New: integration.netdata.freebsd.html.
This commit is contained in:
parent
d98d5d90f2
commit
b463f1fbb5
|
@ -0,0 +1,278 @@
|
||||||
|
# Integrate netdata monitor (on FreeBSD server)
|
||||||
|
|
||||||
|
[TOC]
|
||||||
|
|
||||||
|
!!! attention
|
||||||
|
|
||||||
|
* This tutorial is tested on FreeBSD 11.x. If you need to run netdata on
|
||||||
|
CentOS, Debian, Ubuntu, please check this tutorial instead:
|
||||||
|
[Integrate netdata on Linux](./integration.netdata.linux.html).
|
||||||
|
* netdata is an optional component since iRedMail-0.9.8.
|
||||||
|
|
||||||
|
## What's netdata
|
||||||
|
|
||||||
|
netdata (<http://my-netdata.io>) is a "Simple. Effective. Awesome!" monitor
|
||||||
|
which can monitor almost everyting on your Linux/FreeBSD system. You can visit
|
||||||
|
its website to check online demo.
|
||||||
|
|
||||||
|
We will show you how to install and configure netdata on iRedMail server
|
||||||
|
(Linux) to monitor mail service related softwares.
|
||||||
|
|
||||||
|
## Install netdata
|
||||||
|
|
||||||
|
```
|
||||||
|
cd /usr/ports/net-mgmt/netdata
|
||||||
|
make install clean
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configure netdata
|
||||||
|
|
||||||
|
Main config file of netdata is `/usr/local/etc/netdata/netdata.conf`, it
|
||||||
|
contains many parameters with detailed comments. Here's the
|
||||||
|
[config file](https://bitbucket.org/zhb/iredmail/src/default/iRedMail/samples/netdata/netdata.conf)
|
||||||
|
used by iRedMail:
|
||||||
|
|
||||||
|
* It binds to address `127.0.0.1` and port `19999` by default. Since it doesn't
|
||||||
|
have ACL control, we will run netdata behind Nginx to get ACL control done in
|
||||||
|
Nginx.
|
||||||
|
|
||||||
|
```
|
||||||
|
[registry]
|
||||||
|
enabled = no
|
||||||
|
|
||||||
|
[global]
|
||||||
|
bind to = 127.0.0.1
|
||||||
|
run as user = netdata
|
||||||
|
default port = 19999
|
||||||
|
update every = 3
|
||||||
|
|
||||||
|
[plugin:proc]
|
||||||
|
# Disable IPVS check since iRedMail doesn't use ipvs by default
|
||||||
|
/proc/net/ip_vs/stats = no
|
||||||
|
|
||||||
|
# inbound packets dropped
|
||||||
|
/proc/net/dev = no
|
||||||
|
```
|
||||||
|
|
||||||
|
netdata ships a lot modular config files to gather information of softwares
|
||||||
|
running on the server, they have very good default settings and most config
|
||||||
|
files don't need your attention at all, including:
|
||||||
|
|
||||||
|
* System resources (CPU, RAM, disk I/O, etc)
|
||||||
|
* Nginx log file monitoring
|
||||||
|
* Fail2ban jails
|
||||||
|
* Memcached
|
||||||
|
* ...
|
||||||
|
|
||||||
|
But some applications do require extra settings, we will cover them below.
|
||||||
|
|
||||||
|
### Monitor Nginx and php-fpm
|
||||||
|
|
||||||
|
We need to enable `stub_status` in Nginx to get detailed server info, also
|
||||||
|
update php-fpm config file to enable similar feature.
|
||||||
|
|
||||||
|
* Create Nginx config snippet `/usr/local/etc/nginx/templates/stub_status.tmpl` with
|
||||||
|
content below:
|
||||||
|
|
||||||
|
```
|
||||||
|
location = /stub_status {
|
||||||
|
stub_status on;
|
||||||
|
access_log off;
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /status {
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_pass php_workers;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
|
||||||
|
access_log off;
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
* Update default virtual host config file `/usr/local/etc/nginx/sites-enabled/00-default.conf`,
|
||||||
|
include new snippet config file `stub_status.tmpl` after the
|
||||||
|
`redirect_to_https.tmpl` line like below:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
...
|
||||||
|
include /usr/local/etc/nginx/templates/redirect_to_https.tmpl;
|
||||||
|
include /usr/local/etc/nginx/templates/stub_status.tmpl; # <- add this line
|
||||||
|
...
