├── .dockerignore ├── .gitignore ├── Dockerfile ├── Dockerfile.arm32v7 ├── Dockerfile.arm64v8 ├── LICENSE ├── MYSQL.md ├── README.md ├── docker-compose.yml ├── hooks ├── post_checkout └── pre_build ├── post_install ├── etc │ ├── cron.d │ │ └── librenms │ ├── librenms │ │ ├── cron │ │ │ ├── snmp-scan │ │ │ └── weathermap │ │ └── syslog │ │ │ ├── librenms.syslog.conf │ │ │ └── syslog.conf.php │ ├── my_init.d │ │ ├── librenms_000_start │ │ ├── librenms_010_environment │ │ ├── librenms_011_early_permissions │ │ ├── librenms_012_mounts │ │ ├── librenms_100_cron │ │ ├── librenms_101_ssl │ │ ├── librenms_102_ipv6 │ │ ├── librenms_103_timezone │ │ ├── librenms_104_php_fpm │ │ ├── librenms_200_librenms_config │ │ ├── librenms_201_create_default_files │ │ ├── librenms_220_optional_services │ │ ├── librenms_221_syslog │ │ ├── librenms_290_daily │ │ ├── librenms_900_permissions │ │ └── librenms_999_finish │ ├── nginx │ │ ├── dhparam.pem │ │ ├── nginx.conf │ │ ├── sites-available │ │ │ └── librenms.https │ │ └── sites-enabled │ │ │ └── librenms.http │ ├── php │ │ └── 8.3 │ │ │ ├── cli │ │ │ └── conf.d │ │ │ │ └── 90-include-path.ini │ │ │ └── fpm │ │ │ ├── conf.d │ │ │ ├── 90-include-path.ini │ │ │ ├── 91-opcache.ini │ │ │ └── 99-no-memory-limit.ini │ │ │ └── pool.d │ │ │ └── www.conf │ ├── runit │ │ └── runsvdir │ │ │ └── default │ │ │ ├── librenms-service │ │ │ └── run │ │ │ ├── nginx │ │ │ └── run │ │ │ ├── php-fpm │ │ │ └── run │ │ │ ├── rrdcached │ │ │ └── run │ │ │ └── snmptrapd │ │ │ └── run │ └── snmp │ │ └── snmptrapd.conf ├── opt │ └── librenms │ │ ├── conf.d │ │ └── .gitkeep │ │ ├── conf.internal.d │ │ └── .gitkeep │ │ └── config.php └── usr │ └── local │ └── bin │ ├── create_admin │ ├── create_user │ ├── generate_key │ ├── set_acls │ ├── set_owner_and_mode │ ├── set_permissions │ ├── set_permissions_basic │ ├── setup_database │ └── setup_fresh_database └── pre_install └── build └── install /.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !post_install 3 | !pre_install 4 | !qemu* 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | .DS_Store 3 | Thumbs.db 4 | .settings 5 | .project 6 | nbproject 7 | !.gitignore 8 | docker-persistence 9 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM jarischaefer/baseimage-librenms:4.2 2 | 3 | EXPOSE 80 443 4 | 5 | ENV TZ=UTC \ 6 | RRDCACHED_LISTEN=unix:/var/run/rrdcached/rrdcached.sock \ 7 | RRDCACHED_CONNECT=unix:/var/run/rrdcached/rrdcached.sock \ 8 | SNMP_SCAN_CRON="0 0 * * *" \ 9 | WEATHERMAP_CRON="*/5 * * * *" \ 10 | POLLERS=8 \ 11 | POLLERS_CRON="*/5 * * * *" \ 12 | INSTALL=false \ 13 | PHP_FPM_WORKERS_MIN=1 \ 14 | PHP_FPM_WORKERS_MAX=4 15 | 16 | ADD pre_install / 17 | 18 | RUN chmod +x /build/install && /build/install && rm -r /build 19 | 20 | ADD post_install / 21 | 22 | RUN chmod -R +x /etc/my_init.d /etc/service /usr/local/bin && \ 23 | find /opt/librenms \( ! -user librenms -o ! -group librenms \) | xargs -L25 -r chown -h librenms:librenms && \ 24 | chmod 644 /etc/cron.d/* /etc/librenms/cron/* 25 | 26 | VOLUME ["/opt/librenms/logs", "/opt/librenms/rrd", "/opt/librenms/storage"] 27 | VOLUME ["/opt/librenms/html/plugins/Weathermap/configs", "/opt/librenms/html/plugins/Weathermap/output"] 28 | VOLUME ["/etc/nginx/ssl", "/var/log/nginx"] 29 | -------------------------------------------------------------------------------- /Dockerfile.arm32v7: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/arm32v7 jarischaefer/baseimage-librenms:4.2-arm32v7 2 | ADD qemu-arm-static /usr/bin 3 | 4 | EXPOSE 80 443 5 | 6 | ENV TZ=UTC \ 7 | RRDCACHED_LISTEN=unix:/var/run/rrdcached/rrdcached.sock \ 8 | RRDCACHED_CONNECT=unix:/var/run/rrdcached/rrdcached.sock \ 9 | SNMP_SCAN_CRON="0 0 * * *" \ 10 | WEATHERMAP_CRON="*/5 * * * *" \ 11 | POLLERS=8 \ 12 | POLLERS_CRON="*/5 * * * *" \ 13 | INSTALL=false \ 14 | PHP_FPM_WORKERS_MIN=1 \ 15 | PHP_FPM_WORKERS_MAX=4 16 | 17 | ADD pre_install / 18 | 19 | RUN chmod +x /build/install && /build/install && rm -r /build 20 | 21 | ADD post_install / 22 | 23 | RUN chmod -R +x /etc/my_init.d /etc/service /usr/local/bin && \ 24 | find /opt/librenms \( ! -user librenms -o ! -group librenms \) | xargs -L25 -r chown -h librenms:librenms && \ 25 | chmod 644 /etc/cron.d/* /etc/librenms/cron/* 26 | 27 | VOLUME ["/opt/librenms/logs", "/opt/librenms/rrd", "/opt/librenms/storage"] 28 | VOLUME ["/opt/librenms/html/plugins/Weathermap/configs", "/opt/librenms/html/plugins/Weathermap/output"] 29 | VOLUME ["/etc/nginx/ssl", "/var/log/nginx"] 30 | -------------------------------------------------------------------------------- /Dockerfile.arm64v8: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/arm64v8 jarischaefer/baseimage-librenms:4.2-arm64v8 2 | ADD qemu-aarch64-static /usr/bin 3 | 4 | EXPOSE 80 443 5 | 6 | ENV TZ=UTC \ 7 | RRDCACHED_LISTEN=unix:/var/run/rrdcached/rrdcached.sock \ 8 | RRDCACHED_CONNECT=unix:/var/run/rrdcached/rrdcached.sock \ 9 | SNMP_SCAN_CRON="0 0 * * *" \ 10 | WEATHERMAP_CRON="*/5 * * * *" \ 11 | POLLERS=8 \ 12 | POLLERS_CRON="*/5 * * * *" \ 13 | INSTALL=false \ 14 | PHP_FPM_WORKERS_MIN=1 \ 15 | PHP_FPM_WORKERS_MAX=4 16 | 17 | ADD pre_install / 18 | 19 | RUN chmod +x /build/install && /build/install && rm -r /build 20 | 21 | ADD post_install / 22 | 23 | RUN chmod -R +x /etc/my_init.d /etc/service /usr/local/bin && \ 24 | find /opt/librenms \( ! -user librenms -o ! -group librenms \) | xargs -L25 -r chown -h librenms:librenms && \ 25 | chmod 644 /etc/cron.d/* /etc/librenms/cron/* 26 | 27 | VOLUME ["/opt/librenms/logs", "/opt/librenms/rrd", "/opt/librenms/storage"] 28 | VOLUME ["/opt/librenms/html/plugins/Weathermap/configs", "/opt/librenms/html/plugins/Weathermap/output"] 29 | VOLUME ["/etc/nginx/ssl", "/var/log/nginx"] 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Jari Schäfer 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /MYSQL.md: -------------------------------------------------------------------------------- 1 | If you don't have an existing MySQL instance running then you can use docker to create one (replace supersecret with your own password): 2 | 3 | ```bash 4 | docker run \ 5 | --name librenms-mysql \ 6 | -d \ 7 | -e MYSQL_ROOT_PASSWORD=secret \ 8 | -p 127.0.0.1:3306:3306 \ 9 | -v /my/persistent/directory/mysql:/var/lib/mysql \ 10 | mysql:5.6 11 | ``` 12 | 13 | Now you need to create a user and the database (replace supersecret with your root password and secret with the password you will use within your librenms container): 14 | 15 | ```bash 16 | mysql --host=127.0.0.1 --user=root -psecret -e "create database librenms;" 17 | mysql --host=127.0.0.1 --user=root -psecret -e "GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'%' IDENTIFIED BY 'secret';" 18 | ``` 19 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | docker-librenms 2 | --- 3 | 4 | ***Docker image for LibreNMS*** 5 | 6 | --- 7 | > :warning: **This document refers to the master branch and does not necessarily correspond to the version that you are running.** 8 | It is recommended to extract the readme from your preferred release's source code archive. 9 | Releases are listed on the [Releases page](https://github.com/jarischaefer/docker-librenms/releases). 10 | 11 | --- 12 | 13 | # About 14 | 15 | docker-librenms is a customizable Docker image for [LibreNMS](http://www.librenms.org/) based on Ubuntu. 16 | 17 | The container runs nginx 1.18+ with HTTP/2 support and PHP 8.3 FPM with [OPCache](http://php.net/manual/en/book.opcache.php) 18 | and [rrdcached](https://oss.oetiker.ch/rrdtool/doc/rrdcached.en.html) for maximum performance. 19 | 20 | > :warning: ARM support is experimental, see [here](https://github.com/jarischaefer/docker-librenms/issues/114) for more details. 21 | 22 | --- 23 | 24 | # Initial setup 25 | 26 | ## 1.1. Generating an encryption key 27 | 28 | You must first generate a unique encryption key. 29 | 30 | **Generating the key** 31 | 32 | docker run --rm jarischaefer/docker-librenms generate_key 33 | 34 | **Output example** 35 | 36 | base64:Q0+ZV56/5Uwz79vsvS4ZfwQFOty3e9DJEouEy+IXvz8= 37 | 38 | > :warning: Make sure you keep the key secret, because anyone in possession of it can decrypt sensitive data. 39 | 40 | ## 1.2. Passing the encryption key 41 | 42 | There are currently two methods to pass the encryption key to LibreNMS. Make sure to include the full key (including `base64:`) 43 | regardless of the method used. 44 | 45 | ### 1.2.1. Passing the key directly via environment variable 46 | 47 | The key can be passed via the `APP_KEY` environment variable in the `docker run` command. 48 | 49 | **Example** 50 | 51 | The following command is incomplete and only illustrates passing an environment variable: 52 | 53 | docker run -e APP_KEY=base64:Q0+ZV56/5Uwz79vsvS4ZfwQFOty3e9DJEouEy+IXvz8= jarischaefer/docker-librenms 54 | 55 | ### 1.2.2. Passing the key via a secret file 56 | 57 | Alternatively, you may use the `APP_KEY_FILE` environment variable and mount the secret as a file inside the container. 58 | You must first create the file on the host and only then start the container (otherwise Docker creates and mounts a directory instead of a file). 59 | 60 | **Example** 61 | 62 | The following command is incomplete and only illustrates passing an environment variable and mounting a file: 63 | 64 | docker run -e APP_KEY_FILE=/mount/secret_key -v /path/on/host/secret_key:/mount/secret_key 65 | 66 | ## 2.1. Database - Prerequisites 67 | 68 | If you don't have a MySQL server setup either in Docker or elsewhere then you can create a docker container [here](MYSQL.md). 69 | 70 | You should read the [LibreNMS installation docs](https://docs.librenms.org/Installation/Install-LibreNMS/) 71 | for the latest instructions regarding database setup. 