How to Install and Monitor services using Netdata Monitoring Tool on Rocky Linux 8

Netdata is an open-source monitoring system for Linux-based operating systems. It provides real-time performance and monitoring using beautiful and detailed dashboards. It offers hundreds of tools to monitor servers, CPU, memory usage, system processes, disk usage, IPv4 and IPv6 networks, system firewall, and applications like Nginx, MySQL, MongoDB, Redis, ElasticSearch, PostgreSQL, PHP-FPM, etc. It integrates with other monitoring tools such as Prometheus, Graphite, Kafka, Grafana, and more.

In this tutorial, you will learn to install and monitor various services using Netdata Tool on a Rocky Linux 8 server. We will use Netdata to track the metrics of a LEMP stack and Docker engine.

Prerequisites

  • A server running Rocky Linux 8.
  • A non-root user with sudo privileges.
  • A Fully Qualified Domain Name (FQDN) like netdata.example.com pointing to your server.
  • A Slack account and workspace for receiving notifications.
  • An SMTP account with an email service like Amazon SES or Mailgun.
  • Disable SELinux.

Step 1 - Configure Firewall

The first step is to configure the firewall. Rocky Linux uses Firewalld Firewall. Check the firewall's status.

$ sudo firewall-cmd --state
running

The firewall works with different zones, and the public zone is the default one that we will use. List all the services and ports active on the firewall.

$ sudo firewall-cmd --permanent --list-services

It should show the following output.

cockpit dhcpv6-client ssh

Allow HTTP and HTTPS ports.

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https

Recheck the status of the firewall.

$ sudo firewall-cmd --permanent --list-services

You should see a similar output.

cockpit dhcpv6-client http https ssh

Reload the firewall to enable the changes.

$ sudo firewall-cmd --reload

Step 2 - Install NetData

Netdata comes with an installer script that can work on any Linux distribution. Run the following command to download and run the installer script.

$ bash <(curl -Ss https://my-netdata.io/kickstart.sh)

You will be asked for your sudo password for enabling sudo privileges. Enter Y to confirm adding the Netdata repository and installing it on your server.

Netdata installer automatically enables and starts the service. Check the status of the service.

$ sudo systemctl status netdata
? netdata.service - Real time performance monitoring
   Loaded: loaded (/usr/lib/systemd/system/netdata.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-04-11 12:09:12 UTC; 13s ago
 Main PID: 19443 (netdata)
    Tasks: 32 (limit: 11412)
   Memory: 52.0M
   CGroup: /system.slice/netdata.service
           ??19443 /usr/sbin/netdata -P /var/run/netdata/netdata.pid -D
           ??19448 /usr/sbin/netdata --special-spawn-server
           ??19937 /usr/libexec/netdata/plugins.d/apps.plugin 1
           ??19944 /usr/libexec/netdata/plugins.d/go.d.plugin 1

Apr 11 12:09:12 netdata systemd[1]: Started Real time performance monitoring.
.......

If your service is not started or enabled, you can do so using the following command.

$ sudo systemctl enable netdata --now

Run the following command to check the open ports and the process using them.

$ sudo ss -plnt

You should get a similar output. Netdata uses port 19999 for its dashboard, seen in the output below. Netdata uses port 8125 to receive statistics from other applications.

State            Recv-Q           Send-Q                     Local Address:Port                      Peer Address:Port           Process
LISTEN           0                128                            127.0.0.1:8125                           0.0.0.0:*               users:(("netdata",pid=22496,fd=29))
LISTEN           0                128                              0.0.0.0:19999                          0.0.0.0:*               users:(("netdata",pid=22496,fd=6))
......
LISTEN           0                128                                [::1]:8125                              [::]:*               users:(("netdata",pid=22496,fd=28))
LISTEN           0                128                                 [::]:19999                             [::]:*               users:(("netdata",pid=22496,fd=7))

Step 3 - Install SSL

To install an SSL certificate using Let's Encrypt, we need to install the Certbot tool.