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
* Update php-fpm pool config file `/usr/local/etc/php-fpm.d/www.conf`, enable
|
||||||
|
parameter `pm.status_path` like below:
|
||||||
|
|
||||||
|
```
|
||||||
|
pm.status_path = /status
|
||||||
|
```
|
||||||
|
|
||||||
|
* Restart both php-fpm and Nginx service.
|
||||||
|
|
||||||
|
### Monitor Dovecot
|
||||||
|
|
||||||
|
We need to enable statistics module in Dovecot.
|
||||||
|
|
||||||
|
* Please open Dovecot config file `/usr/local/etc/dovecot/dovecot.conf`,
|
||||||
|
append plugin `stats` in global parameter `mail_plugins`, and `imap_stats`
|
||||||
|
for imap protocol:
|
||||||
|
|
||||||
|
```
|
||||||
|
mail_plugins = ... stats
|
||||||
|
|
||||||
|
protocol imap {
|
||||||
|
mail_plugins = ... imap_stats
|
||||||
|
...
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
* Append settings below in Dovecot config file:
|
||||||
|
|
||||||
|
```
|
||||||
|
plugin {
|
||||||
|
# how often to session statistics (must be set)
|
||||||
|
stats_refresh = 30 secs
|
||||||
|
# track per-IMAP command statistics (optional)
|
||||||
|
stats_track_cmds = yes
|
||||||
|
}
|
||||||
|
|
||||||
|
service stats {
|
||||||
|
fifo_listener stats-mail {
|
||||||
|
user = vmail
|
||||||
|
mode = 0644
|
||||||
|
}
|
||||||
|
|
||||||
|
inet_listener {
|
||||||
|
address = 127.0.0.1
|
||||||
|
port = 24242
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
* Restart Dovecot service.
|
||||||
|
|
||||||
|
### Monitor MySQL/MariaDB server
|
||||||
|
|
||||||
|
netdata requires a SQL user (we use `netdata` here) with privilege `USAGE` to
|
||||||
|
gather MySQL server information.
|
||||||
|
|
||||||
|
* Create the SQL user with a strong password (please replace `<password>` in
|
||||||
|
command below by the real (and strong) password).
|
||||||
|
|
||||||
|
```
|
||||||
|
# mysql -u root
|
||||||
|
sql> GRANT USAGE ON *.* TO netdata@localhost IDENTIFIED BY '<password>';
|
||||||
|
sql> FLUSH PRIVILEGES;
|
||||||
|
```
|
||||||
|
|
||||||
|
* Create file `/usr/local/etc/netdata/python.d/mysql.conf` with content below.
|
||||||
|
|
||||||
|
!!! attention
|
||||||
|
|
||||||
|
* This file already exists, feel free to remove all content in this file
|
||||||
|
and copy content below as its new content.
|
||||||
|
* Please replace `<password>` below by the real password.
|
||||||
|
|
||||||
|
```
|
||||||
|
tcp:
|
||||||
|
name: 'local'
|
||||||
|
host: '127.0.0.1'
|
||||||
|
port: '3306'
|
||||||
|
user: 'netdata'
|
||||||
|
pass: '<password>'
|
||||||
|
```
|
||||||
|
|
||||||
|
### Monitor PostgreSQL server
|
||||||
|
|
||||||
|
netdata requires a SQL user (we use `netdata` here) to gather PostgreSQL server
|
||||||
|
information.
|
||||||
|
|
||||||
|
* Create the SQL user with a strong password (please replace `<password>` in
|
||||||
|
command below by the real (and strong) password).
|
||||||
|
|
||||||
|
```
|
||||||
|
# su - postgres
|
||||||
|
$ psql
|
||||||
|
sql> CREATE USER netdata WITH ENCRYPTED PASSWORD '<password>' NOSUPERUSER NOCREATEDB NOCREATEROLE;
|
||||||
|
```
|
||||||
|
|
||||||
|
* Create file `/usr/local/etc/netdata/python.d/mysql.conf` with content below.
|
||||||
|
|
||||||
|
!!! attention
|
||||||
|
|
||||||
|
* This file already exists, feel free to remove all content in this file
|
||||||
|
and copy content below as its new content.
|
||||||
|
* Please replace `<password>` below by the real password.
