[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [monit] HTTPD on unix/local socket

From: Jan-Henrik Haukeland
Subject: Re: [monit] HTTPD on unix/local socket
Date: Wed, 22 Jul 2009 08:33:27 +0200

1) It is true that each user's Monit instance will need a unique TCP port, but its the same with unix sockets, a unique file is required per instance. 2) Even if a unix socket is used, I still think you would like to use some form of authentication and not solely base access on file permission. 3) The miniscule benefit of using unix sockets in your special use case does not justify the work needed for adding this feature IMHO. Not that it would require a lot of work though and if you would want to give it a stab please do.

On 17. juli. 2009, at 18.45, Matt Goodall wrote:


I've been using monit on a per-user basis for a while now, i.e. giving
each user account a "personal monit" instance. I find it a really nice
setup because it keeps a user's services self-contained and

Monit's HTTPD is basically essential to using monit in daemon mode
(monit status and monit summary don't work without it for instance)
but I find it quite inconvenient for my "personal monit" usecase:

1. Each user's monit needs a unique port
2. You need to configure some sort of authentication
(username/password or SSL) to stop other users accessing it
3. I don't actually use the HTML user interface, I only need the HTTPD
for full stateful operation.

So, I wonder what people think about being able to start the HTTPD on
a unix socket that can only be accessed by the user by default? For
instance, "set httpd unix /path/to/file". Once you're using a unix
socket with restricted privileges points 1 and 2 simply go away,
making it really simple to set up.

Without trying to design the configuration language at this time (in
case this idea gets shot down ;-)) I think you'd need to be able to

* the path to the unix socket
* the ownership  of the file
* the file's permissions

Oh, using a socket might even be a nice way to allow authentication to
be moved to a front-end HTTP server that proxies to the monit HTTP
server. For instance, an nginx server handling the authentication that
then proxies through to a unix: upstream server.

- Matt

reply via email to

[Prev in Thread] Current Thread [Next in Thread]