Firstly, you need to download and install the EPEL repository.

$ sudo dnf install epel-release

Run the following commands to install Certbot.

$ sudo dnf install certbot

Generate the SSL certificate.

$ sudo certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d netdata.example.com

The above command will download a certificate to the /etc/letsencrypt/live/netdata.example.com directory on your server.

Generate a Diffie-Hellman group certificate.

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Create a challenge web root directory for Let's Encrypt auto-renewal.

$ sudo mkdir -p /var/lib/letsencrypt

Create a Cron Job to renew the SSL. It will run every day to check the certificate and renew it if needed. For that, first, create the file /etc/cron.daily/certbot-renew and open it for editing.

$ sudo nano /etc/cron.daily/certbot-renew

Paste the following code.

#!/bin/sh
certbot renew --cert-name netdata.example.com --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"

Save the file by pressing Ctrl + X and entering Y when prompted.

Change the permissions on the task file to make it executable.

$ sudo chmod +x /etc/cron.daily/certbot-renew

Step 4 - Install and Configure Nginx

We will be installing the latest version of Nginx. Create and open the file /etc/yum.repos.d/nginx.repo for editing.

$ sudo nano /etc/yum.repos.d/nginx.repo

Paste the following lines in it.

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

Save the file by pressing Ctrl + X and entering Y when prompted.

Install Nginx and HTTPD tools.

$ sudo dnf install nginx httpd-tools

Verify the installation.

$ nginx -v
nginx version: nginx/1.20.2

Enable and start the Nginx service.

$ sudo systemctl enable nginx --now

Create and open the file /etc/nginx/conf.d/netdata.conf for editing.

$ sudo nano /etc/nginx/conf.d/netdata.conf

Paste the following code in it.

# Define netdata upstream
upstream netdata {
    server 127.0.0.1:19999;
    keepalive 64;
}

# Redirect all non-encrypted to encrypted
server {
    listen 80;
    listen [::]:80;
    server_name netdata.example.com;
    return 301 https://netdata.example.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    server_name netdata.example.com;

    ssl_certificate     /etc/letsencrypt/live/netdata.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/netdata.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/netdata.example.com/chain.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;
    ssl_prefer_server_ciphers off;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844] valid=60s;
    resolver_timeout 2s;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

    access_log /var/log/nginx/netdata.example.com.access.log main;
    error_log  /var/log/nginx/netdata.example.com.error.log;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
    	proxy_pass http://netdata;
    	proxy_http_version 1.1;
        proxy_pass_request_headers on;
        proxy_set_header Connection "keep-alive";
        proxy_store off;
        auth_basic "NetData Private Area";
	    auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Once finished, save the file by pressing Ctrl + X and entering Y when prompted.

Open the file /etc/nginx/nginx.conf for editing.

$ sudo nano /etc/nginx/nginx.conf

Add the following line before the line include /etc/nginx/conf.d/*.conf;.

server_names_hash_bucket_size  64;

Save the file by pressing Ctrl + X and entering Y when prompted.

Run the following command to generate a password file to enable HTTP authentication.

$ sudo htpasswd -c /etc/nginx/.htpasswd netadmin
New password: 
Re-type new password: 
Adding password for user netadmin

Verify the Nginx configuration file syntax.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the Nginx service to enable the new configuration.

$ sudo systemctl restart nginx

Step 5 - Access and Use Netdata Dashboard

You should be able to access Netdata via the URL https://netdata.example.com. The first time you access it, you will be prompted for your HTTP authentication details.

Netdata HTTP Authentication

You will get the following dashboard.

Netdata First Time Dashboard

Check the box Remember my choice and click the button Later, stay at the agent dashboard to dismiss the popup.

You can pause, stop and start the monitoring anytime using the Play button on the dashboard.

Netdata Play/Pause Button

You can access various dashboards by clicking on the options from the right sidebar. Click the UTC button and select the correct timezone to change it.

