Install PHP Server Monitor on Debian

In this guide, we will learn how to install and configure the latest version of PHP Server Monitor on Debian to monitor websites or services.

PHP Server Monitor is a free, open-source, small monitoring application written primarily in the PHP programming language and often used in Linux on Apache/Nginx web servers, the PHP server-side programming language, and the MySQL/MariaDB database management system, also known as the LAMP or LEMP stack.

PHP Server Monitor uses a small web-based interface to check whether a website or service is up and running. The web interface is used to manage services, which are checked by their domain/address and port number, and can notify system administrators of service and site outages via email, SMS or pushover.net notifications. It can also display history graphs of monitored services and websites.

The software can display latency and uptime of services and websites.

Requirements

  • Debian 9 minimal installation on a bare metal machine or on a virtual private server
  • sudo root privileges for a local or remote account, or direct access to the root account
  • A static IP address configured for one of your system’s network cards
  • A domain name, private or public depending on your deployment, with the correct DNS records for web services. If you don’t have a valid or registered domain name, you can install and access the site using your server’s IP address
  • If you want to use mail notifications or other features, you should have a running mail server on your premises that is properly configured and provides remote access to its IMAP and SMTP services

Prerequisites

Before you start installing and configuring PHP Server Monitor from source on your own server, you need to make sure that your system meets all the software requirements for compiling and installing the application. The first step is to update your system repositories and software packages with the following command.

apt update
apt upgrade

After the system has been fully upgraded, set up the name for your system by running the following command. Replace your hostname variable accordingly.

hostnamectl set-hostname www.monitor.mon

Check your machine’s hostname and hosts file by running the following commands.

hostnamectl
cat /etc/hostname
hostname –s
hostname –f

Finally, you need to restart the Debian server so that the kernel updates and hostname changes are applied correctly.

systemctl reboot

In the next step, run the following command to install some necessary utilities that will be used to further manage your system from the command line and provide the command line utilities needed by the application to check websites and the status of services.

apt install wget bash-completion zip unzip bind9utils mailutils curl

PHP Server Monitor is a web-based monitoring application written in the PHP server-side programming language. In order to run the application’s PHP file scripts, a web server such as the Apache HTTP Server and a PHP Processing Gateway must be installed in the system and made operational. To install the Apache web server and PHP interpreter along with all the PHP modules that the application needs to run properly, enter the following command in your server console.

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-zip php7.0-gd php7.0-xml php7.0-json php7.0-opcache php7.0-curl php7.0-mbstring

After Apache and PHP are installed, check that the web server is running and listening for network connections on port 80 by entering the following command with root privileges.

netstat –tlpn

If the netstat network command line utility is not installed by default in your Debian system, run the following command to install it.

apt install net-tools

From the output of the netstat command, you can see that the Apache web server is listening for incoming network connections on port 80. For the same task, you can also use the ss command, which is automatically installed in Debian 9.

ss- tulpn

If you have a firewall enabled in your system, such as the UFW firewall application, you should add a new rule to allow HTTP traffic through the firewall by typing the following command.

ufw allow WWW

or

ufw allow 80/tcp

If you are using iptables raw rules to manage the firewall rules on your Debian server, add the following rule to allow incoming traffic on ports 80 and 22 (SSH) on the firewall so that visitors can browse the application.

apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service

Next, enable the following Apache and PHP modules that the web application needs to run properly and apply them by entering the following command.

a2enmod rewrite
phpenmod sockets
systemctl restart apache2

Finally, test if the default Apache web page can be displayed in your clients’ browsers by calling the IP address of your Debian machine or the FQDN of your domain or server using the HTTP protocol, as shown in the following figure. If you don’t know the IP address of your machine, you can run the ifconfig or ip a commands to find out the IP address of your server.

http://your_domain.tld

To install and access the backend and frontend of PHP Server Monitor using the HTTPS protocol, which secures traffic for your clients, enable the Apache web server’s SSL module and SSL site configuration file with the following command.

a2enmod ssl
a2ensite default-ssl.conf

Next, open the Apache default SSL site configuration file with a text editor and enable the URL rewrite rules by inserting the following lines of code after the DocumentRoot directive, as shown in the following example:

nano /etc/apache2/sites-enabled/default-ssl.conf

Excerpt from the SSL site configuration file:

<directory /var/www/html>
  options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>

Also, change the VirtualHost line to look like the following excerpt:

             <VirtualHost *:443>

Close the SSL Apache file and open the /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as for the SSL configuration file. Add the lines of code after the DocumentRoot statement, as shown in the following example.

<directory /var/www/html>
  options +FollowSymlinks
  AllowOverride All
  Require all granted
</Directory>

Finally, you restart the Apache daemon to apply all the rules configured so far and visit your domain using the HTTP protocol. Since you are using the self-signed certificate pairs automatically issued by Apache during installation, you should see an error warning in the browser.

systemctl restart apache2

https://yourdomain.tld

Accept the warning to use the untrusted certificate and continue and be redirected to the Apache default website, as shown in the following image.

If the UFW firewall application blocks incoming network connections to the HTTPS port, you should add a new rule to allow HTTPS traffic through the firewall by entering the following command.

ufw allow ‘WWW Full’

or

ufw allow 443/tcp

If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow incoming traffic through port 443 in the firewall to allow visitors to browse your domain name.

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent

In the next step, we need to make some more changes to the PHP default configuration file to ensure that the following PHP variables are enabled and the PHP timezone is configured correctly to match your system’s geographic location. Open the /etc/php/7.0/apache2/php.ini file for editing and make sure the following lines are set as follows. Also, make a backup of the PHP configuration file first.

cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini

Find, edit, and change the following variables in the php.ini configuration file:

      date.timezone = Europe/London

Replace the time.zone variable according to the geographic location of your server by consulting the list of timezones provided in the PHP docs at the following link http://php.net/manual/en/timezones.php

If you want to increase the loading speed of your web pages using the OPCache plugin available for PHP7, add the following OPCache settings at the end of the PHP interpreter configuration file after the [opcache] line, as described in the following excerpt:

[opcache]
opcache.enable=1 
opcache.enable_cli=1 
opcache.interned_strings_buffer=8 
opcache.max_accelerated_files=10000 
opcache.memory_consumption=128 
opcache.save_comments=1
opcache.revalidate_freq=1

Close the php.ini configuration file and verify that the variables at the end of the PHP configuration file were added correctly by typing the following command.

grep opcache /etc/php/7.0/apache2/php.ini

After you have made all the changes described above, enable the OPCache module and restart the Apache daemon to apply the new changes by entering the following commands.

phpenmod opcache
systemctl restart apache2

Finally, create a PHP info file by running the following command, and verify that the PHP time zone is configured correctly by accessing the PHP info file in a browser at the following URL, as shown in the following image. Scroll down to the date setting to verify the PHP timezone configuration.

echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php

https://domain.tld/info.php

PHP Server Monitor stores various configurations such as users, sessions, monitored services and websites, and other settings in an RDBMS database. In this tutorial, we will configure PHP Server Monitor to use MariaDB database as a backend. Enter the following command to install the MariaDB database and the PHP module to access the mysql database.

apt install mariadb-server php7.0-mysql mariadb-client

After installing MariaDB, verify that the daemon is running and listening for connections on localhost, port 3306, by running the netstat command.

netstat –tlpn | grep mysql

Then log in to the MySQL console and secure the MariaDB root account by entering the following commands.

mysql -h localhost
use mysql;
update user set plugin='' where user='root';
flush privileges;
exit

In the next step, secure MariaDB by running the script mysql_secure_installation included in the installation packages from the Debian Stretch repositories. As the script runs, it asks a series of questions designed to secure the MariaDB database, such as: change the MySQL root password, remove anonymous users, disable remote root logins, and delete the test database. Run the script using the command below and make sure you answer yes to all questions to fully secure the MySQL daemon. Take the following excerpt from the script as a guide.

mysql_secure_installation
NOTE: THE EXECUTION OF ALL PARTS OF THIS SCRIPT IS FOR ALL MARIADB

     SERVERS IN THE PRODUCTION!  PLEASE READ EACH STEP CAREFULLY!

To log in to MariaDB to back it up, we need the current

password for the root user.

If you just installed MariaDB and

haven’t set the root password yet, the password is blank,

then you should just hit enter here.

Enter the current password for root (Enter for none):

OK, successfully used password, moving on…

 

Setting the root password ensures that no one can log in to the MariaDB

root user without the proper authorization.

You already have a root password set, so you can safely answer ‘n’.

Change the root password? [Y/n] y

New password:

Enter new password:

Password updated successfully!

Reload permission tables…

 …. Success!

By default, a MariaDB installation has an anonymous user that anyone

can use to log in to MariaDB without having to create a user account for

them.

This is for testing purposes only and should make the installation

a little smoother.

You should remove it before moving to a

production environment.

Remove anonymous users? [Y/n] y

 … Success!

Normally, root should only be allowed to connect from ‘localhost’.

This

ensures that someone cannot guess the root password from the network.

Disallow root login remotely? [Y/n] y

 … Success!

By default, MariaDB ships with a database called ‘test’ that everyone

has access to.

This database is also for testing only and should be removed

before you deploy it in a production environment.

Remove test database and access to it? [Y/n] y

 – Delete test database…

 … Success!

 – Remove test database permissions…

 … Success!

Restoring the permissions tables ensures that all changes made so far

take effect immediately.

Restoring the permissions tables now? [Y/n] y

 … Success!

Clean up…

All done!  If you have done all the above steps, your MariaDB

installation should now be safe.

Thank you for using MariaDB!

To test the MariaDB security settings, try logging into the database from the console using the root account and no password. Access to the database should be denied if no password is specified for the root account, as seen in the following command snippet:

mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (with password: NO)

If the root password is specified, the login process for the root account should be granted in the MySQL console, as shown in the command example:

mysql -h localhost -u root -p
Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection identifier is 15

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to delete the current input statement.

MariaDB [(none)]> exit

Bye

After logging into the MariaDB database console, create a PHP Server Monitor database and a user with a password to be used to manage the application database by entering the following commands. Replace the database name, user and password accordingly.

mysql –u root -p
Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to delete the current input statement.

MariaDB [(none)]> create database phpservermonitor;

Query OK, 1 line affected (0.00 sec)

MariaDB [(none)]> Grant all permissions on phpservermonitor.* to srvuser' identified by 'password1';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit

bye

To apply all the changes made so far, restart MySQL and the Apache daemons and check if the daemons are running. To do this, you can enter the following commands.

systemctl restart mysql apache2
systemctl status mysql apache2

Install PHP Server Monitor

After meeting all the system requirements for installing the application, visit the official download page of PHP Server Monitor at http://www.phpservermonitor.org/download/ and get the latest compressed zip package using the wget utility by typing the following command.

wget  https://sourceforge.net/projects/phpservermon/files/phpservermon/phpservermon-3.2.0.zip

After the zip archive download is complete, unzip the compressed PHP Server Monitor zip archive to your current working directory and list the unzipped files using the following commands.

unzip phpservermon-3.2.0.zip
ls -al phpservermon-3.2.0

Also remove the default index.html file installed by the Apache web server from the webroot path and also delete the info.php file created earlier.

rm /var/www/html/index.html
rm /var/www/html/info.php

The installation files for PHP Server Monitor are located in your current working directory in the phpservermon-3.2.0 directory. Copy the entire contents of the unzipped ZIP archive of PHP Server Monitor to the root of your web server, including the hidden .htaccess file, and create the application’s configuration file by executing the following commands

cp -rf phpservermon-3.2.0/* /var/www/html/
cp -rf phpservermon-3.2.0/.htaccess /var/www/html/
cp /var/www/html/config.php.sample /var/www/html/config.php

