云网牛站
所在位置:首页 > Linux云服务器 > 使用Letsencrypt和Nginx在CentOS下安装LibreNMS监视工具

使用Letsencrypt和Nginx在CentOS下安装LibreNMS监视工具

2019-02-18 11:08:56作者:曾秀珠稿源:云网牛站

本文介绍使用安全Letsencrypt SSL证书和Nginx的方式在CentOS 7服务器上安装和配置LibreNMS监视工具。

 

简介

LibreNMS是基于社区的GPL许可自动发现网络监控工具,基于PHP、MySQL和SNMP,LibreNMS包括对各种网络硬件和操作系统的支持,包括Juniper、Cisco、Linux、Foundry、FreeBSD、Brocade、HP、Windows等等,它是Observium监控工具的一个分支。

LibreNMS的特点:

具有自动发现功能,它将使用CDP、FDP、LLDP、OSPF、BGP、SNMP和ARP自动发现整个网络。

API访问,LibreNMS提供了一个完整的API来管理,绘制和检索安装中的数据。

自动更新,使用LibreNMS,可以通过新功能和错误修复自动保持最新状态。

可定制的警报,高度灵活的警报系统,通过电子邮件、IRC等通知。

计费系统,根据使用或转移,轻松为网络上的端口生成带宽费用。

Android和iOS应用程序,有一个本机iPhone/Android应用程序可用,它提供核心功能。

多种身份验证方法:MySQL、HTTP、LDAP、Radius、Active Directory。

集成支持NfSen、collectd、SmokePing、RANCID、Oxidized。

 

一、基本配置和安装PHP、Nginx、数据库

1、将SELinux置于许可模式

sudo setenforce 0

要保留更改,请编辑SELinux配置文件

$ sudo vim /etc/selinux/config

SELINUX=permissive

2、将EPEL存储库添加到系统中

sudo yum install epel-release

sudo yum install yum-utils

3、安装所需的依赖项

sudo yum -y install zip unzip git cronie wget fping net-snmp net-snmp-utils ImageMagick jwhois mtr rrdtool MySQL-python nmap  python-memcached

4、安装PHP和Nginx

PHP将从REMI存储库安装,将其添加到系统中,如下所示:

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

禁用默认启用的remi-php54 repo,并为PHP 7.2启用存储库,需要安装PHP 7.3请参考在Ubuntu 18.04或CentOS 7系统上安装PHP 7.3一文:

sudo yum-config-manager --disable remi-php54

sudo yum-config-manager --enable remi-php72

然后最后安装所需的php模块:

sudo yum -y install php php-{cli,mbstring,process,fpm,mysqlnd,zip,snmp,devel,gd,mcrypt,mbstring,curl,xml,pear,bcmath}

5、配置PHP

sudo vim /etc/php-fpm.d/www.conf

设置下面的变量:

user = nginx

group = nginx

listen = /var/run/php-fpm/php-fpm.sock

listen.owner = nginx

listen.group = nginx

listen.mode = 0660

设置PHP时区:

$ sudo vim /etc/php.ini

date.timezone = Asia/Shanghai

6、安装nginx Web服务器

sudo yum install nginx

启动nginx和php-fpm服务:

for i in nginx php-fpm; do

sudo systemctl enable $i

sudo systemctl start $i

done

7、安装和配置数据库

使用以下指南在CentOS 7服务器上安装MariaDB数据库:

在CentOS 7服务器中安装MariaDB 10.4的方法

编辑my.cnf文件并在[mysqld]部分中添加以下行:

$ sudo vim /etc/my.cnf

[mysql]

innodb_file_per_table=1

lower_case_table_names=0

进行更改后重新启动MariaDB服务器:

sudo systemctl enable mariadb

sudo systemctl restart mariadb

安装并运行数据库后,以root用户身份登录:

$ mysql -u root -p

创建数据库和用户:

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_general_ci;

GRANT ALL PRIVILEGES ON librenms.* TO 'librenms_user'@'localhost' IDENTIFIED BY "Password1234!";

FLUSH PRIVILEGES;

EXIT;

 

二、在CentOS 7下安装和配置LibreNMS

1、如果要使用Letsencrypt SSL证书,则需要先请求它,以root用户身份运行以下命令:

wget https://dl.eff.org/certbot-auto -P /usr/local/bin

chmod a+x /usr/local/bin/certbot-auto

如果正在运行firewalld服务,请在防火墙上启用http端口:

sudo firewall-cmd --add-service={http,https} --permanent

sudo firewall-cmd --reload

现在获取要使用的证书:

export DOMAIN='librenms.example.com'

export EMAIL="admin@example.com"

certbot-auto certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring

证书将放在/etc/letsencrypt/live/librenms.example.com/目录下。

2、从Github克隆LibreNMS项目

cd /opt

sudo git clone https://github.com/librenms/librenms.git

sudo chown librenms:librenms -R /opt/librenms

3、安装PHP依赖项

cd /opt/librenms

./scripts/composer_wrapper.php install --no-dev

成功安装应具有类似于以下的输出:

....

Generating autoload files

> LibreNMS\ComposerHelper::postInstall

setfacl -R -m g::rwx rrd/ logs/ storage/ bootstrap/cache/

setfacl -d -m g::rwx rrd/ logs/ storage/ bootstrap/cache/

php artisan key:generate

Application key [base64:/m3TCBxHJ5lFYdsCda+o9oxLTmmH1/3jXjLipmcIp+4=] set successfully.                                                              

> Illuminate\Foundation\ComposerScripts::postInstall

> php artisan optimize

Generating optimized class loader

The compiled services file has been removed.

