2018-02-07 09:55:31 -06:00
<!DOCTYPE html>
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > Integrate netdata monitor (on FreeBSD server)< / title >
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
< / head >
< body >
< div id = "navigation" >
< a href = "https://www.iredmail.org" target = "_blank" >
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "integrate-netdata-monitor-on-freebsd-server" > Integrate netdata monitor (on FreeBSD server)< / h1 >
< div class = "toc" >
< ul >
< li > < a href = "#integrate-netdata-monitor-on-freebsd-server" > Integrate netdata monitor (on FreeBSD server)< / a > < ul >
< li > < a href = "#whats-netdata" > What's netdata< / a > < / li >
< li > < a href = "#install-netdata" > Install netdata< / a > < / li >
< li > < a href = "#configure-netdata" > Configure netdata< / a > < ul >
< li > < a href = "#monitor-nginx-and-php-fpm" > Monitor Nginx and php-fpm< / a > < / li >
< li > < a href = "#monitor-dovecot" > Monitor Dovecot< / a > < / li >
< li > < a href = "#monitor-mysqlmariadb-server" > Monitor MySQL/MariaDB server< / a > < / li >
< li > < a href = "#monitor-postgresql-server" > Monitor PostgreSQL server< / a > < / li >
< / ul >
< / li >
< li > < a href = "#configure-nginx-to-forward-requests-to-netdata" > Configure Nginx to forward requests to netdata< / a > < / li >
< / ul >
< / li >
< / ul >
< / div >
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< ul >
2018-02-07 10:14:56 -06:00
< li > This tutorial is tested on FreeBSD 11.x. For CentOS, Debian, Ubuntu,
please check this tutorial instead:
2018-02-07 09:55:31 -06:00
< a href = "./integration.netdata.linux.html" > Integrate netdata on Linux< / a > .< / li >
< li > netdata is an optional component since iRedMail-0.9.8.< / li >
< / ul >
< / div >
< h2 id = "whats-netdata" > What's netdata< / h2 >
< p > netdata (< a href = "http://my-netdata.io" > http://my-netdata.io< / a > ) is a "Simple. Effective. Awesome!" monitor
which can monitor almost everyting on your Linux/FreeBSD system. You can visit
its website to check online demo.< / p >
< p > We will show you how to install and configure netdata on iRedMail server
(Linux) to monitor mail service related softwares.< / p >
< h2 id = "install-netdata" > Install netdata< / h2 >
< pre > < code > cd /usr/ports/net-mgmt/netdata
make install clean
< / code > < / pre >
< h2 id = "configure-netdata" > Configure netdata< / h2 >
< p > Main config file of netdata is < code > /usr/local/etc/netdata/netdata.conf< / code > , it
contains many parameters with detailed comments. Here's the
< a href = "https://bitbucket.org/zhb/iredmail/src/default/iRedMail/samples/netdata/netdata.conf" > config file< / a >
used by iRedMail:< / p >
< ul >
< li > It binds to address < code > 127.0.0.1< / code > and port < code > 19999< / code > by default. Since it doesn't
have ACL control, we will run netdata behind Nginx to get ACL control done in
Nginx.< / li >
< / ul >
< pre > < code > [registry]
enabled = no
[global]
bind to = 127.0.0.1
run as user = netdata
default port = 19999
update every = 3
[plugin:proc]
# Disable IPVS check since iRedMail doesn't use ipvs by default
/proc/net/ip_vs/stats = no
# inbound packets dropped
/proc/net/dev = no
< / code > < / pre >
< p > netdata ships a lot modular config files to gather information of softwares
running on the server, they have very good default settings and most config
files don't need your attention at all, including:< / p >
< ul >
< li > System resources (CPU, RAM, disk I/O, etc)< / li >
< li > Nginx log file monitoring< / li >
< li > Fail2ban jails< / li >
< li > Memcached< / li >
< li > ...< / li >
< / ul >
< p > But some applications do require extra settings, we will cover them below.< / p >
< h3 id = "monitor-nginx-and-php-fpm" > Monitor Nginx and php-fpm< / h3 >
< p > We need to enable < code > stub_status< / code > in Nginx to get detailed server info, also
update php-fpm config file to enable similar feature.< / p >
< ul >
< li > Create Nginx config snippet < code > /usr/local/etc/nginx/templates/stub_status.tmpl< / code > with
content below:< / li >
< / ul >
< pre > < code > location = /stub_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location = /status {
include fastcgi_params;
fastcgi_pass php_workers;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
access_log off;
allow 127.0.0.1;
deny all;
}
< / code > < / pre >
< ul >
< li > Update default virtual host config file < code > /usr/local/etc/nginx/sites-enabled/00-default.conf< / code > ,
include new snippet config file < code > stub_status.tmpl< / code > after the
< code > redirect_to_https.tmpl< / code > line like below:< / li >
< / ul >
< pre > < code > server {
...