Netdata Timezone Change

Step 6 - Configure NetData

Netdata stores its main configuration in the /etc/netdata/netdata.conf file. You can view these settings by visiting the URL https://netdata.example.com/netdata.conf in your browser.

Netdata Configuration File in Browser

The file is divided into various sections, such as [global], [web], [registry], and more. The default configuration is enough to get us started. Netdata collects data using two types of plugins:

  1. internal plugins are written in C language and run as threads inside the netdata daemon.
  2. external plugins are written in various languages, including Python, Go, etc. and are spawned as long-running independent processes by the netdata daemon. They communicate with the Netdata daemon using pipes.

Configure NetData Memory Usage

NetData's RAM usage is decided based on the time you want to keep the recorded chart data before it gets lost.

  • 3600 seconds or 1 hour of chart data retention uses 15 MB of RAM.
  • 7200 seconds or 2 hours of chart data retention uses 30 MB of RAM.
  • 14400 seconds or 4 hours of chart data retention uses 60 MB of RAM.

Every time you double the chart data retention time, the RAM requirement also doubles. These RAM requirements are based on the number of charts in use by the stock dashboard. Adding more charts and applications will change these estimates.

Open the Netdata configuration file.

$ sudo nano /etc/netdata/netdata.conf

Enter the line history = 14400 under the [global] section.

[global]
..
        history = 14400
..

Save the file by pressing Ctrl + X and entering Y when prompted.

Turn off Telemetry

By default, Netdata collects anonymous usage information using a product analytics platform, Posthog. Every time the Netdata daemon is started or stopped, Netdata uses the anonymous statistics script to collect the following system information and send it to itself.

  • Netdata version
  • OS name, version, id, id_like
  • Kernel name, version, architecture
  • Virtualization technology
  • Containerization technology
  • Additional information about Netdata client failures.

Fortunately, you can opt-out of this. Create an empty file called .opt-out-from-anonymous-statistics in the Netdata directory.

$ sudo touch /etc/netdata/.opt-out-from-anonymous-statistics

Restart Netdata to enable the change.

$ sudo systemctl restart netdata

Long term storage

Netdata uses your system's RAM and disk to store historical data by default. The default Netdata process collects around 2000 metrics per second, which means the default configuration will store about two days' worth of metrics on the RAM and disk.

To store more metrics, you have the following two options:

  1. Configure Netdata to use more RAM and disk space
  2. Archive the metrics to an external database

We will only discuss the first option in this tutorial. For the second option, you should refer to Netdata's official documentation.

Configure Netdata to use more RAM and disk space

Open the file /etc/netdata/netdata.conf for editing.

$ sudo nano /etc/netdata/netdata.conf

Paste the following lines under the [global] section.

[global]
...
    memory mode = dbengine
    page cache size = 32
    dbengine disk space = 256

Save the file by pressing Ctrl + X and entering Y when prompted.

The page cache size determines the amount of RAM used, and the dbengine disk space determines the disk usage. By default, Netdata uses 32 MB of RAM and 256 MB of disk space. You can uncomment these values and change either of the two values to your liking.

You can use Netdata's Storage Metric calculator to decide how much RAM and disk space you need.

Reduce Collection Frequency

You can optimize Netdata's performance by increasing the time between metrics collection. By default, Netdata collects metrics every second.

To change that, open the Netdata configuration file for editing.

$ sudo nano /etc/netdata/netdata.conf

Enter the following line under the [global] section. This increases the frequency to 5 seconds.

[global]
...
    update every = 5

Save the file by pressing Ctrl + X and entering Y when prompted.

Step 7 - Configure Slack Notifications

The first step is to create a Slack application and connect it to a specific channel in your workspace to configure Slack Notifications.

Visit the Slack API page and click on the Create App button to start creating an application.

Slack API apps

Click on From Scratch link to create the app.

Slack Create App Popup

Select a name for your app and choose the workspace where you want your App to appear. If you don't want to associate your app with the existing workspace, you can create another one and come back to this step.

