ŚSL

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

ŚSL

Anders Yuran

Hi!
First time using a mailing list in many years so I dont know if I do it right.


I have setup monit on our server mainly to monitor apache and restart if it goes down. Everything works except I don't know how to setup ssl. I have added the path to the certificate  and tested the syntax. But it seems that it does not work. 
It say
/etc/monit/monitrc:154: syntax error '{'

line 154 WITH SSL { PEMFILE:  /etc/letsencrypt/live/jv74.se/cert.pem }

hat is it I am doing wrong? I am also not sure which pemfile to use. I have chain.pem, fullchain.pen and cert.pem

All help appreciated


Regards Anders Yuran
Reply | Threaded
Open this post in threaded view
|

Re: SSL

Lutz Mader
Hello Anders Yuran,
add some more lines from the monitrc file please, above/below the line.
And give some information about the used monit version, use "monit -V"
to get this information.

With regards,
Lutz

p.s.
Some details for the setup are available in the wiki, see
https://mmonit.com/monit/documentation/monit.html#SSL-OPTIONS

Reply | Threaded
Open this post in threaded view
|

Re: SSL

Anders Yuran
Hi!
Here it comes

#
set httpd port 2812 and
     use address 173.249.58.247  # only accept connection from localhost
     allow 185.60.237.38       # allow localhost to connect to the server and
     allow admin:monit      # require user 'admin' with password 'monit'
     
  #  WITH SSL { PEMFILE:  /etc/letsencrypt/live/jv74.se/cert.pem }
##

This is Monit version 5.16
Built with ssl, with pam and with large files
Copyright (C) 2001-2016 Tildeslash Ltd. All Rights Reserved.

Den tors 2 juli 2020 kl 08:45 skrev Lutz Mader <[hidden email]>:
Hello Anders Yuran,
add some more lines from the monitrc file please, above/below the line.
And give some information about the used monit version, use "monit -V"
to get this information.

With regards,
Lutz

p.s.
Some details for the setup are available in the wiki, see
https://mmonit.com/monit/documentation/monit.html#SSL-OPTIONS



--
Kind Regards

Anders Yuran

Havouza 15
4607 Pissouri
Cyprus
Reply | Threaded
Open this post in threaded view
|

Re: SSL

Anders Yuran
In reply to this post by Lutz Mader
Hi!
I tested another setup from the manual, but get the same syntax error

/etc/monit/monitrc:156: syntax error '{'

 set httpd
     port 2812
     with ssl {
        pemchain: /etc/letsencrypt/live/jv74.se/chain.pem
        pemkey: /etc/letsencrypt/live/jv74.se /privkey.pem
     }

Den tors 2 juli 2020 kl 08:45 skrev Lutz Mader <[hidden email]>:
Hello Anders Yuran,
add some more lines from the monitrc file please, above/below the line.
And give some information about the used monit version, use "monit -V"
to get this information.

With regards,
Lutz

p.s.
Some details for the setup are available in the wiki, see
https://mmonit.com/monit/documentation/monit.html#SSL-OPTIONS



--
Kind Regards

Anders Yuran

Havouza 15
4607 Pissouri
Cyprus
Reply | Threaded
Open this post in threaded view
|

RE: Re: SSL

Lutz Mader
In reply to this post by Lutz Mader

Hello,

have a look to the man page, the wiki is for monit 5.27.0.

The problem is, monit 5.16 use a different syntax

 

Taken from an old manual:

 

Syntax for TCP port:
SET HTTPD PORT <number> [ADDRESS <hostname | IP-address>]
[SSL <ENABLE | DISABLE>]
[PEMFILE <path>]
[CLIENTPEMFILE <path>]
[ALLOWSELFCERTIFICATION]
[SIGNATURE <ENABLE | DISABLE>]
ALLOW <user:password | IP-address | IP-range>+

 

Any reason to use the old monit 5.16.0?

Try to migrate to monit 5.19.0 at least or to the new monit 5.27.0.

 

With regards,

Lutz

 

p.s.

I append a copy of the old (monit 5.16.0) wiki page.

 

 

-----Ursprüngliche Nachricht-----
Von: "Anders Yuran" [[hidden email]]
Gesendet: Do. 02.07.2020 10:15
An: "This is the general mailing list for monit" [[hidden email]]
Betreff: Re: SSL

Hi!
I tested another setup from the manual, but get the same syntax error
/etc/monit/monitrc:156: syntax error '{'

 set httpd
     port 2812
     with ssl {
        pemchain: /etc/letsencrypt/live/jv74.se/chain.pem
        pemkey: /etc/letsencrypt/live/jv74.se /privkey.pem
     }

Den tors 2 juli 2020 kl 08:45 skrev Lutz Mader <[hidden email]>:
Hello Anders Yuran,
add some more lines from the monitrc file please, above/below the line.
And give some information about the used monit version, use "monit -V"
to get this information.

With regards,
Lutz

p.s.
Some details for the setup are available in the wiki, see
https://mmonit.com/monit/documentation/monit.html#SSL-OPTIONS


--
Kind Regards
Anders Yuran
Havouza 15
4607 Pissouri
Cyprus

-----Ursprüngliche Nachricht Ende-----



Monit 5.16.pdf (475K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Re: SSL

Lutz Mader
In reply to this post by Lutz Mader

Hello,

have a look to the man page from monit 5.16, the wiki is for monit 5.27.0.

