NC – Only noncommercial uses of the work are permitted, with exceptions if you fill an issue here!
  • SA – Adaptations must be shared under the same terms, you must obey this terms and do not change it.

For more information check the [alpine/copyright.md](https://venenux.github.io/alpine-wiki/#/alpine/copyright)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment