librenms

Installing LibreNMS with NGinx

published on

LibreNMS can be used to monitor your network and discover what devices and services you have made available. It has a number of features including Android and iPhone apps if required.

To install it on your system follow the below instructions.

Install NGinx and dependencies

Run the foillowing two commands to install NGinx and all of the dependencies that LibreNMS needs to operate:

sudo apt update
sudo apt install acl curl fping git graphviz imagemagick mtr-tiny nginx-full nmap rrdtool snmp snmpd whois unzip python3-pymysql python3-dotenv python3-redis python3-setuptools python3-systemd python3-pip

Confgure NGinx

Remove the existing nginx.conf file and create a new one by executing sudo rm /etc/nginx/nginx.conf and sudo nano /etc/nginx/nginx.conf and add the below content:

user www-data;
worker_processes auto;
worker_rlimit_core 120540;
worker_rlimit_nofile 120540;
pid /var/run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections  4000;
    use epoll;
    multi_accept on;
}

http {
  server_tokens off;

  sendfile        on;
  tcp_nopush      on;
  tcp_nodelay     on;

  reset_timedout_connection on;
  send_timeout 2;
  keepalive_timeout 30;
  keepalive_requests 100000;

  client_header_timeout 30;
  client_body_timeout 10;
  client_body_buffer_size 16K;
  client_max_body_size 100m;

  open_file_cache max=200000 inactive=20s; 
  open_file_cache_valid 30s; 
  open_file_cache_min_uses 2; 
  open_file_cache_errors on; 

  include       mime.types;
  default_type  application/octet-stream;

  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_buffer_size 4k;
  ssl_session_tickets off;
  ssl_session_timeout 1h;
  ssl_session_cache shared:SSL:50m;
  ssl_ecdh_curve X25519:prime256v1:secp384r1;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';

  charset utf-8;
  charset_types
    text/css
    text/plain
    text/vnd.wap.wml
    text/javascript
    text/markdown
    text/calendar
    text/x-component
    text/vcard
    text/cache-manifest
    text/vtt
    application/json
    application/manifest+json;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
     '$status $body_bytes_sent "$http_referer" '
     '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log combined;
    error_log /var/log/nginx/error.log warn;

    gzip            on;
    gzip_vary       on;
    gzip_proxied    expired no-cache no-store private auth;;
    gzip_comp_level 1;
    gzip_buffers    16 8k;
    gzip_min_length 10240;
    gzip_http_version 1.1;
    gzip_types
      application/atom+xml
      application/geo+json
      application/javascript
      application/x-javascript
      application/json
      application/ld+json
      application/manifest+json
      application/rdf+xml
      application/rss+xml
      application/vnd.ms-fontobject
      application/wasm
      application/x-web-app-manifest+json
      application/xhtml+xml
      application/xml
      font/eot
      font/opentype
      font/otf
      font/ttf
      image/bmp
      image/x-icon
      image/svg+xml
      text/cache-manifest
      text/calendar
      text/css
      text/javascript
      text/markdown
      text/plain
      text/xml
      text/vcard
      text/vnd.rim.location.xloc
      text/vtt
      text/x-component
      text/x-cross-domain-policy;
    gzip_disable    "MSIE [1-6]\.";

    # aio on;
    directio 4m;
    directio_alignment 512;

include ./sites/*;

}

Once you have done this execute the following commands:

sudo mkdir /etc/nginx/sites
sudo echo 'fastcgi_param HTTP_PROXY "";' | sudo tee -a /etc/nginx/fastcgi.conf
sudo echo 'fastcgi_param HTTP_PROXY "";' | sudo tee -a /etc/nginx/fastcgi_params
cp /etc/nginx/sites-available/default /etc/nginx/sites/default.conf
sudo systemctl restart nginx

Now install PHP

The below instructions will install PHP 8.2 but you can easily choose whichever version you like by modifying the first command below:

phpver=8.2
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update
sudo apt install php$phpver-{common,cli,bz2,zip,curl,intl,mysql,snmp,memcached,imagick,gd,imap,ldap,soap,tidy,xml,gmp,pspell,mbstring,opcache,fpm,ssh2,imap,redis,apcu,mcrypt} -y
sudo apt install ghostscript imagemagick -y

Next, configure PHP

Run the following block of instructions to make some changes to your PHP configuration files:

sudo cp /etc/php/$phpver/fpm/pool.d/www.conf /etc/php/$phpver/fpm/pool.d/librenms.conf
sudo sed -i -e '/^\[www]/s/^.*$/[librenms]/' /etc/php/$phpver/fpm/pool.d/librenms.conf
sudo sed -i -e '/^\(;\|\)user = www-data/s/^.*$/user = librenms/' /etc/php/$phpver/fpm/pool.d/librenms.conf
sudo sed -i -e '/^\(;\|\)group = www-data/s/^.*$/group = librenms/' /etc/php/$phpver/fpm/pool.d/librenms.conf
sudo sed -i -e '/^\(;\|\)listen.mode = 0660/s/^.*$/listen.mode = 0660/' /etc/php/$phpver/fpm/pool.d/librenms.conf
sudo sed -i -e "/^\(;\|\)listen =/s/^.*$/listen = \/run\/php-fpm-librenms.sock/" /etc/php/$phpver/fpm/pool.d/librenms.conf
sudo sed -i -e '/^\(;\|\)output_buffering = 4096/s/^.*$/output_buffering = Off/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)zlib.output_compression = Off/s/^.*$/zlib.output_compression = On/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)zlib.output_compression_level = -1/s/^.*$/zlib.output_compression_level = 5/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)expose_php =/s/^.*$/expose_php = Off/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)max_execution_time =/s/^.*$/max_execution_time = 60/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)max_input_time =/s/^.*$/max_input_time = 60/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)max_input_vars =/s/^.*$/max_input_vars = 1000/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)memory_limit =/s/^.*$/memory_limit = 512M/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)post_max_size =/s/^.*$/post_max_size = 8M/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)upload_max_filesize =/s/^.*$/upload_max_filesize = 4M/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)allow_url_fopen =/s/^.*$/allow_url_fopen = Off/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)date.timezone =/s/^.*$/date.timezone = Europe\/London/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)date.timezone =/s/^.*$/date.timezone = Europe\/London/' /etc/php/$phpver/cli/php.ini
sudo sed -i -e '/^\(;\|\)opcache.enable=/s/^.*$/opcache.enable=1/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)opcache.memory_consumption=/s/^.*$/opcache.memory_consumption=128/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)opcache.max_accelerated_files=/s/^.*$/opcache.max_accelerated_files=10000/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)opcache.revalidate_freq=/s/^.*$/opcache.revalidate_freq=2/' /etc/php/$phpver/fpm/php.ini
sudo sed -i -e '/^\(;\|\)opcache.save_comments=/s/^.*$/opcache.save_comments=1/' /etc/php/$phpver/fpm/php.ini
sudo systemctl restart php$phpver-fpm

Now install MariaDB and setup the database

MariaDB can be installed by running the following commands:

sudo apt install mariadb-server mariadb-client -y
sudo mysql_secure_installation
sudo sed -i -e '/^\(;\|\)bind-address            = 127.0.0.1/s/^.*$/bind-address            = 127.0.0.1\nlocal_infile = 0\ninnodb_file_per_table=1\nlower_case_table_names=0/' /etc/mysql/mariadb.conf.d/50-server.cnf
sudo systemctl enable mariadb
sudo systemctl restart mariadb

The database can by set up by executing sudo mysql -u root and entering the following commands on the mySQL command line:

CREATE DATABASE librenms CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
exit

Make sure to replace password above with a secure password!

Add the LibreNMS user

sudo useradd librenms -d /opt/librenms -M -r -s "$(which bash)"
sudo usermod -a -G librenms www-data

Download and install LibreNMS

The following commands will download and install LibreNMS for you:

cd /opt
sudo git clone https://github.com/librenms/librenms.git
sudo chown -R librenms:librenms /opt/librenms
sudo chmod 771 /opt/librenms
sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
sudo su - librenms
cd /opt/librenms
./scripts/composer_wrapper.php install --no-dev
exit

Now create an NGinx server block

The one shown below is a simple block to get LibreNMS working. Feel free to adapt it to your own needs. You will obviously replace [domain] with your own domain name. Create the file by running sudo nano /etc/nginx/sites/librenms.conf and adding the following:

server {
 listen      80;
 server_name [domain];
 root        /opt/librenms/html;
 index       index.php;
  sudo 

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 location / {
  try_files $uri $uri/ /index.php?$query_string;
 }
 location ~ [^/]\.php(/|$) {
  fastcgi_pass unix:/run/php-fpm-librenms.sock;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  include /etc/nginx/fastcgi.conf;
 }
 location ~ /\.(?!well-known).* {
  deny all;
 }
}

Now restart NGinx and PHP:

sudo systemctl restart nginx
sudo systemctl restart php$phpver-fpm

Download Certbot and get a TLS certificate for your site

Certbot can be installed with:

sudo apt-get install snapd
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

and set up with:

sudo certbot --nginx

Enable command completion if you want it

This can be done by running the following two commands:

sudo ln -s /opt/librenms/lnms /usr/bin/lnms
sudo cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

Configure snmpd

SNMP is designed to monitor network devices. To configure it to work with LibreNMS run the following commands:

sudo cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
sudo nano /etc/snmp/snmpd.conf
    change RANDOMSTRINGGOESHERE to your own string
sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
sudo chmod +x /usr/bin/distro
sudo systemctl enable snmpd
sudo systemctl restart snmpd

Add a CRON job and enable the scheduler

This allows LIbreNMS to regularly run tasks.

sudo cp /opt/librenms/dist/librenms.cron /etc/cron.d/librenms
sudo cp /opt/librenms/dist/librenms-scheduler.service /opt/librenms/dist/librenms-scheduler.timer /etc/systemd/system/
sudo systemctl enable librenms-scheduler.timer
sudo systemctl start librenms-scheduler.timer

Configure logrotate

sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Finish installing

Visit the site in your browser to finish setting up LibreNMS. Make sure to use the same details as used above when setting up your database.

When LibreNMS has finished installing don't choose to validate until you have first added localhost.

Adding localhost to your new LibreNMS system

Log in to your new LibreNMS system if you aren't already logged in. Select Devices then Add device. Now enter the hostname as localhost, the SNMP port as 161 and Community as the same string you entered in the snmp.conf file configured above.

Conclusion

You have now finished installing LibreNMS. You should now read the online documentation at https://docs.librenms.org/ to find out how to set up, discover and monitor all of your network devices.