Install LibreNMS on CentOS 7 with Let’s Encrypt and Nginx

Posted on 45 views

In this guide, we will cover the installation and configuration of LibreNMS on CentOS 7 server with Nginx and optional Letsencrypt SSL certificate for security.

What is LibreNMS?

LibreNMS is a community-based GPL-licensed auto-discovering network monitoring tool based on PHP, MySQL, and SNMP. LibreNMS includes support for a wide range of network hardware and operating systems including Juniper, Cisco, Linux, Foundry, FreeBSD, Brocade, HP, Windows and many more. It is a fork of “Observium” monitoring tool.

Features of LibreNMS

Below are the top features of LibreNMS networking monitoring tool

  • Has Automatic discovery – It will automatically discover your entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP, and ARP
  • API Access – LibreNMS provides a full API to manage, graph and retrieve data from your install.
  • Automatic Updates – With LibreNMS you get to stay up to date automatically with new features and bug fixes.
  • Customisable alerting – Highly flexible alerting system, notify via email, IRC, slack and more.
  • Support for Distributed Polling through horizontal scaling which grows with your network
  • Billing system – Easily generate bandwidth bills for ports on your network based on usage or transfer.
  • Android and iOS application – There is a native iPhone/Android App is available which provides core functionality.
  • Multiple authentication methods: MySQL, HTTP, LDAP, Radius, Active Directory
  • Integration support for NfSencollectdSmokePingRANCIDOxidized

Install LibreNMS on CentOS 7 with Let’s Encrypt and Nginx

Follow steps provided here to have a running an operation LibreNMS monitoring tool on your CentOS 7 server. Ensure your system is updated and rebooted:

sudo yum -y update
sudo reboot

After reboot set timezone and chronyd:

sudo yum -y install chrony
sudo timedatectl set-timezone Africa/Nairobi
sudo timedatectl set-ntp yes
sudo chronyc sources

Put SELinux into permissive mode

Run the commands below to put SELinux in Permissive mode:

sudo setenforce 0

To persist the change, edit SELinux configuration file

sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
cat /etc/selinux/config | grep SELINUX=

Add EPEL repository to the system

Enable EPEL repository on your system

sudo yum -y install vim epel-release yum-utils

Install required dependencies

Install all dependencies required to install and run LibreNMS on CentOS 7:

sudo yum -y install zip unzip git cronie wget fping net-snmp net-snmp-utils ImageMagick jwhois mtr rrdtool MySQL-python nmap  python-memcached  python3 python3-pip python3-devel

Install PHP and Nginx

PHP will be installed from REMI repository, add it to the system like below:

sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

Disable remi-php54 repo which is enabled by default, and enable repository for PHP 7.2

sudo yum-config-manager --disable remi-php54
sudo yum-config-manager --enable remi-php74

Then finally install required php modules

sudo yum -y install php php-cli,mbstring,process,fpm,mysqlnd,zip,snmp,devel,gd,mcrypt,mbstring,curl,xml,pear,bcmath

Configure PHP

Edit PHP-FPM configuration file:

sudo vim /etc/php-fpm.d/www.conf

Set below variables

user = nginx
group = nginx
listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

Set PHP timezone

$ sudo vim /etc/php.ini
date.timezone = Africa/Nairobi

Install nginx web server

Install Nginx web server on CentOS 7:

sudo yum -y install nginx

Start nginx and php-fpm service

for i in nginx php-fpm; do
   sudo systemctl enable $i
   sudo systemctl restart $i
done

Install and Configure Database Server

Install MariaDB database on your CentOS 7 server.

curl -LsS -O https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
sudo bash mariadb_repo_setup
sudo yum install MariaDB-server MariaDB-client MariaDB-backup
sudo systemctl enable --now mariadb
sudo mariadb-secure-installation

Edit my.cnf file and add below lines within the [mysqld] section:

$ sudo vim /etc/my.cnf.d/server.cnf
[mysqld]
innodb_file_per_table=1
lower_case_table_names=0

Restart the MariaDB server after making the changes

sudo systemctl restart mariadb

Once the database server has been installed and running, login as root user:

$ sudo mysql -u root -p

Create a database and user:

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms_user'@'localhost' IDENTIFIED BY "Password1234!";
FLUSH PRIVILEGES;
EXIT;

Install and Configure LibreNMS on CentOS 7

If you want to use Letsencrypt SSL certificate, you need to first request for it. Run below commands as root user

sudo yum -y install certbot python2-certbot-nginx

Enable http port on the firewall if you have firewalld service running

sudo firewall-cmd --add-service=http,https --permanent
sudo firewall-cmd --reload

Now obtain the certificate to use

export DOMAIN='librenms.example.com'
export EMAIL="[email protected]"
sudo certbot certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring

The certificate will be placed under /etc/letsencrypt/live/librenms.example.com/ directory

Clone LibreNMS project from Github

Add librenms user:

sudo useradd librenms -d /opt/librenms -M -r
sudo usermod -aG librenms nginx

Clone LibreNMS project from Github:

cd /opt
sudo git clone https://github.com/librenms/librenms.git
sudo chown librenms:librenms -R /opt/librenms

Install PHP dependencies

cd /opt/librenms
sudo ./scripts/composer_wrapper.php install --no-dev

A successful install should have output similar to below:

....
Requirement already satisfied: typing-extensions>=3.6.4; python_version < "3.8" in /root/.local/lib/python3.6/site-packages (from importlib-metadata>=1.0; python_version < "3.8"->redis>=3.0->-r requirements.txt (line 3))
Installing collected packages: psutil, command-runner
  Running setup.py install for psutil: started
    Running setup.py install for psutil: finished with status 'done'
Successfully installed command-runner-1.3.0 psutil-5.9.0

Copy and configure SNMP configuration template:

Run the commands below in the terminal:

sudo cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
sudo vim /etc/snmp/snmpd.conf

Set your community string by replacing RANDOMSTRINGGOESHERE

com2sec readonly  default       MyInternalNetwork

Download distribution version identifier script

sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
sudo chmod +x /usr/bin/distro

Then start and enable snmpd service

sudo systemctl enable snmpd
sudo systemctl restart snmpd

When all is done, create nginx configuration file for LibreNMS

Nginx configuration without SSL

This is placed under /etc/nginx/conf.d/librenms.conf

server 
 listen      80;
 server_name librenms.example.com;
 root        /opt/librenms/html;
 index       index.php;

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 location / 
  try_files $uri $uri/ /index.php?$query_string;
 
 location /api/v0 
  try_files $uri $uri/ /api_v0.php?$query_string;
 
 location ~ \.php 
  include fastcgi.conf;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
 
 location ~ /\.ht 
  deny all;
 

Nginx Configuration with SSL

server 
        listen 80;
        server_name librenms.example.com;
        root        /opt/librenms/html;
        return 301 https://$server_name$request_uri;


server 
    	listen 443 ssl http2;
        server_name librenms.example.com;;
        root        /opt/librenms/html;
        index       index.php;

	# Set Logs path
     	access_log  /var/log/nginx/access.log;
     	error_log   /var/log/nginx/error.log;

	# Configure SSL
	ssl_certificate /etc/letsencrypt/live/librenms.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/librenms.example.com/privkey.pem;

   	# Enabling Gzip compression on Nginx
 	 charset utf-8;
         gzip on;
         gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

     location / 
         try_files $uri $uri/ /index.php?$query_string;
     

     location /api/v0 
         try_files $uri $uri/ /api_v0.php?$query_string;
     

     # PHP-FPM handle all .php files requests
     location ~ \.php 
         include fastcgi.conf;
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
         fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
     

     location ~ /\.ht 
         deny all;
     
 

Confirm nginx syntax:

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If all looks good, restart the service

sudo systemctl restart nginx

Configure cron jobs

sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

Copy logrotate config

LibreNMS keeps logs in /opt/librenms/logs. Over time these can become large and be rotated out.

To rotate out the old logs you can use the provided logrotate config file:

sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Set proper permissions

sudo chown -R librenms:nginx /opt/librenms
sudo chmod -R 775 /opt/librenms
sudo setfacl -d -m g::rwx /opt/librenms/logs
sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

Start LibreNMS Web Installer

Open http://librenms.example.com/install.php on your web browser to finish the installation.

install-librenms-centos7-start-1024x526

Confirm that all Pre-Install Checks passes and click “Next Stage”

Configure Database credentials as created earlier. It will start to import database schema and populate data.

install-librenms-centos7-db-settings-1024x550

On the next page, you’ll be asked to configure admin user account.

Username: admin
Password: StrongPassword

Next is the generation of the configuration file, you may have to create the file manually with the contents given if it fails to create. The file path should be /opt/librenms/.env.

$ sudo vim /opt/librenms/.env 
# Database connection settings
DB_HOST=localhost
DB_DATABASE=librenms
DB_USERNAME=librenms_user
DB_PASSWORD=Password1234!

Change ownership of the file to a librenms user:

sudo chown librenms:librenms /opt/librenms/.env

Click Finish Install” button to complete LibreNMS installation on CentOS 7

You should be greeted with an admin login page. Login and select Validate Installation

install-librenms-ubuntu-18.04-01-login-min-1024x558

We also have other monitoring tutorials around ZabbixGrafanaPrometheus, and InfluxDB.

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.