Ganglia on Nginx

Introduction

As you know, I love Nginx and would prefer to use it over Apache when give the chance. Unfortunately, when installing the package ganglia-webfrontend on Ubuntu, Apache will be automatically installed as a dependency. However, any webserver that supports PHP will work. These instructions will show how to cut over from Apache to Nginx on a server running Ganglia’s web frontend.

Note – I haven’t tested this theory, but if you install Nginx first, then Ganglia, it may not prompt to install Apache, since Nginx meets the webserver requirement.

Install Nginx and PHP

I always use the mainline (i.e., development) version of Nginx. You can read more about why in one of my previous posts.

sudo add-apt-repository ppa:nginx/development
sudo apt-get update && sudo apt-get install nginx php5 php5-fpm php5-gd

Copy certificates (optional)

When installing Ganglia, Apache probably configured SSL certificates automatically. If you’d like to reuse them instead of generating new ones, you can make a new directory and copy the certificates into it.

sudo mkdir -p /etc/nginx/ssl/ganglia
sudo cp -p /etc/apache2/ssl/apache.crt /etc/nginx/ssl/ganglia/ganglia.crt
sudo cp -p /etc/apache2/ssl/apache.key /etc/nginx/ssl/ganglia/ganglia.key

Remove Apache

First, remove Apache. I’m also choosing to purge all configuration files, since I won’t be using them anymore.

sudo apt-get remove --purge apache2 && sudo apt-get autoclean && sudo apt-get autoremove

Next, I’m going to change permission for Nginx to read all the Ganglia web frontend files.

sudo chown -R www-data:www-data /usr/share/ganglia-webfrontend/

Open firewall

If you’re running a firewall, you’ll need to open ports 80 and 443 for Nginx. In my case, I’m using UFW.

sudo ufw allow "Nginx HTTP"
sudo ufw allow "Nginx HTTPS"
sudo ufw reload

Configure Nginx

First, we’ll need to remove the default Nginx configuration files.

sudo rm -rf /var/www/html/
sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default

Next, we’ll need to create new configuration files for Nginx.

sudo touch /etc/nginx/sites-available/ganglia
sudo ln -s /etc/nginx/sites-available/ganglia /etc/nginx/sites-enabled/ganglia

Here, we’ll populate the /etc/nginx/sites-available/ganglia file.

server {
        listen 80;                      #Listen on IPv4
        server_name _;
        return 301 https://$host$request_uri;           #Redirect HTTP to HTTPS
}

server {
        listen 443 ssl http2 default_server;            #Listen on IPv4
        server_name _;

        ssl on;
        ssl_certificate /etc/nginx/ssl/ganglia/ganglia.crt;
        ssl_certificate_key /etc/nginx/ssl/ganglia/ganglia.key;
        ssl_buffer_size 1400;

        #Add perfect forward secrecy and prevent BEAST attacks
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 24h;
        ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";

        #Prevent POODLE attacks
        ssl_protocols TLSv1.1 TLSv1.2;

        root /usr/share/ganglia-webfrontend;            #Set document root
        autoindex off;                                  #Turn off index browsing everywhere
        index index.php index.html;                     #Set indexes to include .php before .html


        location ~* \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_index index.php;
        include fastcgi_params;
        }
}

Test Nginx

Start by rebooting your server (since Apache was removed and Nginx was installed).

sudo reboot

When it’s back up, double check your Nginx config file for errors.

sudo nginx -t

If everything is ok, go to your server’s IP address and you should see the Ganglia page. If not, check the files /var/log/nginx/access.log and /var/log/nginx/error.log for errors.

 

Let me know if this helped you!

Logan

 

1 thought on “Ganglia on Nginx”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.