Slack App Name Popup

Open the Incoming Webhook page by selecting the option under the Features menu from the left sidebar, and then activate the webhook.

Slack Apps Incoming WebHooks

Click the Add New Webhook to Workspace button at the bottom of the page and select your workspace and the target channel for notifications.

Add Netdata Slack App to WorkSpace

Click the Allow button to proceed. Return to the Incoming Webhooks page and copy the Webhook URL.

Slack Webhook URL

Return to the terminal and switch to the /etc/netdata directory.

$ cd /etc/netdata

Netdata provides a edit-config script to edit and create Netdata configuration files. Run the following file to create and open the file health_alarm_notify.conf using your system's default editor.

$ sudo ./edit-config health_alarm_notify.conf

Scroll down to the following section.

# Enable slack notification
SEND_SLACK="YES"

# Select the slack webhook
SLACK_WEBHOOK_URL="https://hooks.slack.com/services/xxxxxxx"

# Default channel for notification
DEFAULT_RECIPIENT_SLACK="notifications"

Ensure that the variable SEND_SLACK is set to yes. Paste the copied webhook URL to the SLACK_WEBHOOK_URL variable. Enter the name of your channel for the DEFAULT_RECIPIENT_SLACK variable.

If your editor is Vim, press the Escape key to exit editing, type :x and press the Enter key to save the file and exit the editor.

If your editor is Nano, save the file by pressing Ctrl + X and entering Y when prompted.

Restart Netdata to apply the changes.

$ sudo systemctl restart netdata

Configure Email Notifications

Netdata uses sendmail by default to send email notifications but managing an email server is not an easy task. Netdata doesn't support SMTP, but you can install a package called msmtp client. It allows you to send mail to an SMTP server.

Install msmtp.

$ sudo dnf install msmtp

Create and open the configuration file for msmtp.

$ sudo nano /etc/msmtprc

Paste the following code in it.

# Set default values for all following accounts.
defaults

# Use the mail submission port 587 instead of the SMTP port 25.
port 587

# Always use TLS.
tls on

# The SMTP server of your ISP
account ses
host email-smtp.<location>.amazonaws.com
from [email protected]
auth on
user <yoursesusername>
password <yoursespassword>

# Set default account to isp
account default: ses

Save the file by pressing Ctrl + X and entering Y when prompted.

Open the file /etc/netdata/health_alarm_notify.conf for editing.

$ sudo nano /etc/netdata/health_alarm_notify.conf

Scroll down to the following section and enter the path to the msmtp.

# external commands

# The full path to the sendmail command.
# If empty, the system $PATH will be searched for it.
# If not found, email notifications will be disabled (silently).
sendmail="/usr/bin/msmtp"

Locate the following section and enter the details of the sender and receiver and ensure that email sending is enabled.

# email global notification options

# multiple recipients can be given like this:
#              "[email protected] [email protected] ..."

# the email address sending email notifications
# the default is the system user netdata runs as (usually: netdata)
# The following formats are supported:
# EMAIL_SENDER="user@domain"
# EMAIL_SENDER="User Name <user@domain>"
# EMAIL_SENDER="'User Name' <user@domain>"
# EMAIL_SENDER="\"User Name\" <user@domain>"
EMAIL_SENDER="Server Admin <[email protected]>"

# enable/disable sending emails
SEND_EMAIL="YES"

# if a role recipient is not configured, an email will be send to:
DEFAULT_RECIPIENT_EMAIL="[email protected]"
# to receive only critical alarms, set it to "root|critical"

Save the file by pressing Ctrl + X and entering Y when prompted.

Step 8 - Test Notification Channels

Let us test if the Slack notifications work.

Log in as the system user netdata created during installation.

$ sudo su -s /bin/bash netdata

Run the Alarm notification script to send a test notification.

$ /usr/libexec/netdata/plugins.d/alarm-notify.sh test

Exit the user.

$ exit.

Open your Slack application, and you should have received the following alerts.

Netdata Slack Test Notifications

You should also get three emails about the test warnings.