include /usr/local/etc/nginx/templates/redirect_to_https.tmpl;
include /usr/local/etc/nginx/templates/stub_status.tmpl; # < - add this line
...
}
< / code > < / pre >
< ul >
< li > Update php-fpm pool config file < code > /usr/local/etc/php-fpm.d/www.conf< / code > , enable
parameter < code > pm.status_path< / code > like below:< / li >
< / ul >
< pre > < code > pm.status_path = /status
< / code > < / pre >
< ul >
< li > Restart both php-fpm and Nginx service.< / li >
< / ul >
< h3 id = "monitor-dovecot" > Monitor Dovecot< / h3 >
< p > We need to enable statistics module in Dovecot.< / p >
< ul >
< li > Please open Dovecot config file < code > /usr/local/etc/dovecot/dovecot.conf< / code > ,
append plugin < code > stats< / code > in global parameter < code > mail_plugins< / code > , and < code > imap_stats< / code >
for imap protocol:< / li >
< / ul >
< pre > < code > mail_plugins = ... stats
protocol imap {
mail_plugins = ... imap_stats
...
}
< / code > < / pre >
< ul >
< li > Append settings below in Dovecot config file:< / li >
< / ul >
< pre > < code > plugin {
# how often to session statistics (must be set)
stats_refresh = 30 secs
# track per-IMAP command statistics (optional)
stats_track_cmds = yes
}
service stats {
fifo_listener stats-mail {
user = vmail
mode = 0644
}
inet_listener {
address = 127.0.0.1
port = 24242
}
}
< / code > < / pre >
< ul >
< li > Restart Dovecot service.< / li >
< / ul >
< h3 id = "monitor-mysqlmariadb-server" > Monitor MySQL/MariaDB server< / h3 >
< p > netdata requires a SQL user (we use < code > netdata< / code > here) with privilege < code > USAGE< / code > to
gather MySQL server information.< / p >
< ul >
< li > Create the SQL user with a strong password (please replace < code > < password> < / code > in
command below by the real (and strong) password).< / li >
< / ul >
< pre > < code > # mysql -u root
sql> GRANT USAGE ON *.* TO netdata@localhost IDENTIFIED BY '< password> ';
sql> FLUSH PRIVILEGES;
< / code > < / pre >
< ul >
< li >
< p > Create file < code > /usr/local/etc/netdata/python.d/mysql.conf< / code > with content below.< / p >
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< ul >
< li > This file already exists, feel free to remove all content in this file
and copy content below as its new content.< / li >
< li > Please replace < code > < password> < / code > below by the real password.< / li >
< / ul >
< / div >
< / li >
< / ul >
< pre > < code > tcp:
name: 'local'
host: '127.0.0.1'
port: '3306'
user: 'netdata'
pass: '< password> '
< / code > < / pre >
< h3 id = "monitor-postgresql-server" > Monitor PostgreSQL server< / h3 >
< p > netdata requires a SQL user (we use < code > netdata< / code > here) to gather PostgreSQL server
information.< / p >
< ul >
< li > Create the SQL user with a strong password (please replace < code > < password> < / code > in
command below by the real (and strong) password).< / li >
< / ul >
< pre > < code > # su - postgres
$ psql
sql> CREATE USER netdata WITH ENCRYPTED PASSWORD '< password> ' NOSUPERUSER NOCREATEDB NOCREATEROLE;
< / code > < / pre >
< ul >
< li >
< p > Create file < code > /usr/local/etc/netdata/python.d/mysql.conf< / code > with content below.< / p >
< div class = "admonition attention" >
< p class = "admonition-title" > Attention< / p >
< ul >
< li > This file already exists, feel free to remove all content in this file
and copy content below as its new content.< / li >
< li > Please replace < code > < password> < / code > below by the real password.< / li >