|
||||||
|
|
||||||
|
```
|
||||||
|
socket:
|
||||||
|
name : 'local'
|
||||||
|
user : 'netdata'
|
||||||
|
password : '<password>'
|
||||||
|
database : 'postgres'
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configure Nginx to forward requests to netdata
|
||||||
|
|
||||||
|
* Create Nginx config snippet `/usr/local/etc/nginx/templates/netdata.tmpl` with
|
||||||
|
content below:
|
||||||
|
|
||||||
|
```
|
||||||
|
# Running netdata as a subfolder to an existing virtual host
|
||||||
|
# FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx
|
||||||
|
|
||||||
|
location = /netdata {
|
||||||
|
return 301 /netdata/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /netdata/(?<ndpath>.*) {
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_pass_request_headers on;
|
||||||
|
proxy_set_header Connection "keep-alive";
|
||||||
|
proxy_store off;
|
||||||
|
proxy_pass http://netdata/$ndpath$is_args$args;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_types *;
|
||||||
|
|
||||||
|
auth_basic "Authentication Required";
|
||||||
|
auth_basic_user_file /usr/local/etc/nginx/netdata.users;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
* Update default virtual host (https site) config file
|
||||||
|
`/usr/local/etc/nginx/sites-enabled/00-default-ssl.conf`,
|
||||||
|
include new snippet config file `netdata.tmpl` before the
|
||||||
|
`misc.tmpl` line like below:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
...
|
||||||
|
include /usr/local/etc/nginx/templates/netdata.tmpl; # <- add this line
|
||||||
|
include /usr/local/etc/nginx/templates/misc.tmpl;
|
||||||
|
...
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
* Create new file `/usr/local/etc/nginx/netdata.users` and an account used to access
|
||||||
|
netdata. NOTE: Please replace `<password>` below by a real, strong password.
|
||||||
|
|
||||||
|
```
|
||||||
|
touch /usr/local/etc/nginx/netdata.users
|
||||||
|
doveadm pw -s SSHA -p '<password>'
|
||||||
|
```
|
||||||
|
|
||||||
|
* Now restart nginx service and access url `https://your-server/netdata/`
|
||||||
|
(please replace `your-server` by the real domain name).
|
|
@ -4,9 +4,10 @@
|
||||||
|
|
||||||
!!! attention
|
!!! attention
|
||||||
|
|
||||||
This tutorial is tested on CentOS 7, Debian 9, Ubuntu 16.04.
|
* This tutorial is tested on CentOS 7, Debian 9, Ubuntu 16.04.
|
||||||
For FreeBSD, please check this tutorial instead:
|
For FreeBSD, please check this tutorial instead:
|
||||||
[Integrate netdata on FreeBSD](./integration.netdata.freebsd.html).
|
[Integrate netdata on FreeBSD](./integration.netdata.freebsd.html).
|
||||||
|
* netdata is an optional component since iRedMail-0.9.8.
|
||||||
|
|
||||||
## What's netdata
|
## What's netdata
|
||||||
|
|
||||||
|
@ -148,8 +149,6 @@ server {
|
||||||
* On RHEL/CentOS, it's `/etc/php-fpm.d/www.conf`
|
* On RHEL/CentOS, it's `/etc/php-fpm.d/www.conf`
|
||||||
* On Debian, it's `/etc/php5/fpm/pool.d/www.conf`
|
* On Debian, it's `/etc/php5/fpm/pool.d/www.conf`
|
||||||
* On Ubuntu, it's `/etc/php/7.0/fpm/pool.d/www.conf` (note: php version number may be different on your server)
|
* On Ubuntu, it's `/etc/php/7.0/fpm/pool.d/www.conf` (note: php version number may be different on your server)
|
||||||
* On FreeBSD, it's `/usr/local/etc/php-fpm.d/www.conf`
|
|
||||||
* On OpenBSD, it's `/etc/php-fpm.conf`
|
|
||||||
|
|
||||||
```
|
```
|
||||||
pm.status_path = /status
|
pm.status_path = /status
|
||||||
|
@ -161,18 +160,16 @@ pm.status_path = /status
|
||||||
|
|
||||||
We need to enable statistics module in Dovecot.
|
We need to enable statistics module in Dovecot.
|
||||||
|
|
||||||
* Please open Dovecot config file:
|
* Please open Dovecot config file `/etc/dovecot/dovecot.conf`, append plugin
|
||||||
* on Linux and OpenBSD, its `/etc/dovecot/dovecot.conf`.
|
`stats` in global parameter `mail_plugins`, and `imap_stats` for imap protocol:
|
||||||
* on FreeBSD, it's `/usr/local/etc/dovecot/dovecot.conf`.
|
|
||||||
|
|
||||||
* Append plugin `stats` in global parameter `mail_plugins`, and `imap_stats`
|
|
||||||
for imap protocol:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
mail_plugins = ... stats
|
mail_plugins = ... stats
|
||||||
|
|
||||||
protocol imap {
|
protocol imap {
|
||||||
mail_plugins = ... imap_stats
|
mail_plugins = ... imap_stats
|
||||||
|
...