4、将LibreNMS用户添加到系统

sudo useradd librenms -d /opt/librenms -M -r

sudo usermod -a -G librenms nginx

5、复制并配置SNMP配置模板

sudo cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

sudo vim /etc/snmp/snmpd.conf

通过替换RANDOMSTRINGGOESHERE来设置社区字符串:

com2sec readonly  default       MyInternalNetwork

下载分发版本标识符脚本:

sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro

sudo chmod +x /usr/bin/distro

然后启动并启用snmpd服务:

sudo systemctl enable snmpd

sudo systemctl restart snmpd

完成所有操作后,为LibreNMS创建nginx配置文件。

6、没有SSL的Nginx配置

它位于/etc/nginx/conf.d/librenms.conf下:

server {

listen      80;

server_name librenms.example.com;

root        /opt/librenms/html;

index       index.php;

charset utf-8;

gzip on;

gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

location / {

try_files $uri $uri/ /index.php?$query_string;

}

location /api/v0 {

try_files $uri $uri/ /api_v0.php?$query_string;

}

location ~ \.php {

include fastcgi.conf;

fastcgi_split_path_info ^(.+\.php)(/.+)$;

fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;

}

location ~ /\.ht {

deny all;

}

}

7、使用SSL的Nginx配置

server {

listen 80;

root        /opt/librenms/html;

server_name librenms.example.com;

return 301 https://$server_name$request_uri;

}

server {

listen 443 ssl http2;

server_name librenms.example.com;

root        /opt/librenms/html;

index       index.php;

# Set Logs path

access_log  /var/log/nginx/access.log;

error_log   /var/log/nginx/error.log;

# Configure SSL

ssl_certificate /etc/letsencrypt/live/librenms.example.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/librenms.example.com/privkey.pem;

# Enabling Gzip compression on Nginx

charset utf-8;

gzip on;

gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

location / {

try_files $uri $uri/ /index.php?$query_string;

}

location /api/v0 {

try_files $uri $uri/ /api_v0.php?$query_string;

}

# PHP-FPM handle all .php files requests

location ~ \.php {

include fastcgi.conf;

fastcgi_split_path_info ^(.+\.php)(/.+)$;

fastcgi_pass unix:/run/php-fpm/php7.2-fpm.sock;

}

location ~ /\.ht {

deny all;

}

}

确认nginx syntax:

# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

如果一切看起来都不错,请重启服务:

sudo systemctl restart nginx

8、配置cron作业

sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

9、复制logrotate配置

LibreNMS将日志保存在/opt/librenms/logs中,随着时间的推移,这些可能会变大并被旋转出来。

要旋出旧日志,你可以使用提供的logrotate配置文件:

sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

设置适当的权限:

sudo chown -R librenms:librenms /opt/librenms

setfacl -d -m g::rwx /opt/librenms/logs

sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

10、启动LibreNMS Web安装程序

在Web浏览器上打开http://librenms.example.com/install.php以完成安装:

使用Letsencrypt和Nginx在CentOS下安装LibreNMS监视工具

确认所有预安装检查通过并单击Next Stage继续。

配置先前创建的数据库帐户,它将开始导入数据库模式并填充数据:

使用Letsencrypt和Nginx在CentOS下安装LibreNMS监视工具

然后系统会要求你配置管理员用户帐户:

Username: admin

Password: StrongPassword

接下来是生成配置文件,如果无法创建,你可能必须手动创建文件,文件路径应为/opt/librenms/config.php:

<?php

## Have a look in defaults.inc.php for examples of settings you can set here. DO NOT EDIT defaults.inc.php!

### Database config

$config['db_host'] = 'localhost';

$config['db_port'] = '3306';

$config['db_user'] = 'librenms';

$config['db_pass'] = 'StrongPassword';

$config['db_name'] = 'librenms';

$config['db_socket'] = '';

// This is the user LibreNMS will run as

//Please ensure this user is created and has the correct permissions to your install

$config['user'] = 'librenms';

### Locations - it is recommended to keep the default

#$config['install_dir']  = "/opt/librenms";

### This should *only* be set if you want to *force* a particular hostname/port

### It will prevent the web interface being usable form any other hostname

#$config['base_url']        = "http://librenms.company.com";

### Enable this to use rrdcached. Be sure rrd_dir is within the rrdcached dir

### and that your web server has permission to talk to rrdcached.

#$config['rrdcached']    = "unix:/var/run/rrdcached.sock";

### Default community

$config['snmp']['community'] = array("public");

### Authentication Model

$config['auth_mechanism'] = "mysql"; # default, other options: ldap, http-auth

#$config['http_auth_guest'] = "guest"; # remember to configure this user if you use http-auth

### List of RFC1918 networks to allow scanning-based discovery

#$config['nets'][] = "10.0.0.0/8";

#$config['nets'][] = "172.16.0.0/12";

#$config['nets'][] = "192.168.0.0/16";

# Update configuration

#$config['update_channel'] = 'release';  # uncomment to follow the monthly release channel

#$config['update'] = 0;  # uncomment to completely disable updates

将文件的所有权更改为librenms用户:

sudo chown librenms:librenms /opt/librenms/config.php

单击完成安装按钮(Finish Install)以在CentOS 7系统下完成LibreNMS的安装。

现在就可以转到管理员登录页面了:

使用Letsencrypt和Nginx在CentOS下安装LibreNMS监视工具

至此,LibreNMS安装全部完成。

 

相关主题

在Ubuntu 18.04 Server中安装LEMP的方法[Nginx、MariaDB、PHP7.2]

精选文章
热门文章