Installs a turnkey "PHP Server Monitor" system using Docker containers; PHP-Server-Mon, NGINX, MySQL, PHP-FPM.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
nginx
php-fpm
.gitignore
LICENSE
README.md
backup-psms.sh
build-php-fpm.sh
build-psms.sh
dbash.sh
delete-database.sh
docker-compose.yml
docker-compose.yml.default
set-passwords.sh

README.md

Low Threat Security Alert : See the "Low-Threat Security Alert" section at the end of this README for news about a possible PHP Server Monitor 3.1.1 CSRF Exploit

Php-Server-Mon-Sys

Why Php-Server-Mon-Sys?

Let's say you manage some websites or other network servers, and you wish to monitor them. You decide it's time to install and operate a Server Monitor to help with that task. There are quite a number of server monitors available from which to choose. At this time you choose a basic, easy-to-use server monitor named PHP Server Monitor:

PHP Server Monitor may be installed on a shared host or a VPS. If your shared host or VPS is already configured to serve websites, all of the services PHP Server Monitor requires are often already installed. If the services it needs are already installed, you do not need to use Php-Server-Mon-Sys; the default method of installing PHP Server Monitor is probably required on a shared host, and is probably preferred on a VPS.

However, if your host does not already have the required services installed, you now have a problem. The problem is, installation of the required services may be complicated and time consuming.

Php-Server-Mon-Sys solves this problem. In many cases, Php-Server-Mon-Sys makes installation of PHP Server Monitor much faster and simpler on hosts which do not already have the required services installed.

Php-Server-Mon-Sys Is A Turnkey System

In addition to installing PHP Server Monitor, Php-Server-Mon-Sys installs the required services. Php-Server-Mon-Sys includes NGINX, MySQL, and PHP-FPM. These are "private" services which are available only to PHP Server Monitor. These services are not installed directly into the host operating system per usual. These services are deployed using Docker containers. Using Docker containers means these services may be very easily and cleanly installed and un-installed along with the PHP Server Monitor application software. Backing up and restoring are also quick and uncomplicated.

When you no longer need the PHP Server Monitor software in your system, you may very easily remove it. When it is removed, PHP Server Monitor's supporting services are removed as well. There is no need to individually remove each of the other services no longer needed.

Keep in mind that the NGINX, MySQL, and PHP-FPM services which are installed by Php-Server-Mon-Sys are available only to PHP Server Monitor; they are not intended to be available to other application software on the host system. The services are ephemeral; they come and go along with the installation, operation, and un-installation of Php-Server-Mon-Sys.

The Php-Server-Mon-Sys project is Open Source, and its public repository is located at:

The version of PHP Server Monitor incorporated into this release of Php-Server-Mon-Sys is PHP Server Monitor v3.1.1.

This version of Php-Server-Mon-Sys has been tested only on a host using Ubuntu 14.04. Php-Server-Mon-Sys has not yet been tested on OS X nor Windows. Theoretically, Php-Server-Mon-Sys should work on any host which fully supports Docker tools, but that has not yet been tested.

System Requirements

Installation and operation of Php-Server-Mon-Sys requires:

  • Superuser access to a private host or VPS
  • 300MB available memory
  • 1.1GB available storage, (plus server history data accumulated in database)
  • Internet connection/service
  • Docker Engine 1.11, (or newer), pre-installed
  • Docker Compose 1.7, (or newer), pre-installed
  • UnZip 6.00, pre-installed, (alternate equivalent may be substituted)
  • Tar (GNU tar) 1.27.1, pre-installed, (alternate equivalent may be substituted)

Php-Server-Mon-Sys Installation Instructions

  • The following commands download the Php-Server-Mon-Sys release ZIP file, and unzip the contents into a newly created directory. Before entering the following commands, change the present working directory to where you want the Php-Server-Mon-Sys Home directory to be created. Then, enter the following commands:

    $ wget https://github.com/addiscent/php-server-mon-sys/archive/master.zip
    
    $ unzip master.zip  # create a new directory containing Php-Server-Mon-Sys
    

    The name of the new directory is php-server-mon-sys-master. The new directory is the Home directory for Php-Server-Mon-Sys. If you wish to rename the Php-Server-Mon-Sys Home directory, you may do so at any time. You may delete the master.zip file now, or later.