Next, run the following commands to grant the Apache runtime user full write permissions to the root directory of the web server document. Use the ls command to list the permissions for the application’s installed files in the /var/www/html/ directory.

chown -R www-data:www-data /var/www/html/
ls –al /var/www/html/

The next step is to open and edit the PHP Server Monitor configuration file with your favorite text editor and add the credentials for the MySQL database, as shown in the following excerpt. Replace the database name, credentials and prefix accordingly.

nano /var/www/html/config.php

config.php File example:

<?php
define('PSM_DB_PREFIX', 'srvmon_');
define('PSM_DB_USER', srvuser');
define('PSM_DB_PASS', 'password1');
define('PSM_DB_NAME', 'phpservermonitor’);
define('PSM_DB_HOST', 'localhost');
define('PSM_DB_PORT', '3306');
define('PSM_BASE_URL', '');

Next, proceed with the installation of PHP Server Monitor by opening a browser and clicking on the IP address, domain name or FQDN of your server using the HTTPS protocol. On the first installation screen, PHP Server Monitor installer will check your system environment to see if all the prerequisites for installing the application are met (PHP version and cURL module), as shown in the figure below. If all prerequisites are met, click the Let’s Go button to start the installation process.

https://yourdomain.tld

After connecting to the MySQL database, create an admin user for the PHP Server Monitor application and write a secure password for the admin account. Also add the admin account email address as shown in the image below and click the Install button to start the installation process.

After the MySQL database schema has been imported and the installation is complete, the installer will display three buttons at the bottom of the screen, as shown in the following image. Just click on the Go to your monitor button to be redirected to the backend of the application.

You can also visit the PHP Server Monitor Admin web panel by navigating to your server IP address or domain name to the /index.php URL using the HTTPS protocol. Log in to the PHP Server Monitor Dashboard using the administrator account credentials you set during installation, as shown in the following image.

https://yourdomain.tld/index.php

After logging into the PHP Server Monitor dashboard, you will see two default items that are currently monitored by the application: the Gmail SMTP port and the SourceForge websites.

To add your own services and websites to be monitored by the application, navigate to the Servers menu, click the Add New button and enter the details of your website or service and the type of alerts, as shown in the screenshots below. When you’re done, click the Save button to add the new service for monitoring by the app.

To periodically check the status of services and websites, go back to the server console and add a new cronjob with root privileges to run every ten minutes, as shown in the example below.

crontab –e

Cronjob example:

*/10 * * * /usr/bin/php7.0  /var/www/html/cron/status.cron.php

To force visitors to browse the PHP Server Monitor application and securely access the backend interface using the HTTPS protocol, which encrypts traffic between the server and client browsers, return to your server’s terminal and edit the .htaccess file located in your site’s path with the following settings.

nano /var/www/html/.htaccess

.htaccess Excerpt from the file:

# Change PHP settings
php_flag register_globals off
php_flag magic_quotes_gpc Off

Finally, add the following rules to the end of the file to redirect domain traffic to HTTPS

# Redirect to HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Finally, visit the frontend page of the app by navigating to your server IP address or domain name using the HTTP protocol. You should be automatically redirected to HTTPS, as shown in the screenshot below.

http://www.yourdomain.tld

That’s it! You have successfully installed and configured the PHP Server Monitor in Debian 9. However, because the Apache HTTP server uses an untrusted self-signed certificate to encrypt traffic between the server and visitors’ browsers, a warning message is always generated and displayed in their browsers. This warning is always displayed when you visit the application frontend using a new browser or a different IP address. In this case, you should buy a certificate issued by a trusted certificate authority or get a free pair of certificates from Let’s Encrypt CA.

For more custom configurations of the PHP Server Monitor web application, visit the documentation page at the following address: http://docs.phpservermonitor.org/en/latest/