72 | 73 | As of July 2020, the following settings are required (should apply to both MariaDB and MySQL): 74 | ``` 75 | innodb_file_per_table=1 76 | lower_case_table_names=0 77 | ``` 78 | 79 | ## 2.2. Database - Creating LibreNMS tables 80 | 81 | You should have a MySQL server running at this point. Make sure the database, user and permissions exist before running the commands. 82 | 83 | Next, follow the instructions for [running the container](#running-the-container). 84 | Once the container is up and running, you may use the following commands to populate the database and create an admin user. 85 | 86 | **Creating the tables** 87 | 88 | docker exec librenms setup_database 89 | 90 | ## 3.1. LibreNMS - Adding users 91 | 92 | **Creating an initial admin user** 93 | 94 | docker exec librenms create_admin 95 | 96 | This creates a user with the following properties: 97 | 98 | * User: admin 99 | * Password: admin 100 | * Role: admin 101 | * E-Mail: admin@example.com 102 | 103 | **Creating a custom user** 104 | 105 | docker exec librenms create_user user password role email 106 | 107 | Example: 108 | 109 | docker exec librenms create_user admin secret admin admin@example.com 110 | docker exec librenms create_user joe secret normal normal@example.com 111 | docker exec librenms create_user read secret global-read read@example.com 112 | 113 | --- 114 | 115 | # Running the container 116 | 117 | The examples below do not cover all of the available configuration options, check the appropriate section in the docs for a complete list. 118 | 119 | ## Linked database container 120 | 121 | In the example below the linked container is named `my-database-container` and its alias inside the container is `database`. 122 | Make sure `my-database-container` matches the MySQL container's name and `DB_HOST` matches its alias inside the container if you intend 123 | to modify it. 124 | 125 | docker run \ 126 | -d \ 127 | -h librenms \ 128 | -p 80:80 \ 129 | -e APP_KEY=the_secret_key_you_have_generated \ 130 | -e DB_HOST=database \ 131 | -e DB_NAME=librenms \ 132 | -e DB_USER=librenms \ 133 | -e DB_PASS=secret \ 134 | -e BASE_URL=http://localhost \ 135 | --link my-database-container:database \ 136 | -v /data/logs:/opt/librenms/logs \ 137 | -v /data/rrd:/opt/librenms/rrd \ 138 | --name librenms \ 139 | jarischaefer/docker-librenms 140 | 141 | ## Remote database 142 | 143 | docker run \ 144 | -d \ 145 | -h librenms \ 146 | -p 80:80 \ 147 | -e APP_KEY=the_secret_key_you_have_generated \ 148 | -e DB_HOST=x.x.x.x \ 149 | -e DB_NAME=librenms \ 150 | -e DB_USER=librenms \ 151 | -e DB_PASS=secret \ 152 | -e BASE_URL=http://localhost \ 153 | -v /data/logs:/opt/librenms/logs \ 154 | -v /data/rrd:/opt/librenms/rrd \ 155 | --name librenms \ 156 | jarischaefer/docker-librenms 157 | 158 | ## SSL 159 | 160 | Mount another directory containing `ssl.key`, `ssl.crt` and optionally `ssl.ocsp.crt` to enable HTTPS. 161 | You'll also have to change `BASE_URL` and add `SESSION_SECURE_COOKIE=true`. 162 | 163 | docker run \ 164 | -d \ 165 | -h librenms \ 166 | -p 80:80 \ 167 | -p 443:443 \ 168 | -e APP_KEY=the_secret_key_you_have_generated \ 169 | -e DB_HOST=database \ 170 | -e DB_NAME=librenms \ 171 | -e DB_USER=librenms \ 172 | -e DB_PASS=secret \ 173 | -e BASE_URL=https://localhost \ 174 | --link my-database-container:database \ 175 | -v /data/logs:/opt/librenms/logs \ 176 | -v /data/rrd:/opt/librenms/rrd \ 177 | -v /data/ssl:/etc/nginx/ssl:ro \ 178 | --name librenms \ 179 | jarischaefer/docker-librenms 180 | 181 | --- 182 | 183 | # Updating the container 184 | 185 | Updating an existing installation requires updating both the image and the database. 186 | 187 | ## 1.1. Image update - Pulling a new version 188 | 189 | 1. Pick a release from the [Releases page](https://github.com/jarischaefer/docker-librenms/releases) 190 | 2. Run `docker pull jarischaefer/docker-librenms:{release}` 191 | 3. Restart your container using the new version 192 | 4. Follow the steps for database updates 193 | 194 | ## 1.2. Database update 195 | 196 | Automatic database updates are the most convenient solution for single-container setups. 197 | 198 | ## 1.2.1. Manual database updates (safe) 199 | 200 | Run `docker exec librenms setup_database`. 201 | 202 | ## 1.2.2. Automatic database updates (potentially unsafe) 203 | 204 | If you would like to update the database automatically on startup, you may pass `DAILY_ON_STARTUP=true`. 205 | Keep in mind that restarting more than one container simultaneously could result in concurrency issues and damage your database. 206 | 207 | The LibreNMS implementation (as of October 2018) uses a distributed lock via memcache to avoid this scenario. 208 | Therefore, if all containers share the same memcache instance, concurrent restarts would be safe. 209 | 210 | --- 211 | 212 | # Configuration 213 | 214 | > :warning: The container must be stopped, removed and subsequently restarted in order for configuration changes to take effect. 215 | 216 | The following keys can be passed directly via the `-e` switch: 217 | 218 | ## Basic configuration 219 | 220 | | Key | Default | Description | 221 | |---------------------|---------|------------------------------------------------------| 222 | | APP_KEY | | Secret encryption key | 223 | | APP_KEY_FILE | | Secret encryption key via file/secret | 224 | | BASE_URL | | Base URL for LibreNMS (e.g. http://192.168.0.1:8080) | 225 | | DB_HOST | | MySQL IP or hostname | 226 | | DB_PORT | 3306 | MySQL port | 227 | | DB_NAME | | MySQL database name | 228 | | DB_USER | | MySQL user | 229 | | DB_PASS | | MySQL password | 230 | | DB_PASS_FILE | | MySQL password via secret | 231 | | TZ | UTC | Timezone (e.g. Europe/Zurich) | 232 | | PUID | | User ID | 233 | | PGID | | Group ID | 234 | | PHP_FPM_WORKERS_MIN | 1 | Minimum number of PHP-FPM workers | 235 | | PHP_FPM_WORKERS_MAX | 4 | Maximum number of PHP-FPM workers | 236 | 237 | ## Enabling/disabling container features 238 | 239 | | Key | Default | Description | 240 | |-------------------------|----------------------------------------|-------------------------------------------------------------------------------------| 241 | | DISABLE_IPV6 | false | Disable nginx IPv6 socket | 242 | | MEMCACHED_ENABLE | false | Enable memcached | 243 | | MEMCACHED_HOST | | memcached IP or hostname | 244 | | MEMCACHED_PORT | 11211 | memcached port | 245 | | NGINX_ENABLE | true | Enable nginx | 246 | | PHPFPM_ENABLE | true | Enable PHP-FPM | 247 | | RRDCACHED_ENABLE | true | Enable rrdcached | 248 | | RRDCACHED_CONNECT | unix:/var/run/rrdcached/rrdcached.sock | rrdcached TCP or unix socket where LibreNMS connects to | 249 | | RRDCACHED_LISTEN | unix:/var/run/rrdcached/rrdcached.sock | rrdcached TCP or unix socket where rrdcached listens on | 250 | | SKIP_CHOWN | false | Disable (slow) `chown`ing of files at startup (might help with network storage) | 251 | | SNMPTRAPD_ENABLE | false | Enable [SNMP Trap Handler](https://docs.librenms.org/Extensions/SNMP-Trap-Handler/) | 252 | | SNMPTRAPD_MIBS | IF-MIB | Passed to snmptrapd via `-m` | 253 | | SNMPTRAPD_MIBDIRS | /opt/librenms/mibs | Passed to snmptrapd via `-M` | 254 | | LIBRENMS_SERVICE_ENABLE | false | Enable librenms-service.py | 255 | | LIBRENMS_SERVICE_OPTS | "" | Options for librenms-service.py (e.g. `-v`) | 256 | 257 | ## Enabling/disabling LibreNMS features 258 | 259 | > :warning: Some values must be wrapped in quotation marks (e.g. cron schedule). 260 | 261 | | Key | Default | Description | 262 | |--------------------------|---------------|--------------------------------------------------------------------------------------------------------| 263 | | ALERTS_ENABLE | true | Enable LibreNMS alerts | 264 | | BILLING_CALCULATE_ENABLE | true | Enable LibreNMS billing calculation | 265 | | CHECK_SERVICES_ENABLE | true | Enable LibreNMS service checks | 266 | | DAILY_ENABLE | true | Enable LibreNMS daily script | 267 | | DAILY_ON_STARTUP | false | Enable LibreNMS daily script on startup | 268 | | DISCOVERY_ENABLE | true | Enable LibreNMS discovery | 269 | | DISCOVERY_THREADS | 1 | Number of threads for discovery | 270 | | ENABLE_SYSLOG | false | Enable LibreNMS syslog ([see here](#syslog)) | 271 | | POLL_BILLING_ENABLE | true | Enable LibreNMS billing polling | 272 | | POLLERS_ENABLE | true | Enable LibreNMS polling | 273 | | POLLERS | 8 | Number of LibreNMS pollers | 274 | | POLLERS_CRON | "*/5 * * * *" | Cron schedule for pollers | 275 | | SNMP_SCAN_ENABLE | false | Enable cron for [snmp-scan](https://docs.librenms.org/#Extensions/Auto-Discovery/#snmp-scan) | 276 | | SNMP_SCAN_CRON | "0 0 * * *" | Cron schedule for snmp-scan | 277 | | WEATHERMAP_ENABLE | false | Enable cron for [weathermap](https://github.com/librenms-plugins/Weathermap) ([see here](#Weathermap)) | 278 | | WEATHERMAP_CRON | "*/5 * * * *" | Cron schedule for weathermap | 279 | 280 | ## Custom configuration 281 | 282 | You may apply custom configuration by mounting files matching 283 | `*.php` in `/opt/librenms/conf.d`. 284 | 285 | In the example below `/data/config.interfaces.php` on the host 286 | is mounted inside the container at `/opt/librenms/conf.d/config.interfaces.php`. 