  • The following commands build Docker containers, and start Php-Server-Mon-Sys operation:

    $ cd php-server-mon-sys-master  # or to whatever you rename the directory
    
    $ ./build-psms.sh  # execute this BASH script only in the php-server-mon-sys-master directory
    

    IMPORTANT: You must wait a bit, (up to two minutes on very slow hosts), for MySQL to finish initializing its database before continuing with PHP Server Monitor Initialization instructions below. Otherwise, errors will be displayed during the PHP Server Monitor Initialization process. At this point, if an error is shown stating, "Unable to connect to MySQL. Please check your information", it is temporary. Wait one minute, and retry PHP Server Monitor Initialization.

Initially, you are evaluating the software. After you become familiar with it, you will probably decide to discard the first database created during PHP Server Monitor Initialization. However, before creating the database you plan to use "in production", read the three sections below titled:

  • Transitioning From Evaluation To Production

  • PHP Server Monitor Database Passwords

  • PHP Server Monitor Time Zone

PHP Server Monitor Initialization

  • After completing the Installation instructions above, use a web browser to visit:

  • Read and follow the directions on the first page, then choose LET'S GO.

  • Set your user, password, and email to whatever you wish, then choose INSTALL.

  • Read the page, follow the instructions, then choose GO TO YOUR MONITOR

Quick-start Guide To PHP Server Monitor Operation

  • Enter your user credentials and choose LOGIN. A page shows STATUS. The page is currently blank, because no servers have been chosen for monitoring.

  • Enter a server to monitor, and watch it, as described here:

    • Choose Servers from the menu at the top of the page. The next page shows Servers page.

    • Choose the green ADD NEW button. Enter the appropriate data into the fields, for a server you wish to monitor, then choose SAVE.

    • The Servers page refreshes, and now the server you entered on the previous page is in the list of servers to be monitored. Choose Status from the menu at the top of the page.

    • Notice a green box containing the name of the server you have chosen to be monitored. This page has several means of being refreshed to show the current status of the server. Let's use the manual update method now. Choose Update from the menu at the top of the page.

    • The contents of the green named-server box changes to "Last online: a second ago". Now, let's see a chart of the server's uptime history. Mouse-click on the green box containing your server's name.

    • A page titled Servers shows your server's profile information, and charts containing the access history of the chosen server. At this time, there is only one or a few points on the graph. Each point reflects the server's status at that time. The server's access history is updated in the database, a data point every three minutes, (default). However, the chart on this page does not automatically update, it must be refreshed manually, (using browser page refresh).

    • Let's change the configuration of PHP Server Monitor so that the main home page, Status, is automatically refreshed periodically, so you don't have to do it manually. Choose Config from the menu at the top of the page. A page titled Config is shown. In the field titled Auto-refresh, enter a time of 60 seconds, and choose Save. Now, choose Status from the menu at the top of the page.

    • Wait and watch for it, and notice that the contents of the green named-server box on the Status page is now auto-refreshed every 60 seconds. The Last online status should not show a value larger than 3 minutes unless the server is actually down, or whatever interval has been set for the server's update.

    • After ten or fifteen minutes have passed, mouse-click on the green box containing your server's name, and notice the chart now contains at least several data points of access history for your server, at the appropriate time interval.

  • See the PHP Server Monitor website and GitHub repository for full official documentation:

Managing Php-Server-Mon-Sys

Php-Server-Mon-Sys Home Directory

Php-Server-Mon-Sys-specific management commands, such as the .sh BASH scripts, and "docker-compose...", should always be executed with the Php-Server-Mon-Sys Home directory as the present working directory, (pwd).

Docker Commands

The Php-Server-Mon-Sys system is managed using docker-compose commands:

* docker-compose up -d  # loads and starts, or restarts, _Docker_ containers
* docker-compose stop   # suspends container Operation
* docker-compose logs   # shows a composite log generated by operating containers
* docker-compose rm     # destroys loaded containers.  "stop" them first.