< / ul >
< / div >
< / li >
< / ul >
< pre > < code > socket:
name : 'local'
user : 'netdata'
password : '< password> '
database : 'postgres'
< / code > < / pre >
< h2 id = "configure-nginx-to-forward-requests-to-netdata" > Configure Nginx to forward requests to netdata< / h2 >
< ul >
< li > Create Nginx config snippet < code > /usr/local/etc/nginx/templates/netdata.tmpl< / code > with
content below:< / li >
< / ul >
< pre > < code > # Running netdata as a subfolder to an existing virtual host
# FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?< ndpath> .*) {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection " keep-alive" ;
proxy_store off;
2018-02-09 20:14:52 -06:00
proxy_pass http://127.0.0.1:19999/$ndpath$is_args$args;
2018-02-07 09:55:31 -06:00
gzip on;
gzip_proxied any;
gzip_types *;
auth_basic " Authentication Required" ;
auth_basic_user_file /usr/local/etc/nginx/netdata.users;
}
< / code > < / pre >
< ul >
< li > Update default virtual host (https site) config file
< code > /usr/local/etc/nginx/sites-enabled/00-default-ssl.conf< / code > ,
include new snippet config file < code > netdata.tmpl< / code > before the
< code > misc.tmpl< / code > line like below:< / li >
< / ul >
< pre > < code > server {
...
include /usr/local/etc/nginx/templates/netdata.tmpl; # < - add this line
include /usr/local/etc/nginx/templates/misc.tmpl;
...
}
< / code > < / pre >
< ul >
2018-02-07 10:14:56 -06:00
< li > Create new file < code > /usr/local/etc/nginx/netdata.users< / code > used for basic http auth:< / li >
2018-02-07 09:55:31 -06:00
< / ul >
< pre > < code > touch /usr/local/etc/nginx/netdata.users
< / code > < / pre >
< ul >
2018-02-07 10:14:56 -06:00
< li > Run command below to generate a SSHA password hash. NOTE: Please replace
< code > < password> < / code > below by a real, strong password.< / li >
< / ul >
< pre > < code > doveadm pw -s SSHA -p '< password> '
< / code > < / pre >
< p > The password looks like this < code > {SSHA}Tama1midwSV6XWTlonR6n6sNM8yuEPvv< / code > .< / p >
< ul >
< li > Now open < code > /usr/local/etc/nginx/netdata.users< / code > with your faviourite text
editor, add a line like below to create an account used to access netdata.
The format is < code > < username> :< password> < / code > .< / li >
< / ul >
< pre > < code > postmaster@domain.com:{SSHA}Tama1midwSV6XWTlonR6n6sNM8yuEPvv
< / code > < / pre >
< ul >
< li > Restart nginx service.< / li >
< / ul >
< p > Now open a web browser and access url < code > https://your-server/netdata/< / code > (please
replace < code > your-server< / code > by the real domain name), it will ask you to input
username and password for authentication, please use the account we just added
in file < code > /usr/local/etc/nginx/netdata.users< / code > to login.< / p >
< p > This is what you see after successfully logged in:< / p >
< p > < img alt = "" src = "./images/netdata/system-overview.png" width = "900px" / > < / p > < div class = "footer" >
2018-02-07 09:55:31 -06:00
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://bitbucket.org/zhb/iredmail-docs/src" > BitBucket repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "https://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
< / div >
<!-- Global site tag (gtag.js) - Google Analytics -->
< script async src = "https://www.googletagmanager.com/gtag/js?id=UA-3293801-21" > < / script >
< script >
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-3293801-21');
< / script >
< / body > < / html >