287 | 288 | docker run \ 289 | -d \ 290 | -h librenms \ 291 | -p 80:80 \ 292 | -p 443:443 \ 293 | -e APP_KEY=the_secret_key_you_have_generated \ 294 | -e DB_HOST=database \ 295 | -e DB_NAME=librenms \ 296 | -e DB_USER=librenms \ 297 | -e DB_PASS=secret \ 298 | -e BASE_URL=https://localhost \ 299 | --link my-database-container:database \ 300 | -v /data/logs:/opt/librenms/logs \ 301 | -v /data/rrd:/opt/librenms/rrd \ 302 | -v /data/ssl:/etc/nginx/ssl:ro \ 303 | -v /data/config.interfaces.php:/opt/librenms/conf.d/config.interfaces.php \ 304 | --name librenms \ 305 | jarischaefer/docker-librenms 306 | 307 | **config.interfaces.php** 308 | ``` 309 | /srv/backup.sql` 431 | 432 | **Restoring** 433 | 1. Choose and create a new directory for the data: `mkdir -p /srv/restore` 434 | 2. Copy `docker-compose.yml` or other start-/stop-scripts 435 | 3. Update the paths in `docker-compose.yml` or `docker run` to point to `/srv/restore` 436 | 4. Update the database port on the host `docker-compose.yml` or `docker run`, e.g. `3306` to `3307` 437 | 5. Start the database container. Stop the web container if it is also started 438 | 6. Make sure you can log in from the host to the database container. There should be an empty 439 | `librenms` database, otherwise create it and grant privileges: 440 | `mysql --host=127.0.0.1 --port=3307 --user=librenms -p` 441 | 7. Restore the dump: `cat /srv/backup.sql | mysql --host=127.0.0.1 --port=3307 --user=librenms -p librenms` 442 | 8. Remove any unwanted files: `rm -r /srv/restore/web && mkdir -p /srv/restore/web` 443 | 9. Copy the directory, or extract the archive: `tar -xf /srv/backup.tar -C /srv/restore/web` 444 | 445 | --- 446 | 447 | # Plugins and extensions 448 | 449 | ## Custom Nagios plugins 450 | 451 | Nagios plugins are stored in `/usr/lib/nagios/plugins`. Choose one of the options below if you would like to add new plugins. 452 | See the [corresponding issue](https://github.com/jarischaefer/docker-librenms/issues/125) for more information. 453 | 454 | **Option 1 (recommended)** 455 | 456 | 1. Mount a new directory to `/mount/nagios_plugins`. Example (using Docker CLI): `-v /nagios_plugins:/mount/nagios_plugins` 457 | 2. Copy the new plugins to `/nagios_plugins` on the host 458 | 3. Restart the container and verify that the files exist: `docker exec librenms ls -al /usr/lib/nagios/plugins` 459 | 460 | The container will automatically symlink the contents of `/mount/nagios_plugins` to `/usr/lib/nagios/plugins`. 461 | 462 | **Example** 463 | 464 | ``` 465 | docker exec librenms ls -al /usr/lib/nagios/plugins/check_xyz 466 | 467 | lrwxrwxrwx 1 root root 31 Jan 21 22:19 /usr/lib/nagios/plugins/check_xyz -> /mount/nagios_plugins/check_xyz 468 | ``` 469 | 470 | **Option 2** 471 | 472 | Make sure the plugin (file) exists on the host before starting the container (Docker creates a directory on startup by default). 473 | Each plugin must be mounted individually (`-v` for Docker CLI), for example: `-v /nagios_plugins/check_xyz:/usr/lib/nagios/plugins/check_xyz` 474 | 475 | ## syslog 476 | 477 | These are instructions for the [LibreNMS syslog extension](https://docs.librenms.org/#Extensions/Syslog/). 478 | 479 | * Add `-e ENABLE_SYSLOG=true` to your docker run command 480 | * Add `-p 514:514` and `-p 514:514/udp` to your docker run command 481 | * Configure the remote host whose logs should be gathered (rsyslog example) 482 | * Create /etc/rsyslog.d/60-librenms.conf 483 | * Add `*.* @example.com:514` 484 | 485 | Unfortunately, due to the way Docker works (more specifically, its network modes), the devices and IP addresses 486 | visible in LibreNMS may not be what one would expect. Instead of displaying the host's real IP address, 487 | it is possible that an internal address such as `172.17.0.1` is observed. More information regarding this behavior 488 | can be found in the [corresponding issue](https://github.com/jarischaefer/docker-librenms/issues/120). 489 | 490 | ## Weathermap 491 | 492 | These are instructions for the [LibreNMS weathermap plugin](https://github.com/librenms-plugins/Weathermap). 493 | 494 | The weathermap plugin requires additional mounts to persist its data. 495 | * `/opt/librenms/html/plugins/Weathermap/configs` for the configs 496 | * `/opt/librenms/html/plugins/Weathermap/output` for the generated data 497 | 498 | Make sure you set *Output Image Filename* to `output/example.png` and 499 | *Output HTML Filename* to `output/example.html` in the *Map Properties* 500 | configuration section so the files are persisted in the `output` directory. 501 | 502 | --- 503 | 504 | # License 505 | 506 | This project is open-sourced software licensed under the [MIT license](http://opensource.org/licenses/MIT). 507 | 508 | LibreNMS has its own license, this license only covers the Docker part. 509 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.9' 2 | 3 | services: 4 | web: 5 | image: jarischaefer/docker-librenms 6 | hostname: librenms 7 | ports: 8 | - "80:80" 9 | volumes: 10 | - ./docker-persistence/logs:/opt/librenms/logs 11 | - ./docker-persistence/rrd:/opt/librenms/rrd 12 | environment: 13 | - APP_KEY=base64:7cVDlhFEZ1dyxIuP38Yy72YuXrcGg1ISwAwZ2dKt4Pk= 14 | - DB_HOST=db 15 | - DB_NAME=librenms 16 | - DB_USER=librenms 17 | - DB_PASS=librenms 18 | - POLLERS=16 19 | - BASE_URL=http://localhost 20 | - DAILY_ON_STARTUP=true 21 | links: 22 | - mysql:db 23 | depends_on: 24 | mysql: 25 | condition: service_healthy 26 | mysql: 27 | image: mysql:8.0 28 | command: --sql-mode="" 29 | ports: 30 | - "3306" 31 | volumes: 32 | - ./docker-persistence/mysql:/var/lib/mysql 33 | environment: 34 | - MYSQL_ROOT_PASSWORD=password 35 | - MYSQL_USER=librenms 36 | - MYSQL_PASSWORD=librenms 37 | - MYSQL_DATABASE=librenms 38 | healthcheck: 39 | test: "mysql -h localhost -u root -p$$MYSQL_ROOT_PASSWORD -e 'USE librenms'" 40 | interval: 5s 41 | timeout: 5s 42 | retries: 20 43 | -------------------------------------------------------------------------------- /hooks/post_checkout: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | curl -qsSL "https://github.com/multiarch/qemu-user-static/releases/download/v6.1.0-8/qemu-arm-static.tar.gz" | tar -xz 4 | curl -qsSL "https://github.com/multiarch/qemu-user-static/releases/download/v6.1.0-8/qemu-aarch64-static.tar.gz" | tar -xz 5 | 6 | chmod 755 qemu-arm-static qemu-aarch64-static 7 | -------------------------------------------------------------------------------- /hooks/pre_build: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | docker run --rm --privileged multiarch/qemu-user-static:register --reset 4 | -------------------------------------------------------------------------------- /post_install/etc/cron.d/librenms: -------------------------------------------------------------------------------- 1 | PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 2 | 3 | 33 */6 * * * librenms . /etc/librenms_environment; /opt/librenms/cronic /opt/librenms/discovery-wrapper.py PLACEHOLDER_DISCOVERY_THREADS >> /dev/null 2>&1 4 | */5 * * * * librenms . /etc/librenms_environment; /opt/librenms/discovery.php -h new >> /dev/null 2>&1 5 | PLACEHOLDER_POLLERS_CRON librenms . /etc/librenms_environment; /opt/librenms/cronic /opt/librenms/poller-wrapper.py PLACEHOLDER_POLLERS_THREADS >> /dev/null 2>&1 6 | 15 0 * * * librenms . /etc/librenms_environment; /opt/librenms/daily.sh >> /dev/null 2>&1 7 | * * * * * librenms . /etc/librenms_environment; /opt/librenms/alerts.php >> /dev/null 2>&1 8 | */5 * * * * librenms . /etc/librenms_environment; /opt/librenms/poll-billing.php >> /dev/null 2>&1 9 | 01 * * * * librenms . /etc/librenms_environment; /opt/librenms/billing-calculate.php >> /dev/null 2>&1 10 | */5 * * * * librenms . /etc/librenms_environment; /opt/librenms/check-services.php >> /dev/null 2>&1 11 | * * * * * librenms . /etc/librenms_environment; /opt/librenms/artisan schedule:run --no-interaction --no-ansi >> /dev/null 2>&1 12 | -------------------------------------------------------------------------------- /post_install/etc/librenms/cron/snmp-scan: -------------------------------------------------------------------------------- 1 | PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 2 | 3 | PLACEHOLDER_CRON librenms . /etc/librenms_environment; /opt/librenms/snmp-scan.py >> /dev/null 2>&1 4 | -------------------------------------------------------------------------------- /post_install/etc/librenms/cron/weathermap: -------------------------------------------------------------------------------- 1 | PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 2 | 3 | PLACEHOLDER_CRON librenms . /etc/librenms_environment; /opt/librenms/html/plugins/Weathermap/map-poller.php >> /dev/null 2>&1 4 | -------------------------------------------------------------------------------- /post_install/etc/librenms/syslog/librenms.syslog.conf: -------------------------------------------------------------------------------- 1 | options { 2 | keep-hostname(yes); 3 | }; 4 | 5 | source s_net { 6 | tcp(port(514) flags(syslog-protocol)); 7 | udp(port(514) flags(syslog-protocol)); 8 | }; 9 | 10 | destination d_librenms { 11 | program("/opt/librenms/syslog.php" template ("$HOST||$FACILITY||$PRIORITY||$LEVEL||$TAG||$R_YEAR-$R_MONTH-$R_DAY $R_HOUR:$R_MIN:$R_SEC||$MSG||$PROGRAM\n") template-escape(yes)); 12 | }; 13 | 14 | log { 15 | source(s_net); 16 | destination(d_librenms); 17 | }; 18 | -------------------------------------------------------------------------------- /post_install/etc/librenms/syslog/syslog.conf.php: -------------------------------------------------------------------------------- 1 | > /etc/librenms_environment 13 | fi 14 | } 15 | 16 | echo 'export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' > /etc/librenms_environment 17 | addConfig APP_KEY 18 | addConfig APP_KEY_FILE 19 | addConfig DB_HOST 20 | addConfig DB_PORT 21 | addConfig DB_USER 22 | addConfig DB_PASS 23 | addConfig DB_PASS_FILE 24 | addConfig DB_NAME 25 | addConfig BASE_URL 26 | addConfig MEMCACHED_ENABLE 27 | addConfig MEMCACHED_HOST 28 | addConfig MEMCACHED_PORT 29 | addConfig DISCOVERY_ENABLE 30 | addConfig DISCOVERY_THREADS 31 | addConfig DAILY_ENABLE 32 | addConfig DAILY_ON_STARTUP 33 | addConfig ALERTS_ENABLE 34 | addConfig POLL_BILLING_ENABLE 35 | addConfig BILLING_CALCULATE_ENABLE 36 | addConfig CHECK_SERVICES_ENABLE 37 | addConfig POLLERS_ENABLE 38 | addConfig RRDCACHED_ENABLE 39 | addConfig RRDCACHED_CONNECT 40 | addConfig RRDCACHED_LISTEN 41 | addConfig NGINX_ENABLE 42 | addConfig PHPFPM_ENABLE 43 | addConfig WEATHERMAP_ENABLE 44 | addConfig WEATHERMAP_CRON 45 | 46 | touch "$LOCK_FILE" -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_011_early_permissions: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | # Create a new librenms user and remap it to the given UID 4 | if [ ! -z "$PUID" ]; then 5 | if [ -z "$PGID" ]; then 6 | PGID=${PUID} 7 | fi 8 | 9 | deluser librenms >/dev/null 10 | delgroup www-data librenms >/dev/null 11 | delgroup librenms >/dev/null 12 | groupadd --gid ${PGID} librenms 13 | usermod --append --groups librenms www-data 14 | useradd librenms --gid librenms --home-dir /opt/librenms --system --shell /bin/bash --uid ${PUID} 15 | 16 | # avoids problems when mounting volumes via NFS 17 | set +e 18 | echo "Changing owner and group..." 