The present working directory must be the Php-Server-Mon-Sys Home directory when entering these commands. Using these commands while the PWD is any other directory will show errors and the command scripts will fail.

Note that docker-compose rm is seldom used, typically only when completely uninstalling Php-Server-Mon-Sys.

See the Docker web site for related documentation:

https://docs.docker.com/

Starting Php-Server-Mon-Sys After A Reboot

The Php-Server-Mon-Sys installation process does not add Php-Server-Mon-Sys to the init, (startup system), of the host machine. This means that Php-Server-Mon-Sys must be started manually each time the host is rebooted. You may choose to add Php-Server-Mon-Sys startup commands to the init of the host system, but how to do that is dependent on the distribution of the OS on which it is installed, and is beyond the scope of this document.

After re-booting the host OS, restart the Php-Server-Mon-Sys system by making the Php-Server-Mon-Sys home directory the present working directory, then enter the command:

    $ docker-compose up -d

After that command has reloaded the service containers, PHP Server Monitor will continue its job of monitoring services, and collecting and storing server history data into the PHP Server Monitor database.

Reducing Risk To The PHP Server Monitor Database

The PHP Server Monitor database "persists" on the host file system. The Php-Server-Mon-Sys system, (technically, its Docker service containers), may be started, stopped, restarted, destroyed, and recreated without danger to the contents or integrity of the PHP Server Monitor database. However, as with any other software executing on the host, there is one important caveat:

  • In order to prevent risk to the PHP Server Monitor database, the Php-Server-Mon-Sys Docker service containers must be stopped using a Docker command, docker-compose stop. Do not "cut power" or do a "hardware reset" of the host OS without first gracefully shutting down the Php-Server-Mon-Sys system, using the command:

    $ docker-compose stop
    

This is necessary only if the host must be "hard reset", (not allowed to do an orderly shutdown). It is not necessary to manually shutdown Php-Server-Mon-Sys if the host does an orderly shutdown, (i.e., shutdown -r now), because an OS doing an orderly shutdown will send SIG signals to the Docker containers notifying them they should terminate, and should give them time to end gracefully. The service containers will ensure data integrity, as long as they are allowed to finish their graceful shutdown before the system OS exits.

After re-booting the host OS, follow the procedure described above, in the section titled Starting Php-Server-Mon-Sys After A Reboot.

Transitioning From Evaluation To Production

When you have finished learning what Php-Server-Mon-Sys is all about, it is likely you will wish to discard the data accumulated initially, during evaluation. It may be advantageous to follow the procedure described in this section while also performing the procedures described in the other sections below, PHP Server Monitor Database Passwords and PHP Server Monitor Time Zone. You may wish to read those sections before following the procedure described here.

Deleting the PHP Server Monitor database causes Php-Server-Mon-Sys to automatically create a new one. Therefore, the easiest and fastest way to create an empty database, (discard the old data), is to simply delete the existing PHP Server Monitor database. Keep in mind that deleting the database deletes all data previously created during PHP Server Monitor Initialization. In addition to all PHP Server Monitor server history data, the list of PHP Server Monitor servers and any PHP Server Monitor user and admin accounts are deleted.

To delete the existing PHP Server Monitor database, enter the following commands:

  $ sudo ./delete-database.sh  # sudo or other superuser power required

  $ docker-compose up -d # delete-database.sh stops Php-Server-Mon-Sys, so it must be restarted

After the database is deleted, a new database will be automatically created when Php-Server-Mon-Sys is re-started. Depending on the speed of your host, it could take up to two minutes to finish creating the new database. Then, use a web browser to visit your PHP Server Monitor page per usual, (default, localhost:28684). If you see an error message which says "can't connect to database", wait a little longer and retry. Follow the prompts and begin using as normal.

PHP Server Monitor Database Passwords

When Php-Server-Mon-Sys is installed, it automatically creates the database. The database passwords are set to defaults at that time. If you wish to tighten up the security of your database, you may change the database passwords.

The database passwords cannot be changed by Php-Server-Mon-Sys after a database has been created; the passwords must be decided upon prior to creation of the database. A good time to do this is after you have finished evaluation of Php-Server-Mon-Sys and you are subsequently ready to "go into production". At that time, you are most likely to decide you wish to abandon the first database and create a new one.

When you are ready to create a new database using new passwords, follow these steps:

  • Set new passwords into the appropriate configuration files by entering the following command:

    $ ./set-passwords.sh root_password user_password # replace these passwords with your own

  • Re-build the PHP-FPM Docker container using the following command:

    $ ./build-php-fpm.sh

  • Delete the database. The following commands stop Php-Server-Mon-Sys, delete the files containing the database, and then re-start Php-Server-Mon-Sys:

    $ sudo ./delete-database.sh

    $ docker-compose rm # obsolete PHP-FMP container must be unloaded

    $ docker-compose up -d # re-start Php-Server-Mon-Sys. Loads re-built PHP-FPM container

It is necessary to wait for the database to finish initialization, (up to two minutes on a very slow host).

PHP Server Monitor Time Zone

The default PHP Server Monitor time zone is UTC. You may change the time zone by editing the php.ini file, located in the ./php-fpm/ sub-directory.

Note that the PHP Server Monitor Time Zone must only be changed BEFORE creating the PHP Server Monitor database. The PHP Server Monitor database is created during the process described above, in the section titled, PHP Server Monitor Initialization. If the PHP Server Monitor Time Zone is set after PHP Server Monitor Initialization, the timestamps on the server history data collected into the database will be out of sync with the displayed charts, rendering the collected data useless for charting in PHP Server Monitor.

To change the PHP Server Monitor Time Zone, search the ./php-fpm/php.ini file for the term date.timezone. Change the default value, UTC, to your time zone, e.g., America/Los_Angeles. For valid time zone codes, see:

http://www.php.net/manual/en/timezones.php

PHP Server Monitor Application Service Port number

The default application, (HTTP), service port number is 28684. You may change this port number by editing the docker-compose.yml file. Find the section which appears as follows:

ports:
  - "28684:80"

Change the port number 28684 to any valid port number which does not conflict with other ports in use on the host. After editing this file, for any changes to take effect, Php-Server-Mon-Sys must be restarted, using the command:

  $ docker-compose up -d
PHP Server Monitor Application Remote Access And Security Considerations

PHP Server Monitor admin access is not limited to "localhost-only". Because the PHP Server Monitor service port serves a web page using HTTP, it may be accessed remotely, over a private network or the Internet. If you do so, there are several important security implications to keep in mind.

To access Php-Server-Mon-Sys over a private network or the Internet, you may need to unblock the application service port, (default 28684), on your firewall. To find out if a firewall is enabled, (on Ubuntu distributions as an example), enter the following command :

$ sudo ufw status verbose

The result informs you that the firewall is either not enabled, or it is enabled. If the firewall is not enabled, the PHP Server Monitor Application Service Port is not blocked by the host firewall. If this is the case, your host is known an "open server", which means any computer on the network is allowed to try to connect to it.

If the firewall is enabled, the command above shows a list of allow/deny rules for access to the host from the network. In our case, a rule must exist which allows access to the PHP Server Monitor Application Service Port from the desired source, such as the IP address or address range on the local network or the Internet. If an appropriate "allow" rule doesn't exist, create it. Ensure that when you create the "allow" rule, you allow access to only the PHP Server Monitor Application Service Port, and also carefully consider the source IP address(es) you are allowing, (trusted?). In the interest of "tight security", you may allow access by only a single trusted IP address, no others.

The most important security consideration when allowing remote access is the potential for a "man-in-the-middle-attack" on your PHP Server Monitor login credentials, most importantly your password. Php-Server-Mon-Sys does not use SSL/TLS, (HTTPS), encryption on the connection between the user's browser and the PHP Server Monitor server. This means when you log into PHP Server Monitor, the login credentials you enter, including your password, are sent in "clear-text" form, not encrypted.