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
* Append settings below in Dovecot config file:
|
* Append settings below in Dovecot config file:
|
||||||
|
@ -261,8 +258,6 @@ socket:
|
||||||
database : 'postgres'
|
database : 'postgres'
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configure Nginx to forward requests to netdata
|
|
||||||
|
|
||||||
## System tuning
|
## System tuning
|
||||||
|
|
||||||
To get better performance, netdata requires few sysctl settings. Please add
|
To get better performance, netdata requires few sysctl settings. Please add
|
||||||
|
@ -292,3 +287,63 @@ Reload systemd daemon:
|
||||||
```
|
```
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Configure Nginx to forward requests to netdata
|
||||||
|
|
||||||
|
* Create Nginx config snippet `/etc/nginx/templates/netdata.tmpl` with
|
||||||
|
content below:
|
||||||
|
|
||||||
|
```
|
||||||
|
# Running netdata as a subfolder to an existing virtual host
|
||||||
|
# FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx
|
||||||
|
|
||||||
|
location = /netdata {
|
||||||
|
return 301 /netdata/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /netdata/(?<ndpath>.*) {
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_pass_request_headers on;
|
||||||
|
proxy_set_header Connection "keep-alive";
|
||||||
|
proxy_store off;
|
||||||
|
proxy_pass http://netdata/$ndpath$is_args$args;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_types *;
|
||||||
|
|
||||||
|
auth_basic "Authentication Required";
|
||||||
|
auth_basic_user_file /etc/nginx/netdata.users;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
* Update default virtual host (https site) config file
|
||||||
|
`/etc/nginx/sites-enabled/00-default-ssl.conf`,
|
||||||
|
include new snippet config file `netdata.tmpl` before the
|
||||||
|
`misc.tmpl` line like below:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
...
|
||||||
|
include /etc/nginx/templates/netdata.tmpl; # <- add this line
|
||||||
|
include /etc/nginx/templates/misc.tmpl;
|
||||||
|
...
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
* Create new file `/etc/nginx/netdata.users` and an account used to access
|
||||||
|
netdata. NOTE: Please replace `<password>` below by a real, strong password.
|
||||||
|
|
||||||
|
```
|
||||||
|
touch /etc/nginx/netdata.users
|
||||||
|
doveadm pw -s SSHA -p '<password>'
|
||||||
|
```
|
||||||
|
|
||||||
|
* Now restart nginx service and access url `https://your-server/netdata/`
|
||||||
|
(please replace `your-server` by the real domain name).
|
||||||
|
|
|
@ -0,0 +1,318 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
<title>Integrate netdata monitor (on FreeBSD server)</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="navigation">
|
||||||
|
<a href="https://www.iredmail.org" target="_blank">
|
||||||
|
<img alt="iRedMail web site"
|
||||||
|
src="./images/logo-iredmail.png"
|
||||||
|
style="vertical-align: middle; height: 30px;"
|
||||||
|
/>
|
||||||
|
<span>iRedMail</span>
|
||||||
|
</a>
|
||||||
|
// <a href="./index.html">Document Index</a></div><h1 id="integrate-netdata-monitor-on-freebsd-server">Integrate netdata monitor (on FreeBSD server)</h1>
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
<li><a href="#integrate-netdata-monitor-on-freebsd-server">Integrate netdata monitor (on FreeBSD server)</a><ul>
|
||||||
|
<li><a href="#whats-netdata">What's netdata</a></li>
|
||||||
|
<li><a href="#install-netdata">Install netdata</a></li>
|
||||||
|
<li><a href="#configure-netdata">Configure netdata</a><ul>
|
||||||
|
<li><a href="#monitor-nginx-and-php-fpm">Monitor Nginx and php-fpm</a></li>
|
||||||
|
<li><a href="#monitor-dovecot">Monitor Dovecot</a></li>
|
||||||
|
<li><a href="#monitor-mysqlmariadb-server">Monitor MySQL/MariaDB server</a></li>
|
||||||
|
<li><a href="#monitor-postgresql-server">Monitor PostgreSQL server</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li><a href="#configure-nginx-to-forward-requests-to-netdata">Configure Nginx to forward requests to netdata</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<div class="admonition attention">
|
||||||
|
<p class="admonition-title">Attention</p>
|
||||||
|
<ul>
|
||||||
|
<li>This tutorial is tested on FreeBSD 11.x. If you need to run netdata on
|
||||||
|
CentOS, Debian, Ubuntu, please check this tutorial instead:
|
||||||
|
<a href="./integration.netdata.linux.html">Integrate netdata on Linux</a>.</li>
|
||||||
|
<li>netdata is an optional component since iRedMail-0.9.8.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<h2 id="whats-netdata">What's netdata</h2>