19 | chown -R librenms:librenms /opt/librenms 20 | fi 21 | 22 | # avoids problems when mounting volumes via NFS 23 | set +e 24 | /usr/local/bin/set_permissions_basic 25 | 26 | exit 0 27 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_012_mounts: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | NAGIOS_PLUGINS_MOUNT=/mount/nagios_plugins 4 | TARGET_DIR=/usr/lib/nagios/plugins 5 | 6 | if [ -d "$NAGIOS_PLUGINS_MOUNT" ]; then 7 | echo "Found directory $NAGIOS_PLUGINS_MOUNT, symlinking all entries to $TARGET_DIR" 8 | find "$NAGIOS_PLUGINS_MOUNT" -maxdepth 1 -mindepth 1 -exec ln -sf '{}' "${TARGET_DIR}/" \; 9 | fi 10 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_100_cron: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | LOCK_FILE=/var/lock/librenms_cron.lock 4 | 5 | if [ -f "$LOCK_FILE" ]; then 6 | exit 0 7 | fi 8 | 9 | if [ "$DISCOVERY_ENABLE" = "false" ]; then 10 | sed -i "/discovery.php/d" /etc/cron.d/librenms 11 | sed -i "/discovery-wrapper.py/d" /etc/cron.d/librenms 12 | else 13 | if [ -z "$DISCOVERY_THREADS" ]; then 14 | DISCOVERY_THREADS=1 15 | fi 16 | sed -i "s/PLACEHOLDER_DISCOVERY_THREADS/$DISCOVERY_THREADS/g" /etc/cron.d/librenms 17 | fi 18 | 19 | if [ "$DAILY_ENABLE" = "false" ]; then 20 | sed -i "/daily.sh/d" /etc/cron.d/librenms 21 | fi 22 | 23 | if [ "$ALERTS_ENABLE" = "false" ]; then 24 | sed -i "/alerts.php/d" /etc/cron.d/librenms 25 | fi 26 | 27 | if [ "$POLL_BILLING_ENABLE" = "false" ]; then 28 | sed -i "/poll-billing.php/d" /etc/cron.d/librenms 29 | fi 30 | 31 | if [ "$BILLING_CALCULATE_ENABLE" = "false" ]; then 32 | sed -i "/billing-calculate.php/d" /etc/cron.d/librenms 33 | fi 34 | 35 | if [ "$CHECK_SERVICES_ENABLE" = "false" ]; then 36 | sed -i "/check-services.php/d" /etc/cron.d/librenms 37 | fi 38 | 39 | if [ "$POLLERS_ENABLE" = "false" ]; then 40 | sed -i "/poller-wrapper.py/d" /etc/cron.d/librenms 41 | else 42 | sed -i "s/PLACEHOLDER_POLLERS_THREADS/$POLLERS/g" /etc/cron.d/librenms 43 | sed -i "s@PLACEHOLDER_POLLERS_CRON@$POLLERS_CRON@g" /etc/cron.d/librenms 44 | fi 45 | 46 | if [ "$SNMP_SCAN_ENABLE" = "true" ]; then 47 | sed -i "s@PLACEHOLDER_CRON@$SNMP_SCAN_CRON@g" /etc/librenms/cron/snmp-scan 48 | ln -sf /etc/librenms/cron/snmp-scan /etc/cron.d/snmp-scan 49 | fi 50 | 51 | if [ "$WEATHERMAP_ENABLE" = "true" ]; then 52 | sed -i "s@PLACEHOLDER_CRON@$WEATHERMAP_CRON@g" /etc/librenms/cron/weathermap 53 | ln -sf /etc/librenms/cron/weathermap /etc/cron.d/weathermap 54 | fi 55 | 56 | touch "$LOCK_FILE" 57 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_101_ssl: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | CONF_FILE=/etc/nginx/sites-available/librenms.https 4 | SSL_CERT=/etc/nginx/ssl/ssl.crt 5 | SSL_KEY=/etc/nginx/ssl/ssl.key 6 | SSL_OCSP=/etc/nginx/ssl/ssl.ocsp.crt 7 | 8 | if [ -f "$SSL_CERT" ] && [ -f "$SSL_KEY" ]; then 9 | if [ -f "$SSL_OCSP" ]; then 10 | sed -i 's/#ssl_trusted_certificate/ssl_trusted_certificate/g' "$CONF_FILE" 11 | fi 12 | 13 | ln -sf "$CONF_FILE" /etc/nginx/sites-enabled/librenms.https 14 | fi 15 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_102_ipv6: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | LOCK_FILE=/var/lock/librenms_ipv6.lock 4 | 5 | if [ -f "$LOCK_FILE" ]; then 6 | exit 0 7 | fi 8 | 9 | if [ -n "$DISABLE_IPV6" ]; then 10 | sed -i 's/listen \[::\]:80/#listen [::]:80/g' /etc/nginx/sites-enabled/librenms.http 11 | sed -i 's/listen \[::\]:443/#listen [::]:443/g' /etc/nginx/sites-available/librenms.https 12 | fi 13 | 14 | touch "$LOCK_FILE" 15 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_103_timezone: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | if [ -n "$TZ" ]; then 4 | ln -snf "/usr/share/zoneinfo/${TZ}" /etc/localtime && echo "$TZ" > /etc/timezone 5 | 6 | if [ ! -f /etc/php/8.3/cli/conf.d/100-timezone.ini ]; then 7 | echo "date.timezone=${TZ}" > /etc/php/8.3/cli/conf.d/100-timezone.ini 8 | fi 9 | 10 | if [ ! -f /etc/php/8.3/fpm/conf.d/100-timezone.ini ]; then 11 | echo "date.timezone=${TZ}" > /etc/php/8.3/fpm/conf.d/100-timezone.ini 12 | fi 13 | fi 14 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_104_php_fpm: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | configFile=/etc/php/8.3/fpm/pool.d/www.conf 4 | 5 | sed -i "s/PLACEHOLDER_MAX_WORKERS/${PHP_FPM_WORKERS_MAX}/g" "$configFile" 6 | sed -i "s/PLACEHOLDER_MIN_WORKERS/${PHP_FPM_WORKERS_MIN}/g" "$configFile" 7 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_200_librenms_config: -------------------------------------------------------------------------------- 1 | #!/bin/bash -eu 2 | # Bash supports the ${!...} construct for indirect variable expansion 3 | 4 | requireConfig () { 5 | if [ -z ${!1:-} ]; then 6 | echo "Error: $1 is unset" >&2 7 | exit 1 8 | fi 9 | } 10 | 11 | if [ -z "${APP_KEY_FILE:-}" ]; then 12 | requireConfig APP_KEY 13 | else 14 | if [ ! -f "$APP_KEY_FILE" ]; then 15 | echo "Error: APP_KEY_FILE not found at ${APP_KEY_FILE}" >&2 16 | exit 1 17 | fi 18 | 19 | APP_KEY=$(head -n 1 "$APP_KEY_FILE" | tr -d ' ') 20 | sed -i '/^APP_KEY=/d' /opt/librenms/.env 21 | echo "APP_KEY=$APP_KEY" >> /opt/librenms/.env 22 | 23 | sed -i '/^export APP_KEY=/d' /etc/librenms_environment 24 | echo "export APP_KEY=\"$APP_KEY\"" >> /etc/librenms_environment 25 | fi 26 | 27 | requireConfig DB_HOST 28 | requireConfig DB_USER 29 | 30 | if [ -z "${DB_PASS_FILE:-}" ]; then 31 | requireConfig DB_PASS 32 | else 33 | if [ ! -f "$DB_PASS_FILE" ]; then 34 | echo "Error: DB_PASS_FILE not found at ${DB_PASS_FILE}" >&2 35 | exit 1 36 | fi 37 | 38 | # Unlike APP_KEY, DB_PASS is loaded inside config.php and therefore not written to .env here 39 | DB_PASS=$(head -n 1 "$DB_PASS_FILE" | tr -d ' ') 40 | sed -i '/^export DB_PASS=/d' /etc/librenms_environment 41 | echo "export DB_PASS=\"$DB_PASS\"" >> /etc/librenms_environment 42 | fi 43 | 44 | requireConfig DB_NAME 45 | requireConfig BASE_URL 46 | 47 | if [[ "$BASE_URL" == https://* ]]; then 48 | sed -i '/^SESSION_SECURE_COOKIE=/d' /opt/librenms/.env 49 | echo "SESSION_SECURE_COOKIE=true" >> /opt/librenms/.env 50 | 51 | sed -i '/^export SESSION_SECURE_COOKIE=/d' /etc/librenms_environment 52 | echo "export SESSION_SECURE_COOKIE=true" >> /etc/librenms_environment 53 | fi 54 | 55 | # Generate Laravel .env file 56 | COMPOSER_PROCESS_TIMEOUT=3600 APP_ENV=local /sbin/setuser librenms composer run-script post-install-cmd -d /opt/librenms 57 | 58 | # Not deleting the directory causes validation errors in LibreNMS 59 | rm -rf /opt/librenms/.composer 60 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_201_create_default_files: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | if [ ! -f /opt/librenms/logs/.gitignore ]; then 4 | cp /opt/helpers/default_files/logs/.gitignore /opt/librenms/logs/.gitignore 5 | fi 6 | 7 | if [ ! -f /opt/librenms/rrd/.gitignore ]; then 8 | cp /opt/helpers/default_files/rrd/.gitignore /opt/librenms/rrd/.gitignore 9 | fi 10 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_220_optional_services: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | LOCK_FILE=/var/lock/librenms_services.lock 4 | 5 | if [ -f "$LOCK_FILE" ]; then 6 | exit 0 7 | fi 8 | 9 | if [ "$RRDCACHED_ENABLE" = "false" ]; then 10 | rm -rf /etc/service/rrdcached 11 | fi 12 | 13 | if [ "$NGINX_ENABLE" = "false" ]; then 14 | rm -rf /etc/service/nginx 15 | fi 16 | 17 | if [ "$PHPFPM_ENABLE" = "false" ]; then 18 | rm -rf /etc/service/php-fpm 19 | fi 20 | 21 | if [ "$SNMPTRAPD_ENABLE" != "true" ]; then 22 | rm -rf /etc/service/snmptrapd 23 | fi 24 | 25 | if [ "$LIBRENMS_SERVICE_ENABLE" != "true" ]; then 26 | rm -rf /etc/service/librenms-service 27 | fi 28 | 29 | touch "$LOCK_FILE" 30 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_221_syslog: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | LOCK_FILE=/var/lock/librenms_syslog.lock 4 | 5 | if [ -f "$LOCK_FILE" ]; then 6 | exit 0 7 | fi 8 | 9 | if [ "$ENABLE_SYSLOG" = "1" ] || [ "$ENABLE_SYSLOG" = "true" ]; then 10 | echo "Enabling syslog" 11 | ln -sf /etc/librenms/syslog/librenms.syslog.conf /etc/syslog-ng/conf.d/librenms.syslog.conf 12 | ln -sf /etc/librenms/syslog/syslog.conf.php /opt/librenms/conf.internal.d/syslog.conf.php 13 | 14 | /usr/bin/kill -HUP $(cat /var/run/syslog-ng.pid) 15 | fi 16 | 17 | touch "$LOCK_FILE" 18 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_290_daily: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | if [ "$DAILY_ON_STARTUP" = "true" ]; then 4 | cd /opt/librenms 5 | /sbin/setuser librenms ./lnms migrate --force --no-interaction 6 | /sbin/setuser librenms ./daily.sh 7 | fi 8 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_900_permissions: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | # avoids problems when mounting volumes via NFS 4 | set +e 5 | 6 | # Don't `chown` if SKIP_CHOWN is set (Useful for NFS mounted shares) 7 | if [ "$SKIP_CHOWN" != "true" ]; then 8 | /usr/local/bin/set_permissions 9 | fi 10 | 11 | exit 0 12 | -------------------------------------------------------------------------------- /post_install/etc/my_init.d/librenms_999_finish: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | touch /var/lock/my_init.lock 4 | 5 | echo "" 6 | echo "\033[0;36m*******************************************************************************\033[0m" 7 | echo "\033[0;36mConfiguration applied, starting webserver and PHP.