Netdata Test Notifications Email

Step 9 - Configure System Monitoring

Now that we have configured and tested notifications, let us configure and test notifications for the system, like CPU usage.

Run the following commands to create and open the CPU configuration file.

$ cd /etc/netdata
$ sudo ./edit-config health.d/cpu.conf

Change the values of the warn and crit options under the 10min_cpu_usage as shown below.

warn: $this > (($status >= $WARNING)  ? (60) : (70))
crit: $this > (($status == $CRITICAL) ? (75) : (85))

Save the file and exit the editor.

The above setting will send a warning if the CPU usage falls between 60 and 70% and a critical warning when the CPU usage falls between 75 and 85%.

Restart the Netdata service.

$ sudo systemctl restart netdata

Let us test the setting by installing the Stress application.

$ sudo dnf install stress

Run the following command to spike the CPU usage of your server.

$ stress --cpu 2

Leave the command running for 5-10 minutes, and you will receive High CPU usage messages. Once you receive those messages, return to the terminal and exit the command by pressing Ctrl + Z.

After stopping the service, you will receive a CPU recovered notification on Slack.

Slack CPU Usage Notifications

Step 10 - Configure Nginx Monitoring

One of the most commonly monitored apps using Netdata is the server and SQL packages. Let's monitor the Nginx server using Netdata.

To enable the monitoring of the Nginx server, we need to use the ngx_http_stub_status_module. It usually comes pre-installed with Nginx. You can check if the module is present.

$ nginx -V 2>&1 | grep -o with-http_stub_status_module
with-http_stub_status_module

If you get no response, it means your Nginx installation doesn't support the feature. You will need to compile Nginx in that case.

Open the Nginx's default configuration file /etc/nginx/conf.d/default.conf for editing. The file's location is different because we installed Nginx from its official repository. If you are installing Nginx from the OS's repository, then the location for the file will be /etc/nginx/nginx.conf.

$ sudo nano /etc/nginx/conf.d/default.conf

Enter the following code inside the server block before the last closing curly bracket.

# Enable module stub_status
location /stub_status {
	stub_status;
    allow 127.0.0.1;        #only allow requests from localhost
    deny all;               #deny all other hosts
}

Save the file by pressing Ctrl + X and entering Y when prompted.

Verify the Nginx configuration.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the Nginx server.

$ sudo systemctl restart nginx

Restart the Netdata service.

$ sudo systemctl restart netdata

You should see Nginx connection details in your Netdata dashboard.

Netdata Nginx Connection Details

Monitor Nginx Logs

Netdata can also monitor Nginx access logs. To do that, switch to the Netdata directory.

$ cd /etc/netdata

Run the following command to generate a configuration file for monitoring Access Logs.

$ sudo ./edit-config python.d/web_log.conf

Scroll to the bottom of the file and find the following section.

# -------------------------------------------
# nginx log on various distros

# debian, arch
nginx_log:
  name: 'nginx'
  path: '/var/log/nginx/access.log'

# gentoo
nginx_log2:
  name: 'nginx_site'
  path: '/var/log/nginx/localhost.access_log'

Change the path to monitor respective log files. You can add as many sections to monitor as many hosts and their access log files. Our configuration file looks like the following.

# -------------------------------------------
# nginx log on various distros

# debian, arch
nginx_log:
  name: 'nginx'
  path: '/var/log/nginx/access.log'

nginx_log2:
  name: 'nginx_site1'
  path: '/var/log/nginx/site1.access_log'

nginx_log3:
  name: 'nginx_site2'
  path: '/var/log/nginx/site2.access_log'

nginx_log4:
  name: 'nginx_site3'
  path: '/var/log/nginx/site3.access_log'

Save and exit the editor.

To access the log files, Netdata needs permissions to access the directory. By default, the adm system group has permission to access the log files. To give Netdata access, we need to add the netdata user to the adm group.

$ sudo usermod -aG adm netdata

Restart Nginx and the Netdata service.

