Monit's built-in HTTP server offers a variety of authentication methods, but scenarios exist where access to the status web page need to be unauthenticated:
- Where Monit is only accessible on a private network, so that users/helpdesk staff can quickly determine a host's status.
- Where access to Monit's HTTP server is via a URL that already enforces access control based on source IP (e.g. http://www.example.com/admin/monit, and all access to resources under /admin are limited to trusted source IP addresses)
In these circumstances, it may be desirable for Monit to unconditionally render a read-only status page.
This procedure assumes:
- You are using Apache to proxy requests for Monit.
- Apache is on the same host as Monit. If it isn't, you will need to change Monit's configuration to listen on the appropriate IP(s) and allow access from the Apache host.
Configure Monit to allow read-only access to a guest user
set httpd port 2812 and use address localhost allow guest:guest readonly
Ensure Apache has
mod_headers installed and enabled.
Debian and Ubuntu:
# a2enmod headers # apache2ctl restart
Configure Apache to add authentication headers to requests for the Monit URL
Add the following block to your site's Apache configuration, changing the path to suit:
RedirectMatch ^/admin/monit /admin/monit/ ProxyRequests off ProxyPass /admin/monit/ http://127.0.0.1:2812/ ProxyPassReverse /admin/monit/ http://127.0.0.1:2812/ <Location /admin/monit/> RequestHeader set Authorization "Basic Z3Vlc3Q6Z3Vlc3Q=" </Location>
This relies on the fact that HTTP basic authentication always sends the same fixed token for a given username and password.
Reload Apache and access your host on the relevant path, and you should now have read-only guest access.
If your username and password are not "guest" and "guest", then you will need to change the token sent in the "
RequestHeader set" line. See https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side but for most Linux systems, this will generate the right token:
$ echo -n username:password | base64 dXNlcm5hbWU6cGFzc3dvcmQ=