\033[0m" 8 | echo "\033[0;36m*******************************************************************************\033[0m" 9 | echo "" 10 | -------------------------------------------------------------------------------- /post_install/etc/nginx/dhparam.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIICCAKCAgEAhJMm2xG4581l9U2dE5pHQdI3HEAj8kkQ6g0pDGKp9U8Lvkt+AZ9Z 3 | PsLCO9//hKN2VAbSAc3goBUnlt4Ej29pBgI80DFTOF5A/BEIuHwXGaWNNPGR1KBs 4 | jzzj0rd1baXCj5nAFsg8PL6bMXZlr00hJQlQToFf3ib2mkuMqrw2hxrpMCvYknbh 5 | ougJa8gqva/zhxZFurHnsOqCor8aXjDzOahxE9MM502lVIv/NZdn6aFgk7Pey/d6 6 | 9bwRNnf33tCdz04jkzprsbe6wU9XUyfZqn2Xc94cTLIg/QkpKrMDgVBzTyn0NXwq 7 | YqsSxYdZQKp1U5/N3/KEnoJbWpH7ucZ8FcTZLq4hpPfz8O/FrgIqxLzSFf8MHOeI 8 | 1cPiyXeL7SN2RWRCrh9Zh4gbE4uMt8DQwWX5PqdQ46NetOYgx4GksFmn804RiKU3 9 | Mmr0dYcoVMODB5goNEVPE0GBEL9rNnERuvM27L+HoFDkdiTtzVpFtSKM4CImatbH 10 | T2lb4+V3vUhFdbER1JPOHNC9H1FqnqYSndfA0PcY0hka2lRf1RK/E0HMZht/QROZ 11 | BpiK80YYgLoB2j/7EIw98SicIHPZrLat7+zg+rUSgzP9YrvcZeLJ1e5Fqgc+xVSF 12 | JLy0GUBfldGxQddwr0X8+8cTBlUrvgWt4v4CeojFWUWgtotRR6mw8csCAQI= 13 | -----END DH PARAMETERS----- 14 | -------------------------------------------------------------------------------- /post_install/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 1; 3 | pid /var/run/nginx.pid; 4 | daemon off; 5 | 6 | events { 7 | worker_connections 2048; 8 | multi_accept on; 9 | } 10 | 11 | http { 12 | server_tokens off; 13 | server_name_in_redirect on; 14 | index index.html index.htm index.php; 15 | 16 | sendfile on; 17 | tcp_nopush on; 18 | tcp_nodelay on; 19 | 20 | ssl_protocols TLSv1.2 TLSv1.3; 21 | ssl_prefer_server_ciphers off; 22 | ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256; 23 | ssl_ecdh_curve auto; 24 | ssl_session_cache builtin:1000 shared:SSL:64M; 25 | ssl_session_timeout 10m; 26 | ssl_dhparam /etc/nginx/dhparam.pem; 27 | resolver 1.1.1.1 8.8.8.8 valid=300s; 28 | resolver_timeout 5s; 29 | ssl_stapling on; 30 | ssl_stapling_verify on; 31 | 32 | types_hash_max_size 2048; 33 | 34 | charset utf-8; 35 | 36 | access_log /var/log/nginx/access.log; 37 | error_log /var/log/nginx/error.log; 38 | 39 | gzip on; 40 | gzip_vary on; 41 | gzip_types text/plain text/css text/javascript text/xml application/json application/x-javascript application/xml application/xml+rss application/x-font-ttf; 42 | 43 | include /etc/nginx/mime.types; 44 | default_type application/octet-stream; 45 | include /etc/nginx/conf.d/*.conf; 46 | include /etc/nginx/sites-enabled/*; 47 | } 48 | -------------------------------------------------------------------------------- /post_install/etc/nginx/sites-available/librenms.https: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443 ssl http2 default_server; 3 | listen [::]:443 ssl http2 default_server; 4 | server_name _; 5 | root /opt/librenms/html; 6 | 7 | ssl_certificate /etc/nginx/ssl/ssl.crt; 8 | ssl_certificate_key /etc/nginx/ssl/ssl.key; 9 | #ssl_trusted_certificate /etc/nginx/ssl/ssl.ocsp.crt; 10 | 11 | location / { 12 | try_files $uri $uri/ @librenms; 13 | } 14 | 15 | location ~ \.php { 16 | fastcgi_param PATH_INFO $fastcgi_path_info; 17 | include fastcgi_params; 18 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 19 | fastcgi_pass unix:/var/run/php/php-fpm.sock; 20 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 21 | } 22 | 23 | location ~ /\.ht { 24 | deny all; 25 | } 26 | 27 | location @librenms { 28 | rewrite api/v0(.*)$ /api_v0.php/$1 last; 29 | rewrite ^(.+)$ /index.php/$1 last; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /post_install/etc/nginx/sites-enabled/librenms.http: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80 default_server; 3 | listen [::]:80 default_server; 4 | server_name _; 5 | root /opt/librenms/html; 6 | 7 | location / { 8 | try_files $uri $uri/ @librenms; 9 | } 10 | 11 | location ~ \.php { 12 | fastcgi_param PATH_INFO $fastcgi_path_info; 13 | include fastcgi_params; 14 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 15 | fastcgi_pass unix:/var/run/php/php-fpm.sock; 16 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 17 | } 18 | 19 | location ~ /\.ht { 20 | deny all; 21 | } 22 | 23 | location @librenms { 24 | rewrite api/v0(.*)$ /api_v0.php/$1 last; 25 | rewrite ^(.+)$ /index.php/$1 last; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /post_install/etc/php/8.3/cli/conf.d/90-include-path.ini: -------------------------------------------------------------------------------- 1 | include_path = ".:/usr/share/php:/usr/lib/php/pear" 2 | -------------------------------------------------------------------------------- /post_install/etc/php/8.3/fpm/conf.d/90-include-path.ini: -------------------------------------------------------------------------------- 1 | include_path = ".:/usr/share/php:/usr/lib/php/pear" 2 | -------------------------------------------------------------------------------- /post_install/etc/php/8.3/fpm/conf.d/91-opcache.ini: -------------------------------------------------------------------------------- 1 | opcache.enable = 1 2 | opcache.fast_shutdown = 1 3 | opcache.enable_file_override = 1 4 | opcache.revalidate_path = 1 5 | opcache.load_comments = 0 6 | opcache.save_comments = 0 7 | opcache.revalidate_freq = 60 8 | -------------------------------------------------------------------------------- /post_install/etc/php/8.3/fpm/conf.d/99-no-memory-limit.ini: -------------------------------------------------------------------------------- 1 | ; no memory limit for php 2 | memory_limit = -1 3 | -------------------------------------------------------------------------------- /post_install/etc/php/8.3/fpm/pool.d/www.conf: -------------------------------------------------------------------------------- 1 | ; Start a new pool named 'www'. 2 | ; the variable $pool can be used in any directive and will be replaced by the 3 | ; pool name ('www' here) 4 | [www] 5 | 6 | ; Per pool prefix 7 | ; It only applies on the following directives: 8 | ; - 'access.log' 9 | ; - 'slowlog' 10 | ; - 'listen' (unixsocket) 11 | ; - 'chroot' 12 | ; - 'chdir' 13 | ; - 'php_values' 14 | ; - 'php_admin_values' 15 | ; When not set, the global prefix (or /usr) applies instead. 16 | ; Note: This directive can also be relative to the global prefix. 17 | ; Default Value: none 18 | ;prefix = /path/to/pools/$pool 19 | 20 | ; Unix user/group of the child processes. This can be used only if the master 21 | ; process running user is root. It is set after the child process is created. 22 | ; The user and group can be specified either by their name or by their numeric 23 | ; IDs. 24 | ; Note: If the user is root, the executable needs to be started with 25 | ; --allow-to-run-as-root option to work. 26 | ; Default Values: The user is set to master process running user by default. 27 | ; If the group is not set, the user's group is used. 28 | user = librenms 29 | group = librenms 30 | 31 | ; The address on which to accept FastCGI requests. 32 | ; Valid syntaxes are: 33 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 34 | ; a specific port; 35 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 36 | ; a specific port; 37 | ; 'port' - to listen on a TCP socket to all addresses 38 | ; (IPv6 and IPv4-mapped) on a specific port; 39 | ; '/path/to/unix/socket' - to listen on a unix socket. 40 | ; Note: This value is mandatory. 41 | listen = /run/php/php-fpm.sock 42 | 43 | ; Set listen(2) backlog. 44 | ; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD) 45 | ;listen.backlog = 511 46 | 47 | ; Set permissions for unix socket, if one is used. In Linux, read/write 48 | ; permissions must be set in order to allow connections from a web server. Many 49 | ; BSD-derived systems allow connections regardless of permissions. The owner 50 | ; and group can be specified either by name or by their numeric IDs. 51 | ; Default Values: Owner is set to the master process running user. If the group 52 | ; is not set, the owner's group is used. Mode is set to 0660. 53 | listen.owner = www-data 54 | listen.group = www-data 55 | ;listen.mode = 0660 56 | 57 | ; When POSIX Access Control Lists are supported you can set them using 58 | ; these options, value is a comma separated list of user/group names. 59 | ; When set, listen.owner and listen.group are ignored 60 | ;listen.acl_users = 61 | ;listen.acl_groups = 62 | 63 | ; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. 64 | ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original 65 | ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address 66 | ; must be separated by a comma. If this value is left blank, connections will be 67 | ; accepted from any ip address. 