$ sudo systemctl restart nginx netdata

Reload the Netdata dashboard to view your log file data.

Netdata Access Log Dashboard

Step 11 - Configure MySQL/MariaDB Monitoring

We will install MariaDB for our tutorial. The steps remain the same if you are using a MySQL server.

Add the repository for MariaDB 10.6.

$ sudo nano /etc/yum.repos.d/MariaDB.repo

Paste the following code in it.

# MariaDB 10.6 CentOS repository list - created 2022-04-12 11:12 UTC
# https://mariadb.org/download/
[mariadb]
name = MariaDB
baseurl = https://download.nus.edu.sg/mirror/mariadb/yum/10.6/centos8-amd64
module_hotfixes=1
gpgkey=https://download.nus.edu.sg/mirror/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1

Save the file by pressing Ctrl + X and entering Y when prompted.

Install MariaDB.

$ sudo dnf install MariaDB-server

Enable the MariaDB server.

$ sudo systemctl enable mariadb

Start the MySQL secure installation script. The file name is different in the case of MariaDB.

$ sudo mariadb-secure-installation
....
Enter current password for root (enter for none): (Press Enter)
....
Switch to unix_socket authentication [Y/n] Y (Type Y and Press Enter)
....
Change the root password? [Y/n] Y (Type Y and Press Enter)
New password: 
Re-enter new password: 
Password updated successfully!
....
Remove anonymous users? [Y/n] Y (Type Y and Press Enter)
....
Disallow root login remotely? [Y/n] Y (Type Y and Press Enter)
....
Remove test database and access to it? [Y/n] Y (Type Y and Press Enter)
....
Reload privilege tables now? [Y/n] Y (Type Y and Press Enter)
....
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Open the /etc/my.cnf.d/server.cnf file for editing.

$ sudo nano /etc/my.cnf.d/server.cnf

Find the [mariadb] section in the file and paste the following line as shown below to enable the Userstats plugin. This setting works only on MariaDB and not on the MySQL server.

[mariadb]
userstat = 1

Save the file by pressing Ctrl + X and entering Y when prompted.

Start the MariaDB server.

$ sudo systemctl start mariadb

Restart the Netdata service.

$ sudo systemctl restart netdata

The MariaDB/MySQL dashboard should start appearing in the Netdata dashboard.

NetData MySQL/MariaDB dashboard

Step 12 - Configure PHP-FPM Monitoring

You can monitor one or more PHP-FPM instances using Netdata. For our tutorial, we will install PHP 8.0 and then enable its monitoring.

We will install PHP using the Remi repository. We already installed the EPEL repo in step 3. Install the Remi repository.

$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

Check for available PHP streams.

$ dnf module list php -y
Last metadata expiration check: 0:00:12 ago on Fri 03 Dec 2021 09:39:32 AM UTC.
Rocky Linux 8 - AppStream
Name                Stream                 Profiles                                 Summary
php                 7.2 [d]                common [d], devel, minimal               PHP scripting language
php                 7.3                    common [d], devel, minimal               PHP scripting language
php                 7.4                    common [d], devel, minimal               PHP scripting language

Remi's Modular repository for Enterprise Linux 8 - x86_64
Name                Stream                 Profiles                                 Summary
php                 remi-7.2               common [d], devel, minimal               PHP scripting language
php                 remi-7.3               common [d], devel, minimal               PHP scripting language
php                 remi-7.4               common [d], devel, minimal               PHP scripting language
php                 remi-8.0               common [d], devel, minimal               PHP scripting language
php                 remi-8.1               common [d], devel, minimal               PHP scripting language

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

The default version is 7.2. Enable Remi's PHP 8.0 repository.

$ sudo dnf module reset php -y
$ sudo dnf module enable php:remi-8.0

Next, install PHP and its extensions required by Firefly III. The php package contains several dependencies that Firefly III requires, so make sure you include them.

$ sudo dnf install php php-fpm php-mbstring php-xml php-curl php-mysqlnd php-zip php-intl php-bcmath php-gd php-ldap php-cli

Verify the installation.