It is always the case that any computer, on any network over which any data traverses, could be used to "snoop" on the TCP/IP packets transferred on that network. If data in those packets, in this case the password, is encrypted, there is no danger that a snooper can re-use it later to log into your PHP Server Monitor. However, to re-emphasize an important point, Php-Server-Mon-Sys does not use SSL/TLS, (HTTPS), encrypted communication; your login credentials are sent in clear-text form. This is not a security problem when doing "localhost" access, and typically is not a security problem on trusted/secure (private) networks. But, if you use an untrusted network, such as the Internet, for access to PHP Server Monitor, there is a possibility that PHP Server Monitor login credentials could be recorded by snoopers. (See https://en.wikipedia.org/wiki/Wireshark)

Php-Server-Mon-Sys is Open Source Software, so, if you wish, you may download the source code and add SSL/TLS, (HTTPS), encryption to the NGINX web server configuration. It is not trivial to do so, but the knowledge gained by doing that could be valuable to you if you are a technical professional in a relevant industry.

Keep in mind that if the login credentials captured by a snooper allow access to a PHP Server Monitor admin account, that account also allows access to the PHP Server Monitor database. Though unauthorized access to the PHP Server Monitor database is not a good thing, the potential damage by a vandal is limited to the database. It is important to realize that someone with PHP Server Monitor admin priviliges does not have full access to the host computer; they only have access to the PHP Server Monitor database server. Also, because Php-Server-Mon-Sys is constructed using Docker containers, there is another layer of isolation from malicious activity by intruders. A black-hat hacker may gain admin-level access to your host computer, acquired by other means, perhaps due to other lax security practices, but the risk is exceedingly small from an unmodified Php-Server-Mon-Sys installation.

As it stands now, you must decide for yourself what is the risk and downside to which you are exposing yourself by logging into Php-Server-Mon-Sys over any untrusted network, especially the Internet. The consequences for personal and non-mission critical use are probably not dire, amounting to someone possibly vandalizing the server history data in the database, which could be recovered from a backup. On the other hand, if, for example, I sold monitoring services to customers, I would not allow logging into Php-Server-Mon-Sys over the Internet, only "localhost".

PHP Server Monitor Server History Data Update Intervals: Cron

The interval at which monitored server histories are updated is determined by a PHP script which is executed periodically. The service which executes the script is Cron, an ubiquitous Linux service which is responsible for executing programs on a schedule. This task of executing a program periodically is known as a cron job. Cron jobs are specified by creating a file which contains one or more job descriptors. This type of file is known as a crontab, (Cron table), file.

In Php-Server-Mon-Sys, a cron job which updates server histories data is run inside the PHP-FPM container. This cron job is started automatically when the Php-Server-Mon-Sys system is started, (using docker-compose up -d). The crontab file which contains the job descriptor needed by Cron is named etc-cron.d-tab-for-phpfpm.txt, (located in the home ./php-fpm/ sub-directory).

The interval specified in the crontab file determines how frequently the monitored servers are probed. The default interval is every 3 minutes. You may change the interval, by editing the crontab file. One way of editing the crontab file is by using the following command to open the file in an editor named nano:

  $ nano ./php-fpm/etc-cron.d-tab-for-phpfpm.txt

The default job descriptor is:

*/3 * * * * root /usr/bin/php /var/www/public/cron/status.cron.php

Above, the "/3" after the asterisk tells Cron to execute, (every 3 minutes), the PHP code which monitors servers. You may change that number to, e.g., "/5" or "/15", or some other number of minutes, 2 through 59. If you want the history updated every minute, do not use "/1"; instead, use asterisk (*) by itself, that is, simply delete the "/3".