68 | ; Default Value: any 69 | ;listen.allowed_clients = 127.0.0.1 70 | 71 | ; Set the associated the route table (FIB). FreeBSD only 72 | ; Default Value: -1 73 | ;listen.setfib = 1 74 | 75 | ; Specify the nice(2) priority to apply to the pool processes (only if set) 76 | ; The value can vary from -19 (highest priority) to 20 (lower priority) 77 | ; Note: - It will only work if the FPM master process is launched as root 78 | ; - The pool processes will inherit the master process priority 79 | ; unless it specified otherwise 80 | ; Default Value: no set 81 | ; process.priority = -19 82 | 83 | ; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or 84 | ; PROC_TRACE_CTL procctl for FreeBSD) even if the process user 85 | ; or group is different than the master process user. It allows to create process 86 | ; core dump and ptrace the process for the pool user. 87 | ; Default Value: no 88 | ; process.dumpable = yes 89 | 90 | ; Choose how the process manager will control the number of child processes. 91 | ; Possible Values: 92 | ; static - a fixed number (pm.max_children) of child processes; 93 | ; dynamic - the number of child processes are set dynamically based on the 94 | ; following directives. With this process management, there will be 95 | ; always at least 1 children. 96 | ; pm.max_children - the maximum number of children that can 97 | ; be alive at the same time. 98 | ; pm.start_servers - the number of children created on startup. 99 | ; pm.min_spare_servers - the minimum number of children in 'idle' 100 | ; state (waiting to process). If the number 101 | ; of 'idle' processes is less than this 102 | ; number then some children will be created. 103 | ; pm.max_spare_servers - the maximum number of children in 'idle' 104 | ; state (waiting to process). If the number 105 | ; of 'idle' processes is greater than this 106 | ; number then some children will be killed. 107 | ; pm.max_spawn_rate - the maximum number of rate to spawn child 108 | ; processes at once. 109 | ; ondemand - no children are created at startup. Children will be forked when 110 | ; new requests will connect. The following parameter are used: 111 | ; pm.max_children - the maximum number of children that 112 | ; can be alive at the same time. 113 | ; pm.process_idle_timeout - The number of seconds after which 114 | ; an idle process will be killed. 115 | ; Note: This value is mandatory. 116 | pm = dynamic 117 | 118 | ; The number of child processes to be created when pm is set to 'static' and the 119 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 120 | ; This value sets the limit on the number of simultaneous requests that will be 121 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 122 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 123 | ; CGI. The below defaults are based on a server without much resources. Don't 124 | ; forget to tweak pm.* to fit your needs. 125 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 126 | ; Note: This value is mandatory. 127 | pm.max_children = PLACEHOLDER_MAX_WORKERS 128 | 129 | ; The number of child processes created on startup. 130 | ; Note: Used only when pm is set to 'dynamic' 131 | ; Default Value: (min_spare_servers + max_spare_servers) / 2 132 | pm.start_servers = PLACEHOLDER_MIN_WORKERS 133 | 134 | ; The desired minimum number of idle server processes. 135 | ; Note: Used only when pm is set to 'dynamic' 136 | ; Note: Mandatory when pm is set to 'dynamic' 137 | pm.min_spare_servers = 1 138 | 139 | ; The desired maximum number of idle server processes. 140 | ; Note: Used only when pm is set to 'dynamic' 141 | ; Note: Mandatory when pm is set to 'dynamic' 142 | pm.max_spare_servers = 4 143 | 144 | ; The number of rate to spawn child processes at once. 145 | ; Note: Used only when pm is set to 'dynamic' 146 | ; Note: Mandatory when pm is set to 'dynamic' 147 | ; Default Value: 32 148 | ;pm.max_spawn_rate = 32 149 | 150 | ; The number of seconds after which an idle process will be killed. 151 | ; Note: Used only when pm is set to 'ondemand' 152 | ; Default Value: 10s 153 | pm.process_idle_timeout = 120s; 154 | 155 | ; The number of requests each child process should execute before respawning. 156 | ; This can be useful to work around memory leaks in 3rd party libraries. For 157 | ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. 158 | ; Default Value: 0 159 | pm.max_requests = 1000 160 | 161 | ; The URI to view the FPM status page. If this value is not set, no URI will be 162 | ; recognized as a status page. It shows the following information: 163 | ; pool - the name of the pool; 164 | ; process manager - static, dynamic or ondemand; 165 | ; start time - the date and time FPM has started; 166 | ; start since - number of seconds since FPM has started; 167 | ; accepted conn - the number of request accepted by the pool; 168 | ; listen queue - the number of request in the queue of pending 169 | ; connections (see backlog in listen(2)); 170 | ; max listen queue - the maximum number of requests in the queue 171 | ; of pending connections since FPM has started; 172 | ; listen queue len - the size of the socket queue of pending connections; 173 | ; idle processes - the number of idle processes; 174 | ; active processes - the number of active processes; 175 | ; total processes - the number of idle + active processes; 176 | ; max active processes - the maximum number of active processes since FPM 177 | ; has started; 178 | ; max children reached - number of times, the process limit has been reached, 179 | ; when pm tries to start more children (works only for 180 | ; pm 'dynamic' and 'ondemand'); 181 | ; Value are updated in real time. 182 | ; Example output: 183 | ; pool: www 184 | ; process manager: static 185 | ; start time: 01/Jul/2011:17:53:49 +0200 186 | ; start since: 62636 187 | ; accepted conn: 190460 188 | ; listen queue: 0 189 | ; max listen queue: 1 190 | ; listen queue len: 42 191 | ; idle processes: 4 192 | ; active processes: 11 193 | ; total processes: 15 194 | ; max active processes: 12 195 | ; max children reached: 0 196 | ; 197 | ; By default the status page output is formatted as text/plain. Passing either 198 | ; 'html', 'xml' or 'json' in the query string will return the corresponding 199 | ; output syntax. Example: 200 | ; http://www.foo.bar/status 201 | ; http://www.foo.bar/status?json 202 | ; http://www.foo.bar/status?html 203 | ; http://www.foo.bar/status?xml 204 | ; 205 | ; By default the status page only outputs short status. Passing 'full' in the 206 | ; query string will also return status for each pool process. 207 | ; Example: 208 | ; http://www.foo.bar/status?full 209 | ; http://www.foo.bar/status?json&full 210 | ; http://www.foo.bar/status?html&full 211 | ; http://www.foo.bar/status?xml&full 212 | ; The Full status returns for each process: 213 | ; pid - the PID of the process; 214 | ; state - the state of the process (Idle, Running, ...); 215 | ; start time - the date and time the process has started; 216 | ; start since - the number of seconds since the process has started; 217 | ; requests - the number of requests the process has served; 218 | ; request duration - the duration in µs of the requests; 219 | ; request method - the request method (GET, POST, ...); 220 | ; request URI - the request URI with the query string; 221 | ; content length - the content length of the request (only with POST); 222 | ; user - the user (PHP_AUTH_USER) (or '-' if not set); 223 | ; script - the main script called (or '-' if not set); 224 | ; last request cpu - the %cpu the last request consumed 225 | ; it's always 0 if the process is not in Idle state 226 | ; because CPU calculation is done when the request 227 | ; processing has terminated; 228 | ; last request memory - the max amount of memory the last request consumed 229 | ; it's always 0 if the process is not in Idle state 230 | ; because memory calculation is done when the request 231 | ; processing has terminated; 232 | ; If the process is in Idle state, then informations are related to the 233 | ; last request the process has served. Otherwise informations are related to 234 | ; the current request being served. 235 | ; Example output: 236 | ; ************************ 237 | ; pid: 31330 238 | ; state: Running 239 | ; start time: 01/Jul/2011:17:53:49 +0200 240 | ; start since: 63087 241 | ; requests: 12808 242 | ; request duration: 1250261 243 | ; request method: GET 244 | ; request URI: /test_mem.php?N=10000 245 | ; content length: 0 246 | ; user: - 247 | ; script: /home/fat/web/docs/php/test_mem.php 248 | ; last request cpu: 0.00 249 | ; last request memory: 0 250 | ; 251 | ; Note: There is a real-time FPM status monitoring sample web page available 252 | ; It's available in: /usr/share/php/8.3/fpm/status.html 253 | ; 254 | ; Note: The value must start with a leading slash (/). The value can be 255 | ; anything, but it may not be a good idea to use the .php extension or it 256 | ; may conflict with a real PHP file. 257 | ; Default Value: not set 258 | ;pm.status_path = /status 259 | 260 | ; The address on which to accept FastCGI status request. This creates a new 261 | ; invisible pool that can handle requests independently. This is useful 262 | ; if the main pool is busy with long running requests because it is still possible 263 | ; to get the status before finishing the long running requests. 264 | ; 265 | ; Valid syntaxes are: 266 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 267 | ; a specific port; 268 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 269 | ; a specific port; 270 | ; 'port' - to listen on a TCP socket to all addresses 271 | ; (IPv6 and IPv4-mapped) on a specific port; 272 | ; '/path/to/unix/socket' - to listen on a unix socket. 