|
||||||
|
<p>netdata (<a href="http://my-netdata.io">http://my-netdata.io</a>) is a "Simple. Effective. Awesome!" monitor
|
||||||
|
which can monitor almost everyting on your Linux/FreeBSD system. You can visit
|
||||||
|
its website to check online demo.</p>
|
||||||
|
<p>We will show you how to install and configure netdata on iRedMail server
|
||||||
|
(Linux) to monitor mail service related softwares.</p>
|
||||||
|
<h2 id="install-netdata">Install netdata</h2>
|
||||||
|
<pre><code>cd /usr/ports/net-mgmt/netdata
|
||||||
|
make install clean
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="configure-netdata">Configure netdata</h2>
|
||||||
|
<p>Main config file of netdata is <code>/usr/local/etc/netdata/netdata.conf</code>, it
|
||||||
|
contains many parameters with detailed comments. Here's the
|
||||||
|
<a href="https://bitbucket.org/zhb/iredmail/src/default/iRedMail/samples/netdata/netdata.conf">config file</a>
|
||||||
|
used by iRedMail:</p>
|
||||||
|
<ul>
|
||||||
|
<li>It binds to address <code>127.0.0.1</code> and port <code>19999</code> by default. Since it doesn't
|
||||||
|
have ACL control, we will run netdata behind Nginx to get ACL control done in
|
||||||
|
Nginx.</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>[registry]
|
||||||
|
enabled = no
|
||||||
|
|
||||||
|
[global]
|
||||||
|
bind to = 127.0.0.1
|
||||||
|
run as user = netdata
|
||||||
|
default port = 19999
|
||||||
|
update every = 3
|
||||||
|
|
||||||
|
[plugin:proc]
|
||||||
|
# Disable IPVS check since iRedMail doesn't use ipvs by default
|
||||||
|
/proc/net/ip_vs/stats = no
|
||||||
|
|
||||||
|
# inbound packets dropped
|
||||||
|
/proc/net/dev = no
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>netdata ships a lot modular config files to gather information of softwares
|
||||||
|
running on the server, they have very good default settings and most config
|
||||||
|
files don't need your attention at all, including:</p>
|
||||||
|
<ul>
|
||||||
|
<li>System resources (CPU, RAM, disk I/O, etc)</li>
|
||||||
|
<li>Nginx log file monitoring</li>
|
||||||
|
<li>Fail2ban jails</li>
|
||||||
|
<li>Memcached</li>
|
||||||
|
<li>...</li>
|
||||||
|
</ul>
|
||||||
|
<p>But some applications do require extra settings, we will cover them below.</p>
|
||||||
|
<h3 id="monitor-nginx-and-php-fpm">Monitor Nginx and php-fpm</h3>
|
||||||
|
<p>We need to enable <code>stub_status</code> in Nginx to get detailed server info, also
|
||||||
|
update php-fpm config file to enable similar feature.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Create Nginx config snippet <code>/usr/local/etc/nginx/templates/stub_status.tmpl</code> with
|
||||||
|
content below:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>location = /stub_status {
|
||||||
|
stub_status on;
|
||||||
|
access_log off;
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /status {
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_pass php_workers;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
|
||||||
|
access_log off;
|
||||||
|
allow 127.0.0.1;
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Update default virtual host config file <code>/usr/local/etc/nginx/sites-enabled/00-default.conf</code>,
|
||||||
|
include new snippet config file <code>stub_status.tmpl</code> after the
|
||||||
|
<code>redirect_to_https.tmpl</code> line like below:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>server {
|
||||||
|
...
|
||||||
|
include /usr/local/etc/nginx/templates/redirect_to_https.tmpl;
|
||||||
|
include /usr/local/etc/nginx/templates/stub_status.tmpl; # <- add this line
|
||||||
|
...
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Update php-fpm pool config file <code>/usr/local/etc/php-fpm.d/www.conf</code>, enable
|
||||||
|
parameter <code>pm.status_path</code> like below:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>pm.status_path = /status
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Restart both php-fpm and Nginx service.</li>
|
||||||
|
</ul>
|
||||||
|
<h3 id="monitor-dovecot">Monitor Dovecot</h3>
|
||||||
|
<p>We need to enable statistics module in Dovecot.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Please open Dovecot config file <code>/usr/local/etc/dovecot/dovecot.conf</code>,
|
||||||
|
append plugin <code>stats</code> in global parameter <code>mail_plugins</code>, and <code>imap_stats</code>
|
||||||
|
for imap protocol:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>mail_plugins = ... stats
|
||||||
|
|
||||||
|
protocol imap {
|
||||||
|
mail_plugins = ... imap_stats
|
||||||
|
...