$ php --version
PHP 8.0.16 (cli) (built: Feb 15 2022 21:34:32) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.16, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.16, Copyright (c), by Zend Technologies

Configure PHP

Open the file /etc/php-fpm.d/www.conf.

$ sudo nano /etc/php-fpm.d/www.conf

We need to set the Unix user/group of PHP processes to nginx. Find the user=www-data and group=www-data lines in the file and change them to nginx.

...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
...

Scroll down the file to locate the ;pm.status_path = /status option. Uncomment the line by removing the semi-colon in front of it, as shown below.

; Note: There is a real-time FPM status monitoring sample web page available
;       It's available in: @EXPANDED_DATADIR@/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
;       anything, but it may not be a good idea to use the .php extension or it
;       may conflict with a real PHP file.
; Default Value: not set
pm.status_path = /status

Save the file by pressing Ctrl + X and entering Y when prompted.

Enable and start the PHP service.

$ sudo systemctl enable php-fpm --now

Add PHP Settings to Nginx

Open the Nginx's default configuration file /etc/nginx/conf.d/default.conf for editing.

$ sudo nano /etc/nginx/conf.d/default.conf

Enter the following code inside the server block before the last closing curly bracket.

# define PHP-FPM monitoring
location ~ ^/(status|ping)$ {
    allow 127.0.0.1;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_pass   unix:/run/php-fpm/.sock; # Depends on the PHP Version and OS Distro
}

Save the file by pressing Ctrl + X and entering Y when prompted.

Verify the Nginx configuration.

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the Nginx server.

$ sudo systemctl restart nginx

Restart the Netdata service.

$ sudo systemctl restart netdata

Reload the Netdata dashboard, and you should see the PHP-FPM stats.

NetData PHP-FPM Stats Dashboard

Step 13 - Configure Docker Engine and Container Monitoring

Netdata can monitor both the Docker engine and Docker containers. It can also monitor apps running inside these containers, but we won't be covering it in this tutorial.

Let us install Docker first.

$ sudo dnf install yum-utils
$ sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
$ sudo dnf install docker-ce docker-ce-cli containerd.io

Enable and start the Docker service.

$ sudo systemctl enable docker --now

To monitor the Docker engine, you need to enable the metrics feature of Docker.

Create and open the file /etc/docker/daemon.json for editing.

$ sudo nano /etc/docker/daemon.json

Paste the following code in it.

{
  "metrics-addr" : "127.0.0.1:9323",
  "experimental" : true
}

Save the file by pressing Ctrl + X and entering Y when prompted.

Restart the Netdata and Docker services.

$ sudo systemctl restart docker netdata

Load the Netdata dashboard again, and you can see the Docker statistics.

NetData Docker Container Stats

You will see another entry named Prometheus Metrics on your dashboard because the metrics option was made for the Prometheus dashboard.

NetData Docker Container Prometheus Stats

The next step is to monitor the Docker container. Netdata uses control groups, referred to as cgroups to monitor Docker containers. Control groups is a Linux feature that limits and tracks the resource usage of a collection of processes, in this case, containers. If you have Docker containers running when you install Netdata, they are automatically tracked. However, if you run a container after installing Netdata, you need to restart it.

Run a test container.

$ docker container run -d nginx

Check the status of the container.

$ docker ps
CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS     NAMES
938b2cf30927   nginx     "/docker-entrypoint.…"   3 seconds ago   Up 2 seconds   80/tcp    pensive_lovelace

The container's name is tender_murdock as shown. Since the container has been started after installing Netdata, restart the service.

$ sudo systemctl restart netdata

Load the Dashboard, and you should be able to see the Container stats.

NetData Docker Individual Container Statistics

Conclusion

This concludes our tutorial on installing and using the Netdata monitoring system to monitor various apps like Nginx, MySQL, PHP-FPM, and Docker on a Rocky Linux server. If you have any questions, post them in the comments below.

Share this page:

0 Comment(s)