273 | ; Default Value: value of the listen option 274 | ;pm.status_listen = 127.0.0.1:9001 275 | 276 | ; The ping URI to call the monitoring page of FPM. If this value is not set, no 277 | ; URI will be recognized as a ping page. This could be used to test from outside 278 | ; that FPM is alive and responding, or to 279 | ; - create a graph of FPM availability (rrd or such); 280 | ; - remove a server from a group if it is not responding (load balancing); 281 | ; - trigger alerts for the operating team (24/7). 282 | ; Note: The value must start with a leading slash (/). The value can be 283 | ; anything, but it may not be a good idea to use the .php extension or it 284 | ; may conflict with a real PHP file. 285 | ; Default Value: not set 286 | ;ping.path = /ping 287 | 288 | ; This directive may be used to customize the response of a ping request. The 289 | ; response is formatted as text/plain with a 200 response code. 290 | ; Default Value: pong 291 | ;ping.response = pong 292 | 293 | ; The access log file 294 | ; Default: not set 295 | ;access.log = log/$pool.access.log 296 | 297 | ; The access log format. 298 | ; The following syntax is allowed 299 | ; %%: the '%' character 300 | ; %C: %CPU used by the request 301 | ; it can accept the following format: 302 | ; - %{user}C for user CPU only 303 | ; - %{system}C for system CPU only 304 | ; - %{total}C for user + system CPU (default) 305 | ; %d: time taken to serve the request 306 | ; it can accept the following format: 307 | ; - %{seconds}d (default) 308 | ; - %{milliseconds}d 309 | ; - %{milli}d 310 | ; - %{microseconds}d 311 | ; - %{micro}d 312 | ; %e: an environment variable (same as $_ENV or $_SERVER) 313 | ; it must be associated with embraces to specify the name of the env 314 | ; variable. Some examples: 315 | ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e 316 | ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e 317 | ; %f: script filename 318 | ; %l: content-length of the request (for POST request only) 319 | ; %m: request method 320 | ; %M: peak of memory allocated by PHP 321 | ; it can accept the following format: 322 | ; - %{bytes}M (default) 323 | ; - %{kilobytes}M 324 | ; - %{kilo}M 325 | ; - %{megabytes}M 326 | ; - %{mega}M 327 | ; %n: pool name 328 | ; %o: output header 329 | ; it must be associated with embraces to specify the name of the header: 330 | ; - %{Content-Type}o 331 | ; - %{X-Powered-By}o 332 | ; - %{Transfert-Encoding}o 333 | ; - .... 334 | ; %p: PID of the child that serviced the request 335 | ; %P: PID of the parent of the child that serviced the request 336 | ; %q: the query string 337 | ; %Q: the '?' character if query string exists 338 | ; %r: the request URI (without the query string, see %q and %Q) 339 | ; %R: remote IP address 340 | ; %s: status (response code) 341 | ; %t: server time the request was received 342 | ; it can accept a strftime(3) format: 343 | ; %d/%b/%Y:%H:%M:%S %z (default) 344 | ; The strftime(3) format must be encapsulated in a %{}t tag 345 | ; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t 346 | ; %T: time the log has been written (the request has finished) 347 | ; it can accept a strftime(3) format: 348 | ; %d/%b/%Y:%H:%M:%S %z (default) 349 | ; The strftime(3) format must be encapsulated in a %{}t tag 350 | ; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t 351 | ; %u: remote user 352 | ; 353 | ; Default: "%R - %u %t \"%m %r\" %s" 354 | ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" 355 | 356 | ; A list of request_uri values which should be filtered from the access log. 357 | ; 358 | ; As a security precuation, this setting will be ignored if: 359 | ; - the request method is not GET or HEAD; or 360 | ; - there is a request body; or 361 | ; - there are query parameters; or 362 | ; - the response code is outwith the successful range of 200 to 299 363 | ; 364 | ; Note: The paths are matched against the output of the access.format tag "%r". 365 | ; On common configurations, this may look more like SCRIPT_NAME than the 366 | ; expected pre-rewrite URI. 367 | ; 368 | ; Default Value: not set 369 | ;access.suppress_path[] = /ping 370 | ;access.suppress_path[] = /health_check.php 371 | 372 | ; The log file for slow requests 373 | ; Default Value: not set 374 | ; Note: slowlog is mandatory if request_slowlog_timeout is set 375 | ;slowlog = log/$pool.log.slow 376 | 377 | ; The timeout for serving a single request after which a PHP backtrace will be 378 | ; dumped to the 'slowlog' file. A value of '0s' means 'off'. 379 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 380 | ; Default Value: 0 381 | ;request_slowlog_timeout = 0 382 | 383 | ; Depth of slow log stack trace. 384 | ; Default Value: 20 385 | ;request_slowlog_trace_depth = 20 386 | 387 | ; The timeout for serving a single request after which the worker process will 388 | ; be killed. This option should be used when the 'max_execution_time' ini option 389 | ; does not stop script execution for some reason. A value of '0' means 'off'. 390 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 391 | ; Default Value: 0 392 | ;request_terminate_timeout = 0 393 | 394 | ; The timeout set by 'request_terminate_timeout' ini option is not engaged after 395 | ; application calls 'fastcgi_finish_request' or when application has finished and 396 | ; shutdown functions are being called (registered via register_shutdown_function). 397 | ; This option will enable timeout limit to be applied unconditionally 398 | ; even in such cases. 399 | ; Default Value: no 400 | ;request_terminate_timeout_track_finished = no 401 | 402 | ; Set open file descriptor rlimit. 403 | ; Default Value: system defined value 404 | ;rlimit_files = 1024 405 | 406 | ; Set max core size rlimit. 407 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 408 | ; Default Value: system defined value 409 | ;rlimit_core = 0 410 | 411 | ; Chroot to this directory at the start. This value must be defined as an 412 | ; absolute path. When this value is not set, chroot is not used. 413 | ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one 414 | ; of its subdirectories. If the pool prefix is not set, the global prefix 415 | ; will be used instead. 416 | ; Note: chrooting is a great security feature and should be used whenever 417 | ; possible. However, all PHP paths will be relative to the chroot 418 | ; (error_log, sessions.save_path, ...). 419 | ; Default Value: not set 420 | ;chroot = 421 | 422 | ; Chdir to this directory at the start. 423 | ; Note: relative path can be used. 424 | ; Default Value: current directory or / when chroot 425 | ;chdir = /var/www 426 | 427 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and 428 | ; stderr will be redirected to /dev/null according to FastCGI specs. 429 | ; Note: on highloaded environment, this can cause some delay in the page 430 | ; process time (several ms). 431 | ; Default Value: no 432 | ;catch_workers_output = yes 433 | 434 | ; Decorate worker output with prefix and suffix containing information about 435 | ; the child that writes to the log and if stdout or stderr is used as well as 436 | ; log level and time. This options is used only if catch_workers_output is yes. 437 | ; Settings to "no" will output data as written to the stdout or stderr. 438 | ; Default value: yes 439 | ;decorate_workers_output = no 440 | 441 | ; Clear environment in FPM workers 442 | ; Prevents arbitrary environment variables from reaching FPM worker processes 443 | ; by clearing the environment in workers before env vars specified in this 444 | ; pool configuration are added. 445 | ; Setting to "no" will make all environment variables available to PHP code 446 | ; via getenv(), $_ENV and $_SERVER. 447 | ; Default Value: yes 448 | clear_env = no 449 | 450 | ; Limits the extensions of the main script FPM will allow to parse. This can 451 | ; prevent configuration mistakes on the web server side. You should only limit 452 | ; FPM to .php extensions to prevent malicious users to use other extensions to 453 | ; execute php code. 454 | ; Note: set an empty value to allow all extensions. 455 | ; Default Value: .php 456 | ;security.limit_extensions = .php .php3 .php4 .php5 .php7 457 | 458 | ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from 459 | ; the current environment. 460 | ; Default Value: clean env 461 | ;env[HOSTNAME] = $HOSTNAME 462 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin 463 | ;env[TMP] = /tmp 464 | ;env[TMPDIR] = /tmp 465 | ;env[TEMP] = /tmp 466 | 467 | ; Additional php.ini defines, specific to this pool of workers. These settings 468 | ; overwrite the values previously defined in the php.ini. The directives are the 469 | ; same as the PHP SAPI: 470 | ; php_value/php_flag - you can set classic ini defines which can 471 | ; be overwritten from PHP call 'ini_set'. 472 | ; php_admin_value/php_admin_flag - these directives won't be overwritten by 473 | ; PHP call 'ini_set' 474 | ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. 475 | 476 | ; Defining 'extension' will load the corresponding shared extension from 477 | ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not 478 | ; overwrite previously defined php.ini values, but will append the new value 479 | ; instead. 