After editing the etc-cron.d-tab-for-phpfpm.txt file, the PHP-FPM Docker container image must be rebuilt, and then Php-Server-Mon-Sys restarted. Do so using the following commands:

  $ ./build-php-fpm.sh   # execute this from the PSMS Home directory

  $ docker-compose up -d  # restart the Php-Server-Mon-Sys system

For more information about Cron, see:

https://en.wikipedia.org/wiki/Cron
Managing The PHP Server Monitor Database

The PHP Server Monitor database is a MySQL database. As such, it may be managed by using the appropriate MySQL-compatible software tools, such as the mysql client program. However, there is an important caveat to keep in mind; Php-Server-Mon-Sys Docker containers are configured to communicate with each other over their own private IP network. The Php-Server-Mon-Sys Docker container which provides the MySQL database service accepts connections only from clients on the Docker container group's private IP network.

The example commands below which use the the mysql client work because the mysql client is running in a Docker container, on the same host as the PHP Server Mon Sys containers. When it starts, that container becomes a member of the Docker container group's private IP network.

In order to use the mysql client to access the MySQL server, you must first discover the MySQL database container's private IP address. To discover it, use the following commands:

$ docker ps -a | grep mysql

result is similar to:

  203942ceb32d    mysql:5.7.7    "/entrypoint.sh mysql"   ...   phpservermonsysmaster_db_1

Note the CONTAINER ID. To discover the IP address of that container, use the following command:

$ docker inspect -f "{{ .NetworkSettings.IPAddress }}" 203942ceb32d # use your CONTAINER ID

result is similar to:

  172.17.2.109

The command below pulls and temporarily loads a mysql Docker container for use as a MySQL client. After exiting the mysql> prompt, the temporary MySQL client container is automatically discarded.

The following instructions assume you are already familiar with MySQL commands and operation procedures.

Enter the following command. Substitute the MySQL server Docker container IP address which you discovered above as the IP address value. The default port address is 3306 :

  $ docker run -it --rm mysql sh -c 'exec mysql -h"172.17.2.109" -P"3306" -uroot -p"mysecretpassword"'

  result is similar to:

            .
            .
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    mysql>

The text "mysql>" is a command prompt, waiting for you to enter MySQL commands:

  mysql> show databases;

    result:

      +--------------------+
      | Database           |
      +--------------------+
      | information_schema |
      | mysql              |
      | performance_schema |
      | phpservermon       |
      | sys                |
      +--------------------+
      5 rows in set (0.05 sec)

  mysql> use phpservermon;

    result:

      Database changed

  mysql> show tables;

    result:

      +------------------------+
      | Tables_in_phpservermon |
      +------------------------+
      | psm_config             |
      | psm_log                |
      | psm_servers            |
      | psm_servers_history    |
      | psm_servers_uptime     |
      | psm_users              |
      | psm_users_preferences  |
      | psm_users_servers      |
      +------------------------+
      8 rows in set (0.00 sec)

For more information about using the MySQL command line program, see:

http://dev.mysql.com/doc/refman/5.6/en/mysql.html

When ready to exit the mysql client, enter:

mysql> exit;
NGINX Server Configuration

Though unlikely to be necessary, you may make changes to the NGINX server configuration by editing the vhost.conf file, located in the home ./nginx/ sub-directory. After editing this file, for any changes to take effect, Php-Server-Mon-Sys must be restarted, using the command:

  $ docker-compose up -d
PHP-FPM Server Configuration

Though unlikely to be necessary, you may make changes to the PHP-FPM server configuration by editing the php-fpm.conf and php.ini files, located in the ./php-fpm/ sub-directory. After editing these files, you must restart the Php-Server-Mon-Sys system as described above for any changes to take effect.

Miscellaneous Utility Scripts

Several simple utility BASH scripts are available in the Php-Server-Mon-Sys home sub-directory. When using them, ensure they are invoked as BASH shell scripts typically are, e.g., ./build-psms.sh, (note the leading "./"). The scripts are safe to use only from within the Php-Server-Mon-Sys Home directory; when using them, be sure the present working directory is the Php-Server-Mon-Sys home sub-directory. If they are invoked outside this sub-directory, they will at best fail, or at worst possibly produce undesirable side effects.