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Append settings below in Dovecot config file:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>plugin {
|
||||||
|
# how often to session statistics (must be set)
|
||||||
|
stats_refresh = 30 secs
|
||||||
|
# track per-IMAP command statistics (optional)
|
||||||
|
stats_track_cmds = yes
|
||||||
|
}
|
||||||
|
|
||||||
|
service stats {
|
||||||
|
fifo_listener stats-mail {
|
||||||
|
user = vmail
|
||||||
|
mode = 0644
|
||||||
|
}
|
||||||
|
|
||||||
|
inet_listener {
|
||||||
|
address = 127.0.0.1
|
||||||
|
port = 24242
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Restart Dovecot service.</li>
|
||||||
|
</ul>
|
||||||
|
<h3 id="monitor-mysqlmariadb-server">Monitor MySQL/MariaDB server</h3>
|
||||||
|
<p>netdata requires a SQL user (we use <code>netdata</code> here) with privilege <code>USAGE</code> to
|
||||||
|
gather MySQL server information.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Create the SQL user with a strong password (please replace <code><password></code> in
|
||||||
|
command below by the real (and strong) password).</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># mysql -u root
|
||||||
|
sql> GRANT USAGE ON *.* TO netdata@localhost IDENTIFIED BY '<password>';
|
||||||
|
sql> FLUSH PRIVILEGES;
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>Create file <code>/usr/local/etc/netdata/python.d/mysql.conf</code> with content below.</p>
|
||||||
|
<div class="admonition attention">
|
||||||
|
<p class="admonition-title">Attention</p>
|
||||||
|
<ul>
|
||||||
|
<li>This file already exists, feel free to remove all content in this file
|
||||||
|
and copy content below as its new content.</li>
|
||||||
|
<li>Please replace <code><password></code> below by the real password.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>tcp:
|
||||||
|
name: 'local'
|
||||||
|
host: '127.0.0.1'
|
||||||
|
port: '3306'
|
||||||
|
user: 'netdata'
|
||||||
|
pass: '<password>'
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h3 id="monitor-postgresql-server">Monitor PostgreSQL server</h3>
|
||||||
|
<p>netdata requires a SQL user (we use <code>netdata</code> here) to gather PostgreSQL server
|
||||||
|
information.</p>
|
||||||
|
<ul>
|
||||||
|
<li>Create the SQL user with a strong password (please replace <code><password></code> in
|
||||||
|
command below by the real (and strong) password).</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># su - postgres
|
||||||
|
$ psql
|
||||||
|
sql> CREATE USER netdata WITH ENCRYPTED PASSWORD '<password>' NOSUPERUSER NOCREATEDB NOCREATEROLE;
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>Create file <code>/usr/local/etc/netdata/python.d/mysql.conf</code> with content below.</p>
|
||||||
|
<div class="admonition attention">
|
||||||
|
<p class="admonition-title">Attention</p>
|
||||||
|
<ul>
|
||||||
|
<li>This file already exists, feel free to remove all content in this file
|
||||||
|
and copy content below as its new content.</li>
|
||||||
|
<li>Please replace <code><password></code> below by the real password.</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>socket:
|
||||||
|
name : 'local'
|
||||||
|
user : 'netdata'
|
||||||
|
password : '<password>'
|
||||||
|
database : 'postgres'
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="configure-nginx-to-forward-requests-to-netdata">Configure Nginx to forward requests to netdata</h2>
|
||||||
|
<ul>
|
||||||
|
<li>Create Nginx config snippet <code>/usr/local/etc/nginx/templates/netdata.tmpl</code> with
|
||||||
|
content below:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># Running netdata as a subfolder to an existing virtual host
|
||||||
|
# FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx
|
||||||
|
|
||||||
|
location = /netdata {
|
||||||
|
return 301 /netdata/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /netdata/(?<ndpath>.*) {
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_pass_request_headers on;
|
||||||
|
proxy_set_header Connection "keep-alive";
|
||||||
|
proxy_store off;
|
||||||
|
proxy_pass http://netdata/$ndpath$is_args$args;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_types *;
|
||||||
|
|
||||||
|
auth_basic "Authentication Required";
|
||||||
|
auth_basic_user_file /usr/local/etc/nginx/netdata.users;
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Update default virtual host (https site) config file
|
||||||
|
<code>/usr/local/etc/nginx/sites-enabled/00-default-ssl.conf</code>,
|
||||||
|
include new snippet config file <code>netdata.tmpl</code> before the
|
||||||
|
<code>misc.tmpl</code> line like below:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>server {
|
||||||
|
...
|
||||||
|
include /usr/local/etc/nginx/templates/netdata.tmpl; # <- add this line
|
||||||
|
include /usr/local/etc/nginx/templates/misc.tmpl;
|
||||||
|
...
