Configure Monit Reverse Proxy nginx Linux

by
Reddit

nginx-monit-reverse-proxyConfigure your Monit reverse proxy with nginx on Linux for convenient remote access. I'd recommend using a free dynamic DNS service like AfraidDNS (guide for automating), DuckDNS or No-IP so you can access Monit over the internet with an address like htpcguides.crabdance.com instead of your dynamic IP. After completing this Monit reverse proxy tutorial you will be able to access Monit using your custom DNS address instead of http://IP:2812. This Monit reverse proxy how-to was tested on Debian and Ubuntu but the nginx virtual host should work on any Linux system (CentOS, Red Hat, Fedora, Arch etc). I will assume you followed the install Monit guide.

Pi Unit
Processor
RAM
RAM Bus
Network
WiFi
USB
SATA
Cost
Raspberry Pi 3
1.2 GHz ARMv8
Quad Core
1 GB DDR2
450 MHz
100 Mbit
Yes
4
No
$35
Raspberry Pi 2
900 MHz ARMv7
Quad Core
1 GB DDR2
450 MHz
100 Mbit
No
4
No
$35.00
Raspberry Pi
700 MHz ARMv6
Single Core
512 MB SDRAM
400 MHz
100 Mbit
No
4
No
$25
Banana Pi
1 GHz ARMv7
Dual Core
1 GB DDR3
432 MHz
Gigabit
No
2
Yes
$36.99
Banana Pi Pro
1 GHz ARMv7
Dual Core
1 GB DDR3
432 MHz
Gigabit
Yes
2
Yes
$45.00

Configure Monit Reverse Proxy nginx Linux

Note: consider using https for your nginx reverse proxy (guide) and disabling https on Monit itself. This will let nginx handle the https instead.

Update your repositories and install nginx

sudo apt-get update
sudo apt-get install nginx -y

Disable the existing default nginx virtual host

unlink /etc/nginx/sites-enabled/default

Now create a new nginx erevser proxy virtual host if you don't already have one

sudo nano /etc/nginx/sites-available/reverse

Add this code which assumes you are have Monit running on the same device so we point to the loopback address 127.0.0.1.

Replace htpcguides.crabdance.com with your own dynamic DNS address (or remove it if you aren't using dynamic DNS).

Replace the IP address with your device's IP address

If you are not using https for monit (not necessary if you are using nginx for SSL certificates) change https to http.

If you already have a reverse proxy virtual host then you only need to add the blue section before the last curly bracket ‘}'

server {
listen 80;
server_name htpcguides.crabdance.com 192.168.40.105;

location /monit/ {
       rewrite ^/monit/(.*) /$1 break;
       proxy_ignore_client_abort on;
       proxy_pass   https://127.0.0.1:2812;
       proxy_set_header Host $host;
  }
}

Ctrl+X, Y and Enter to save the virtual host file

Enable the nginx virtual host file by symlinking it to the sites-enabled folder

ln -s /etc/nginx/sites-available/reverse /etc/nginx/sites-enabled/reverse

Test your nginx configuration

sudo nginx -t

If it's all good then restart nginx

sudo service nginx restart

Now you can access Monit at http://ip.address/monit

You can consider using basic HTTP authorization through nginx instead of Monit now and enable brute force protection using this guide which includes both basic authorization and brute force protection using fail2ban.