  • dbash.sh - Executes a BASH shell on a running Docker container. To use it:

    $ docker ps -a # shows a list of running containers. Note a CONTAINER ID...

    result:
    
        CONTAINER ID        IMAGE        ... etc
    
        7587be7d4eed        nginx:1.9.2  ... etc
    

    $ ./dbash.sh 7587be7d4eed # execute a BASH shell on CONTAINER ID

    result:
    
        root@7587be7d4eed:/#
    

    Where "root@7587be7d4eed:/#" indicates a prompt from within the running Docker container. The prompt is not running on a true terminal in the container, so program screen output functionality is limited. However, it is useful enough for exploration inside the operating container, and troubleshooting if necessary. In the event you need to use, for example, a text viewer or editor, such as less or nano, set the TERM environment variable using the following command, (on the container, using the container's executing shell, not on the host):

      $ export TERM=xterm
    
  • build-php-fpm.sh - very seldom used. Prevents having to remember arcanum

Backing Up Php-Server-Mon-Sys

The entire Php-Server-Mon-Sys Home directory, including the MySQL database, may be backed-up into a single .tar.gz file. To do so, use the provided BASH script command:

  $ sudo ./backup-psms.sh  # sudo or equivalent superpower is required

The backup script temporarily stops the operation of Php-Server-Mon-Sys, but operation is re-started automatically at the end of the backup operation. If a re-start is not desired, stop it manually using:

  $ docker-compose stop

The backup file has a name similar to the following. The date and time of backup are added to filename during backup:

php-server-mon-sys.2015.0716.2256.tar.gz

Restoring Php-Server-Mon-Sys From A Backup file

To restore Php-Server-Mon-Sys from a back-up file created as described above, perform the following procedure:

  • Create a directory to be Php-Server-Mon-Sys Home. The name may be any you choose. As an example:

    $ mkdir php-server-mon-sys  # same as it ever was
    
    $ cd php-server-mon-sys
    
  • Place the backup .tar.gz file here in the present working directory, (which is the new Php-Server-Mon-Sys Home). Use the following command to restore Php-Server-Mon-Sys, e.g.:

    $ sudo tar -zxvf ./php-server-mon-sys.2015.0716.2256.tar.gz
    

    When tar execution is complete, the Php-Server-Mon-Sys Home directory contents is similar to:

    drwxrwx--- 3 user  group    4.0K Jul 16 13:26 mysql
    drwxrwx--- 2 user  group    4.0K Jul 16 13:21 nginx
                          .
                          .
    -rw-rw-r-- 1 user  group     12K Jul  4 01:24 LICENSE
    -rw-rw-r-- 1 user  group     19K Jul 16 22:32 README.md
    
  • To start Php-Server-Mon-Sys operation, enter the following commands:

    $ ./build-psms.sh   # build Docker container images
    
    $ docker-compose up -d  # start operation
    

At this point, resuming use of Php-Server-Mon-Sys is very similar to the procedure described in the section above titled, PHP Server Monitor Initialization. Refer to that section. At one point a page is displayed which displays:

"We have discovered a previous version. In the next step we will upgrade your database to the latest version".

This is normal for a restored Php-Server-Mon-Sys system. Choose UPGRADE TO 3.1.1. Continue and LOG IN. The Php-Server-Mon-Sys continues normal operation per its configuration as when backed up.

How To Uninstall Php-Server-Mon-Sys

To completely remove Php-Server-Mon-Sys, perform the following procedure:

  • Remove the running Docker containers:

    $ docker-compose stop # gracefully shut down the Docker containers

    $ docker-compose rm # unload the Docker containers

  • Delete the Php-Server-Mon-Sys Home directory. It is necessary to use sudo or otherwise have superuser permissions in order to delete the MySQL database.

  • After deleting the home directory, you may remove the unnecessary Docker images from the local Docker image repository, in order to reclaim the storage space:

    • Discover the local Docker images using the command:

      $ docker images

      Their names are mysql, nginx, and temp/php-fpm-psm. Note their IMAGE IDs.

    • One by one, remove the images from the Docker image repository using the command:

      $ docker rmi IMAGE ID.