The problem is, monit 5.16 use a different syntax

 

Taken from an old manual:

 

Syntax for TCP port:
SET HTTPD PORT <number> [ADDRESS <hostname | IP-address>]
[SSL <ENABLE | DISABLE>]
[PEMFILE <path>]
[CLIENTPEMFILE <path>]
[ALLOWSELFCERTIFICATION]
[SIGNATURE <ENABLE | DISABLE>]
ALLOW <user:password | IP-address | IP-range>+

 

Any reason to use the old monit 5.16?

Try to migrate to monit 5.19.0 at least or to the new monit 5.27.0.

 

With regards,

Lutz


Reply | Threaded
Open this post in threaded view
|

Re: Re: SSL

Anders Yuran
Hi!
I just installed it from the ubuntu repository and thought it was the latest.. I will look for the latest 

And install it.

Regards Anders Yuran

Den tors 2 juli 2020 14:00 <[hidden email]> skrev:

Hello,

have a look to the man page from monit 5.16, the wiki is for monit 5.27.0.

The problem is, monit 5.16 use a different syntax

 

Taken from an old manual:

 

Syntax for TCP port:
SET HTTPD PORT <number> [ADDRESS <hostname | IP-address>]
[SSL <ENABLE | DISABLE>]
[PEMFILE <path>]
[CLIENTPEMFILE <path>]
[ALLOWSELFCERTIFICATION]
[SIGNATURE <ENABLE | DISABLE>]
ALLOW <user:password | IP-address | IP-range>+

 

Any reason to use the old monit 5.16?

Try to migrate to monit 5.19.0 at least or to the new monit 5.27.0.

 

With regards,

Lutz


Reply | Threaded
Open this post in threaded view
|

Re: Re: SSL

Anders Yuran
In reply to this post by Lutz Mader
Hi!
It seems that anything higher than 5.16 is not available for Ubuntu 16.04
I dont know how to install a newer version so I have to live with it

I will test the old syntax

Thanks
Anders

Den tors 2 juli 2020 kl 14:00 skrev <[hidden email]>:

Hello,

have a look to the man page from monit 5.16, the wiki is for monit 5.27.0.

The problem is, monit 5.16 use a different syntax

 

Taken from an old manual:

 

Syntax for TCP port:
SET HTTPD PORT <number> [ADDRESS <hostname | IP-address>]
[SSL <ENABLE | DISABLE>]
[PEMFILE <path>]
[CLIENTPEMFILE <path>]
[ALLOWSELFCERTIFICATION]
[SIGNATURE <ENABLE | DISABLE>]
ALLOW <user:password | IP-address | IP-range>+

 

Any reason to use the old monit 5.16?

Try to migrate to monit 5.19.0 at least or to the new monit 5.27.0.

 

With regards,

Lutz




--
Kind Regards

Anders Yuran

Havouza 15
4607 Pissouri
Cyprus
Reply | Threaded
Open this post in threaded view
|

RE: Re: Re: SSL

Lutz Mader
In reply to this post by Lutz Mader

Hello,

from my point of view Ubuntu 16.04 should support the newest version, monit 5.27.0.

Several old and new monit packages are available on https://bitbucket.org/tildeslash/monit/downloads/

or you get the latest version from https://mmonit.com/monit/

 

These are tar.gz archive files and bind to an more or less up to date openssl.

The additional files and configuration samples bundled with the the monit dep archive are not available, but the configuration files are samples only and you can use these files after some little modifications with a more up to date monit version too.

 

Have a look to monit 5.19.0 to support some old Linux kernels, or monit 5.27.0, the newest version.

 

To get some information how to install a pre-build binary package see https://mmonit.com/wiki/Monit/Installation

 

With regards,

Lutz


Reply | Threaded
Open this post in threaded view
|

Re: Re: Re: SSL

Anders Yuran
Thank you!
I will have a look. The server should be upgraded to Ubuntu 18.04 but I hesitate because we run a very busy eshop on it and I have no guts to risk the move. Anyhow I will have a testmove to another server. If that works we will make the move and the problem is gone

Thanks you very much

Regards Anders Yuran

Den tors 2 juli 2020 15:03 <[hidden email]> skrev:

Hello,

from my point of view Ubuntu 16.04 should support the newest version, monit 5.27.0.

Several old and new monit packages are available on https://bitbucket.org/tildeslash/monit/downloads/

or you get the latest version from https://mmonit.com/monit/

 

These are tar.gz archive files and bind to an more or less up to date openssl.

The additional files and configuration samples bundled with the the monit dep archive are not available, but the configuration files are samples only and you can use these files after some little modifications with a more up to date monit version too.

 

Have a look to monit 5.19.0 to support some old Linux kernels, or monit 5.27.0, the newest version.

 

To get some information how to install a pre-build binary package see https://mmonit.com/wiki/Monit/Installation

 

With regards,

Lutz


Reply | Threaded
Open this post in threaded view
|

RE: Re: Re: Re: SSL

Lutz Mader
In reply to this post by Lutz Mader

Hello,

no problem, with Ubuntu 18.04 you should start with monit 5.27.0.

 

To minimze your work on the old Ubunto 14.04 you can use monit 5.19.0.

The monit 5.19.0 support the old glibc and kernel used on some old systems (like Sles 11) and the configuration changes are minimal or none regarding to monit 5.16.

On the other hand, as long as every thing works well (again), you should stay on monit 5.16.

 

With regards,

Lutz