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Create new file <code>/usr/local/etc/nginx/netdata.users</code> and an account used to access
|
||||||
|
netdata. NOTE: Please replace <code><password></code> below by a real, strong password.</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>touch /usr/local/etc/nginx/netdata.users
|
||||||
|
doveadm pw -s SSHA -p '<password>'
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Now restart nginx service and access url <code>https://your-server/netdata/</code>
|
||||||
|
(please replace <code>your-server</code> by the real domain name).</li>
|
||||||
|
</ul><div class="footer">
|
||||||
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||||
|
</div>
|
||||||
|
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||||||
|
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
||||||
|
<script>
|
||||||
|
window.dataLayer = window.dataLayer || [];
|
||||||
|
function gtag(){dataLayer.push(arguments);}
|
||||||
|
gtag('js', new Date());
|
||||||
|
|
||||||
|
gtag('config', 'UA-3293801-21');
|
||||||
|
</script>
|
||||||
|
</body></html>
|
|
@ -29,17 +29,20 @@
|
||||||
<li><a href="#monitor-postgresql-server">Monitor PostgreSQL server</a></li>
|
<li><a href="#monitor-postgresql-server">Monitor PostgreSQL server</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
<li><a href="#configure-nginx-to-forward-requests-to-netdata">Configure Nginx to forward requests to netdata</a></li>
|
|
||||||
<li><a href="#system-tuning">System tuning</a></li>
|
<li><a href="#system-tuning">System tuning</a></li>
|
||||||
|
<li><a href="#configure-nginx-to-forward-requests-to-netdata">Configure Nginx to forward requests to netdata</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
<div class="admonition attention">
|
<div class="admonition attention">
|
||||||
<p class="admonition-title">Attention</p>
|
<p class="admonition-title">Attention</p>
|
||||||
<p>This tutorial is tested on CentOS 7, Debian 9, Ubuntu 16.04.
|
<ul>
|
||||||
For FreeBSD, please check this tutorial instead:
|
<li>This tutorial is tested on CentOS 7, Debian 9, Ubuntu 16.04.
|
||||||
<a href="./integration.netdata.freebsd.html">Integrate netdata on FreeBSD</a>.</p>
|
For FreeBSD, please check this tutorial instead:
|
||||||
|
<a href="./integration.netdata.freebsd.html">Integrate netdata on FreeBSD</a>.</li>
|
||||||
|
<li>netdata is an optional component since iRedMail-0.9.8.</li>
|
||||||
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
<h2 id="whats-netdata">What's netdata</h2>
|
<h2 id="whats-netdata">What's netdata</h2>
|
||||||
<p>netdata (<a href="http://my-netdata.io">http://my-netdata.io</a>) is a "Simple. Effective. Awesome!" monitor
|
<p>netdata (<a href="http://my-netdata.io">http://my-netdata.io</a>) is a "Simple. Effective. Awesome!" monitor
|
||||||
|
@ -169,8 +172,6 @@ location = /status {
|
||||||
<li>On RHEL/CentOS, it's <code>/etc/php-fpm.d/www.conf</code></li>
|
<li>On RHEL/CentOS, it's <code>/etc/php-fpm.d/www.conf</code></li>
|
||||||
<li>On Debian, it's <code>/etc/php5/fpm/pool.d/www.conf</code></li>
|
<li>On Debian, it's <code>/etc/php5/fpm/pool.d/www.conf</code></li>
|
||||||
<li>On Ubuntu, it's <code>/etc/php/7.0/fpm/pool.d/www.conf</code> (note: php version number may be different on your server)</li>
|
<li>On Ubuntu, it's <code>/etc/php/7.0/fpm/pool.d/www.conf</code> (note: php version number may be different on your server)</li>
|
||||||
<li>On FreeBSD, it's <code>/usr/local/etc/php-fpm.d/www.conf</code></li>
|
|
||||||
<li>On OpenBSD, it's <code>/etc/php-fpm.conf</code></li>
|
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
@ -183,22 +184,15 @@ location = /status {
|
||||||
<h3 id="monitor-dovecot">Monitor Dovecot</h3>
|
<h3 id="monitor-dovecot">Monitor Dovecot</h3>
|
||||||
<p>We need to enable statistics module in Dovecot.</p>
|
<p>We need to enable statistics module in Dovecot.</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>Please open Dovecot config file <code>/etc/dovecot/dovecot.conf</code>, append plugin
|
||||||
<p>Please open Dovecot config file:</p>
|
<code>stats</code> in global parameter <code>mail_plugins</code>, and <code>imap_stats</code> for imap protocol:</li>
|
||||||
<ul>
|
|
||||||
<li>on Linux and OpenBSD, its <code>/etc/dovecot/dovecot.conf</code>.</li>
|
|
||||||
<li>on FreeBSD, it's <code>/usr/local/etc/dovecot/dovecot.conf</code>.</li>
|
|
||||||
</ul>
|
|
||||||
</li>
|
|
||||||
<li>
|
|
||||||
<p>Append plugin <code>stats</code> in global parameter <code>mail_plugins</code>, and <code>imap_stats</code>
|
|
||||||
for imap protocol:</p>
|
|
||||||
</li>
|
|
||||||
</ul>
|
</ul>
|
||||||
<pre><code>mail_plugins = ... stats
|
<pre><code>mail_plugins = ... stats
|
||||||
|
|
||||||
protocol imap {
|
protocol imap {
|
||||||
mail_plugins = ... imap_stats
|
mail_plugins = ... imap_stats
|
||||||
|
...
