Install Latest Monit on Ubuntu 16.04 and Later

Linux systems make solid web servers for hosting WordPress sites. Like all servers, for one reason or another services can be unstable or crash. Monit can help monitor your web server to ensure all of its essential processes are running. It will send you email alerts if load becomes excessively high usually meaning a process has gone amok or you are under attack.

An array of Monit configurations for monitoring your WordPress server will be posted to make sure everything is running as smoothly as possible and all your services are running.

Install Latest Monit on Ubuntu 16.04 and Later

Installation overview

  • Create an SSL Certificate for the Monit web interface
  • Install the latest Monit
  • Enable a basic Monit configuration

Secure Monit with SSL Certificate

We want Monit to be secure so first we are going to generate an SSL certificate for the Monit web interface.

Install OpenSSL

sudo apt install openssl -y

Create the SSL certs folder

sudo mkdir -p /var/certs

Generate an SSL key, you can enter the information it prompts for if you want but you can also just leave it blank.

sudo openssl req -new -x509 -days 365 -nodes -out /var/certs/monit.pem -keyout /var/certs/monit.pem

Modify the permissions of the SSL certificate to prevent this error

monit: The SSL server PEM file '/var/certs/monit.pem' must have permissions no more than -rwx------ (0700); right now permissions are -rw-r--r-- (0644).
/etc/monit/monitrc:124: Error: SSL server PEM file permissions check failed 'allow'

This command changes the permissions of the Monit ssl certificate

sudo chmod 0700 /var/certs/monit.pem

Install Latest Monit on Ubuntu

Install Monit from the Ubuntu repository

sudo apt install monit -y

Check your Monit version

sudo monit -V

If you get this version information then you have a somewhat current version of Monit.

Verify the latest Monit version here.

This is Monit version 5.18
Built with ssl, with pam and with large files
Copyright (C) 2001-2016 Tildeslash Ltd. All Rights Reserved.

If you don’t get any version information you can install the latest Monit now.

Stop the Monit service first since we are going to overwrite the old Monit binary with a new one.

Install html2text to easily parse the Monit download URL.

sudo service monit stop
sudo apt install monit html2text -y

Check your CPU architecture since it determines which Monit binary you will use.

uname -m

If you see x86_64 you don’t have to change anything below.

If you see i686 you need the 32 bit version i.e. change -linux-x64.tar.gz to -linux-x86.tar.gz

MONITVER=$(wget -q https://mmonit.com/monit/dist/binary/ -O - | html2text | grep DIR | tail -n 1 | tr -d / | awk '{print $2}')
cd /tmp
wget https://mmonit.com/monit/dist/binary/$MONITVER/monit-$MONITVER-linux-x64.tar.gz
tar -xf monit-*
cd monit-*
sudo cp bin/monit /usr/bin/monit
sudo ln -s /etc/monit/monitrc /etc/monitrc

Now restart the Monit Service

sudo service monit restart

Basic Monit Configuration

Back up the original Monit configuration

sudo mv /etc/monit/monitrc /etc/monit/monitrc.bak

Create a new Monit configuration

sudo nano /etc/monit/monitrc

Paste this Monit configuration as a starting point.

The Mail settings configuration below can be uncommented (by removing # starting from set mail-format line) and used  for sending Monit alerts through gmail. If you use Mailgun then follow this guide for configuring Monit email alerts with Mailgun

The http section sets the username and password for the Monit web interface, we also specify the SSL certificate generated earlier.

If you use Dynamic DNS for security then uncomment that line by deleting the # symbol and setting your Dynamic DNS address.

Finally the last line allows a nice modular structure for the individual Monit configurations for monitoring each service.

  set daemon 60 #check services every 60 seconds
  set logfile /var/log/monit.log
  set idfile /var/lib/monit/id
  set statefile /var/lib/monit/state

#Event queue
  set eventqueue
      basedir /var/lib/monit/events # set the base directory where events will be stored
      slots 100                     # optionally limit the queue size

#Mail settings
# set mail-format {
#     from: monit@$HOST
#  subject: monit alert --  $EVENT $SERVICE
#  message: $EVENT Service $SERVICE
#                Date:        $DATE
#                Action:      $ACTION
#                Host:        $HOST
#                Description: $DESCRIPTION
#
#           Your faithful employee,
#           Monit } 
#  set mailserver smtp.gmail.com port 587 
#     username "wp" password "bullet"
#  using TLSV1 with timeout 30 seconds
#  set alert webmaster@wp-bullet.com #email address which will receive monit alerts

#http settings
 set httpd port 2812 address 0.0.0.0  # allow port 2812 connections on all network adapters
    ssl enable
    pemfile  /var/certs/monit.pem
    allow 0.0.0.0/0.0.0.0 # allow all IPs, can use local subnet too
#    allow wp-bullet.crabdance.com        # allow dynamicdns address to connect
    allow wp:"bullet"      # require user wp with password bullet

#allow modular structure
    include /etc/monit/conf.d/*
    include /etc/monit/conf-enabled/*

Ctrl+X, Y and Enter to save

Modify permissions of the new monit configuration to avoid this error

The control file '/etc/monit/monitrc' must have permissions no more than -rwx------ (0700); right now permissions are -rw-r--r-- (0644).

Fix the permissions of the Monit configuration file

sudo chmod 0700 /etc/monit/monitrc

Test monit syntax is correct for the configuration file

sudo monit -t

You should see the OK below, if you don’t it’s ok, it can happen on older Ubuntu distros.

Control file syntax OK

Then restart Monit

sudo service monit restart

Now open a browser and go to your local ip with https not http: https://ip.address:2812 and enter your log in credentials (in the example wp with password bullet) to make sure the base install of Monit is working.

Sources

HTPC Guides Monit Installation
Monit Binary Installation
EasyEngine Monit Installation

4 thoughts on “Install Latest Monit on Ubuntu 16.04 and Later”

  1. Thanks for this guide. It’s worth adding that some browsers will require a security exception because the monit cert is self-signed.

    One issue I’m having with this guide: Monit (5.20.0 in this case) starts no problem but when I try a command such as restarting a service, I get: Invalid CSRF Token. Apparently this is a known issue that should be fixed in the next version: https://bitbucket.org/tildeslash/monit/issues/535/invalid-csrf-token

    For now, I’ve gone back to good ol’ HTTP.

Comments are closed.