If you inadvertently uninstall Php-Server-Mon-Sys without first using the docker-compose rm command, you may manually "clean up" the orphaned Docker containers by using Docker commands:

  • Discover the orphaned Docker containers by using the command:

    $ docker ps -a  # note the _CONTAINER IDs_
    
  • Remove the Docker containers by using the command:

    $ docker rm -f <CONTAINER ID>
    

See the Docker documentation for details.

Support

For questions and other support which are specific to PHP Server Monitor, please see PHP Server Monitor documentation and forum:

For general questions which are specific to Php-Server-Mon-Sys, (installation, configuration, container use/management, etc), you may send email to:

To request improved features, report bugs, or submit other software issues about Php-Server-Mon-Sys, please visit Php-Server-Mon-Sys project's Issues page on GitHub:

Contribute To This Project

Please feel free to submit pull requests for improvements to this project. The following comments are to potential contributors.

There are a number of project goals and requirements to be considered.

The Several Types And Needs Of Users

The dashboard User is not the only intended user of Php-Server-Mon-Sys. Any service (Ops) Admin is also an important User. Making the admin's job easier is one of the project's goals. Likewise, any Developer on this project is another important User; making the developer's job easier and more productive is also one of the goals of this project. Those goals make this project a DevOps-oriented project.

Technical Design and Implementation Considerations

Before submitting pull requests, please familiarize yourself with at least basic DevOps goals and strategies, and especially learn the advantages (and pitfalls) of implementation "the Docker way".

Among others, please learn and take advantage of the following principles and tactics. These help with long-term goals, and are already a part of this project's implementation, in one form or another. Areas where this project does not already comply with these goals are the areas which will be given priority for pull requests:

  • Simplification, in any way, which also satisfies the criterion listed below
  • Security: make worthwhile continuing attempts to reduce the attack surface of the system
  • Rugged Design: Fault-tolerant behaviors
  • RESTful APIs/Behavior: stateless. A sense of Idempotence applies here
  • Ephemeral compute instances: complimentary or coincident to RESTful
  • Microservices Architecture: Object Oriented, Domain Driven Design

Desirable Simplification also includes those improvements which make the architecture or codebase easier to understand and modify in the future, such as refactoring.

Other Requirements

Note that Php-Server-Mon-Sys has been deployed to several private-hardware hosts running Ubuntu 14.04. It has also been deployed to EC2 instances on Amazon Web Services, and to a Droplet on Digital Ocean. That type of deployment portability is an important requirement of this project.

Low-Threat Security Alert

Today, June 20, 2016, I learned of an exploit to which PHP Server Monitor 3.1.1 may be vulnerable. I have not confirmed PHP Server Monitor 3.1.1 is in fact vulnerable to this type of exploit, but I will attempt to confirm it myself, soon.

The claimed exploit is of a type known as a Cross Site Request Forgery, (CSRF), which possibly allows scripts on an arbitrary website to gain admin access to PHP Server Monitor. In order to be successful in its attempt to gain PHP Server Monitor admin access, the exploit requires that a user be logged in as a PHP Server Monitor admin, then subsequently visit a website which contains scripts designed specificially to perform unauthorized management of a PHP Server Monitor. This means the CSRF script could possibly perform any tasks a PHP Server Monitor Admin could, such as create new users or admins, create new servers to monitor, change settings used for monitoring any server, (such as the domain-names/IP-addresses/ports/email-addrs), and delete server names from the list of servers to monitor, (which deletes their history data).

The gist is, IF you are logged into PHP Server Monitor as an ADMIN, AND you subsequently visit a website which has a CSRF script specifically designed to "attack" a PHP Server Monitor, AND you click on a link on that website which allows execution of the "attack" script, THEN a malicious script can possibly vandalize the PHP Server Monitor database.

It does not mean the author of those scripts can use this exploit to "root" the PHP Server Monitor host computer.

It does mean that you should take seriously the responsibility of periodically backing up your PHP Server Monitor database.

I will update this notice as I find out more information.

Update March 30, 2017 : I have no new information about the subject above.

Etc

Licensed under Apache 2.0 License.

Copyright © 2017 Rex Addiscentis