|
||||||
|
}
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
|
@ -292,7 +286,6 @@ sql> CREATE USER netdata WITH ENCRYPTED PASSWORD '<password>' NOSUPERUS
|
||||||
database : 'postgres'
|
database : 'postgres'
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<h2 id="configure-nginx-to-forward-requests-to-netdata">Configure Nginx to forward requests to netdata</h2>
|
|
||||||
<h2 id="system-tuning">System tuning</h2>
|
<h2 id="system-tuning">System tuning</h2>
|
||||||
<p>To get better performance, netdata requires few sysctl settings. Please add
|
<p>To get better performance, netdata requires few sysctl settings. Please add
|
||||||
lines below in <code>/etc/sysctl.conf</code>:</p>
|
lines below in <code>/etc/sysctl.conf</code>:</p>
|
||||||
|
@ -312,7 +305,68 @@ LimitNOFILE=30000
|
||||||
|
|
||||||
<p>Reload systemd daemon:</p>
|
<p>Reload systemd daemon:</p>
|
||||||
<pre><code>systemctl daemon-reload
|
<pre><code>systemctl daemon-reload
|
||||||
</code></pre><div class="footer">
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="configure-nginx-to-forward-requests-to-netdata">Configure Nginx to forward requests to netdata</h2>
|
||||||
|
<ul>
|
||||||
|
<li>Create Nginx config snippet <code>/etc/nginx/templates/netdata.tmpl</code> with
|
||||||
|
content below:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># Running netdata as a subfolder to an existing virtual host
|
||||||
|
# FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx
|
||||||
|
|
||||||
|
location = /netdata {
|
||||||
|
return 301 /netdata/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /netdata/(?<ndpath>.*) {
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_pass_request_headers on;
|
||||||
|
proxy_set_header Connection "keep-alive";
|
||||||
|
proxy_store off;
|
||||||
|
proxy_pass http://netdata/$ndpath$is_args$args;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_types *;
|
||||||
|
|
||||||
|
auth_basic "Authentication Required";
|
||||||
|
auth_basic_user_file /etc/nginx/netdata.users;
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Update default virtual host (https site) config file
|
||||||
|
<code>/etc/nginx/sites-enabled/00-default-ssl.conf</code>,
|
||||||
|
include new snippet config file <code>netdata.tmpl</code> before the
|
||||||
|
<code>misc.tmpl</code> line like below:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>server {
|
||||||
|
...
|
||||||
|
include /etc/nginx/templates/netdata.tmpl; # <- add this line
|
||||||
|
include /etc/nginx/templates/misc.tmpl;
|
||||||
|
...
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Create new file <code>/etc/nginx/netdata.users</code> and an account used to access
|
||||||
|
netdata. NOTE: Please replace <code><password></code> below by a real, strong password.</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>touch /etc/nginx/netdata.users
|
||||||
|
doveadm pw -s SSHA -p '<password>'
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Now restart nginx service and access url <code>https://your-server/netdata/</code>
|
||||||
|
(please replace <code>your-server</code> by the real domain name).</li>
|
||||||
|
</ul><div class="footer">
|
||||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||||
</div>
|
</div>
|
||||||
<!-- Global site tag (gtag.js) - Google Analytics -->
|
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||||||
|
|
Loading…
Reference in New Issue