480 | 481 | ; Note: path INI options can be relative and will be expanded with the prefix 482 | ; (pool, global or /usr) 483 | 484 | ; Default Value: nothing is defined by default except the values in php.ini and 485 | ; specified at startup with the -d argument 486 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com 487 | ;php_flag[display_errors] = off 488 | ;php_admin_value[error_log] = /var/log/fpm-php.www.log 489 | ;php_admin_flag[log_errors] = on 490 | ;php_admin_value[memory_limit] = 32M 491 | -------------------------------------------------------------------------------- /post_install/etc/runit/runsvdir/default/librenms-service/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | if [ -z "$LIBRENMS_SERVICE_OPTS" ]; then 4 | LIBRENMS_SERVICE_OPTS="" 5 | fi 6 | 7 | opts=( $LIBRENMS_SERVICE_OPTS ) 8 | 9 | set -u 10 | 11 | echo "Starting librenms-service.py..." 12 | cd /opt/librenms 13 | exec /sbin/setuser librenms /opt/librenms/librenms-service.py "${opts[@]}" 14 | -------------------------------------------------------------------------------- /post_install/etc/runit/runsvdir/default/nginx/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | echo "Starting nginx..." 4 | 5 | exec /usr/sbin/nginx 6 | -------------------------------------------------------------------------------- /post_install/etc/runit/runsvdir/default/php-fpm/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | echo "Starting php-fpm..." 4 | 5 | if [ ! -d /run/php ]; then 6 | mkdir /run/php 7 | fi 8 | 9 | exec /usr/sbin/php-fpm8.3 --nodaemonize --fpm-config /etc/php/8.3/fpm/php-fpm.conf 10 | -------------------------------------------------------------------------------- /post_install/etc/runit/runsvdir/default/rrdcached/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | echo "Starting rrdcached..." 4 | 5 | rm -rf /var/run/rrdcached.pid 6 | 7 | exec rrdcached \ 8 | -g \ 9 | -w 1800 \ 10 | -z 1800 \ 11 | -f 3600 \ 12 | -s librenms \ 13 | -U librenms \ 14 | -G librenms \ 15 | -B \ 16 | -R \ 17 | -j /var/tmp \ 18 | -t 4 \ 19 | -F \ 20 | -b /opt/librenms/rrd \ 21 | -l "$RRDCACHED_LISTEN" 22 | -------------------------------------------------------------------------------- /post_install/etc/runit/runsvdir/default/snmptrapd/run: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | if [ -z "$SNMPTRAPD_MIBDIRS" ]; then 4 | SNMPTRAPD_MIBDIRS="/opt/librenms/mibs" 5 | fi 6 | 7 | if [ -z "$SNMPTRAPD_MIBS" ]; then 8 | SNMPTRAPD_MIBS="IF-MIB" 9 | fi 10 | 11 | set -u 12 | 13 | echo "Starting snmptrapd..." 14 | 15 | exec /usr/sbin/snmptrapd -f -m "$SNMPTRAPD_MIBS" -M "$SNMPTRAPD_MIBDIRS" 16 | -------------------------------------------------------------------------------- /post_install/etc/snmp/snmptrapd.conf: -------------------------------------------------------------------------------- 1 | disableAuthorization yes 2 | authCommunity log,execute,net COMMUNITYSTRING 3 | traphandle default /opt/librenms/snmptrap.php 4 | -------------------------------------------------------------------------------- /post_install/opt/librenms/conf.d/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jarischaefer/docker-librenms/71c3558e172f4c204a8fd6e8781bbddcc27d7741/post_install/opt/librenms/conf.d/.gitkeep -------------------------------------------------------------------------------- /post_install/opt/librenms/conf.internal.d/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jarischaefer/docker-librenms/71c3558e172f4c204a8fd6e8781bbddcc27d7741/post_install/opt/librenms/conf.internal.d/.gitkeep -------------------------------------------------------------------------------- /post_install/opt/librenms/config.php: -------------------------------------------------------------------------------- 1 | &2 5 | exit 1 6 | fi 7 | 8 | user=$1 9 | password=$2 10 | role=$3 11 | email=$4 12 | 13 | /sbin/setuser librenms php /opt/librenms/lnms user:add --password="$password" --role="$role" --email="$email" "$user" 14 | 15 | echo "Created user ${user} with password ${password}, role ${role} and e-mail address ${email}" 16 | -------------------------------------------------------------------------------- /post_install/usr/local/bin/generate_key: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | /sbin/setuser librenms php /opt/librenms/artisan key:generate --show 4 | -------------------------------------------------------------------------------- /post_install/usr/local/bin/set_acls: -------------------------------------------------------------------------------- 1 | #!/bin/sh -u 2 | 3 | setfacl --recursive --default --modify g::rwX "$1" 4 | setfacl --recursive --modify g::rwX "$1" 5 | -------------------------------------------------------------------------------- /post_install/usr/local/bin/set_owner_and_mode: -------------------------------------------------------------------------------- 1 | #!/bin/sh -u 2 | 3 | chown -R --no-dereference librenms:librenms "$1" 4 | chmod -R -x,u=rwX,g=rwX,o=rX "$1" 5 | -------------------------------------------------------------------------------- /post_install/usr/local/bin/set_permissions: -------------------------------------------------------------------------------- 1 | #!/bin/sh -u 2 | 3 | PATH=/usr/local/bin:$PATH 4 | 5 | # Set basic permissions again since new files may be generated during configuration 6 | set_permissions_basic 7 | 8 | # Set permissions for additional user directories 9 | set_acls /opt/librenms/rrd 10 | set_owner_and_mode /opt/librenms/rrd 11 | -------------------------------------------------------------------------------- /post_install/usr/local/bin/set_permissions_basic: -------------------------------------------------------------------------------- 1 | #!/bin/sh -u 2 | 3 | PATH=/usr/local/bin:$PATH 4 | 5 | set_acls /opt/librenms/bootstrap/cache 6 | set_acls /opt/librenms/logs 7 | set_acls /opt/librenms/storage 8 | 9 | set_owner_and_mode /opt/librenms/bootstrap/cache 10 | set_owner_and_mode /opt/librenms/conf.d 11 | set_owner_and_mode /opt/librenms/conf.internal.d 12 | set_owner_and_mode /opt/librenms/html/plugins/Weathermap/configs 13 | set_owner_and_mode /opt/librenms/html/plugins/Weathermap/output 14 | set_owner_and_mode /opt/librenms/logs 15 | set_owner_and_mode /opt/librenms/storage 16 | 17 | chmod +x /opt/librenms/lnms /opt/librenms/daily.sh /opt/librenms/librenms-service.py 18 | -------------------------------------------------------------------------------- /post_install/usr/local/bin/setup_database: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | if [ ! -f /var/lock/my_init.lock ]; then 4 | echo "Error: Startup configuration is still running. Please wait until the container is fully started." >&2 5 | exit 1 6 | fi 7 | 8 | /sbin/setuser librenms /opt/librenms/lnms migrate --no-interaction --force --seed 9 | -------------------------------------------------------------------------------- /post_install/usr/local/bin/setup_fresh_database: -------------------------------------------------------------------------------- 1 | #!/bin/bash -eu 2 | 3 | if [ ! -f /var/lock/my_init.lock ]; then 4 | echo "Error: Startup configuration is still running. Please wait until the container is fully started." >&2 5 | exit 1 6 | fi 7 | 8 | read -r -p "This will delete existing data. Continue? [y/N] " 9 | echo 10 | 11 | if [[ "$REPLY" =~ ^[yY]$ ]]; then 12 | /sbin/setuser librenms /opt/librenms/lnms migrate:fresh --no-interaction --force --seed 13 | fi 14 | -------------------------------------------------------------------------------- /pre_install/build/install: -------------------------------------------------------------------------------- 1 | #!/bin/sh -eu 2 | 3 | LIBRENMS_VERSION=${LIBRENMS_VERSION:-25.5.0} 4 | LIBRENMS_WEATHERMAP_VERSION=ea57b454eb042408a6628fc3d8dff8176563547f 5 | 6 | # Optional APT caching, speeds up local builds 7 | #auto-apt-proxy 8 | 9 | # Dependencies 10 | apt update 11 | apt -yq dist-upgrade 12 | apt -yq install --no-install-recommends gcc python3-dev 13 | 14 | # LibreNMS and its dependencies 15 | git clone --branch ${LIBRENMS_VERSION} https://github.com/librenms/librenms.git /opt/librenms 16 | pip3 install -r /opt/librenms/requirements.txt 17 | 18 | composer --no-interaction install --working-dir=/opt/librenms --no-dev --prefer-dist 19 | composer clear-cache 20 | 21 | # Workaround for initialization order - In EnvHelper.php line 117: Call to undefined function LibreNMS\Util\base_path() 22 | sed -i 's|"LibreNMS\\\\ComposerHelper::postInstall",|"Illuminate\\\\Foundation\\\\ComposerScripts::postInstall",\n "LibreNMS\\\\ComposerHelper::postInstall",|g' /opt/librenms/composer.json 23 | 24 | # Weathermap plugin 25 | curl -qsSL https://github.com/librenms-plugins/Weathermap/archive/${LIBRENMS_WEATHERMAP_VERSION}.tar.gz | tar -xz -C /opt/librenms/html/plugins 26 | mv /opt/librenms/html/plugins/Weathermap-${LIBRENMS_WEATHERMAP_VERSION} /opt/librenms/html/plugins/Weathermap 27 | 28 | # Install LibreNMS files 29 | ln -s /opt/librenms/lnms /usr/local/bin/lnms 30 | cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/ 31 | cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms 32 | cp /opt/librenms/.env.example /opt/librenms/.env 33 | 34 | # Permissions 35 | chown -R librenms:librenms /opt/librenms 36 | find /opt/librenms -name '.gitignore' -type f -exec chmod -x "{}" + 37 | 38 | # Default files 39 | mkdir -p /opt/helpers/default_files/logs /opt/helpers/default_files/rrd 40 | cp /opt/librenms/logs/.gitignore /opt/helpers/default_files/logs 41 | cp /opt/librenms/rrd/.gitignore /opt/helpers/default_files/rrd 42 | 43 | # Remove unnecessary files 44 | rm -rf /opt/librenms/tests 45 | 46 | # Cleanup 47 | apt -yq purge gcc python3-dev 48 | apt -yq autoremove --purge 49 | apt clean 50 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* 51 | rm -f /var/log/dpkg.log /var/log/alternatives.log /var/log/bootstrap.log 52 | rm -f /var/log/apt/history.log /var/log/apt/term.log 53 | rm -rf /usr/share/man/* /usr/share/groff/* /usr/share/info/* 54 | rm -rf /usr/share/lintian/* /usr/share/linda/* 55 | find /usr/share/doc -not -type d -not -name 'copyright' -delete 56 | find /usr/share/doc -type d -empty -delete 57 | --------------------------------------------------------------------------------