在本指南中，我们将介绍使用Nginx和可选的Letsencrypt SSL证书来确保安全的LibreNMS onCentOS 7服务器的安装和配置。

什么是LibreNMS？

LibreNMS是基于社区的GPL许可的自动发现网络监视工具，基于PHP，MySQL和SNMP。 LibreNMS包括对广泛的网络硬件和操作系统的支持，包括Juniper，Cisco，Linux，Foundry，FreeBSD，Brocade，HP，Windows等。它是Observium监视工具的分支。

LibreNMS的功能

以下是LibreNMS网络监视工具的主要功能

具有自动发现功能它将使用CDP，FDP，LLDP，OSPF，BGP，SNMP和ARPAPI访问来自动发现整个网络LibreNMS提供了完整的API来管理，图形化和检索安装中的数据。具有新功能和错误修复功能可自动更新到最新版本。可自定义的警报高度灵活的警报系统，可通过电子邮件，IRC，松弛等方式进行通知通过水平缩放支持分布式轮询(随网络增长而增加)计费系统轻松为网络上的端口生成带宽账单Android和iOS应用程序提供了提供核心功能的本机iPhone/Android应用程序。多种身份验证方法：MySQL，HTTP，LDAP，Radius，Active Directory对NfSen，collected，SmokePing，RANCID，Oxidized的集成支持

如何使用Letsencrypt和Nginx在CentOS上安装LibreNMS监视工具

请按照此处提供的步骤在CentOS 7服务器上运行LibreNMS操作监视工具。

将SELinux置于宽松模式

sudo setenforce 0

要保留更改，请编辑SELinux配置文件

$sudo vim /etc/selinux/config
SELINUX=permissive

将EPEL存储库添加到系统

sudo yum install epel-release
sudo yum install yum-utils

安装所需的依赖项

sudo yum -y install zip unzip git cronie wget fping net-snmp net-snmp-utils ImageMagick jwhois mtr rrdtool MySQL-python nmap  python-memcached

安装PHP和Nginx

将从REMI存储库安装PHP，将其添加到系统中，如下所示：

sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

禁用默认情况下启用的remi-php54repo，并启用PHP 7.2的存储库

sudo yum-config-manager --disable remi-php54
sudo yum-config-manager --enable remi-php72

然后最终安装所需的php模块

sudo yum -y install php php-{cli,mbstring,process,fpm,mysqlnd,zip,snmp,devel,gd,mcrypt,mbstring,curl,xml,pear,bcmath}

配置PHP

sudo vim /etc/php-fpm.d/www.conf

设置以下变量

user = nginx
group = nginx
listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

设定PHP时区

$sudo vim /etc/php.ini

date.timezone = America/New_York

安装Nginx Web服务器

sudo yum install nginx

启动Nginx和php-fpm服务

for i in nginx php-fpm; do
   sudo systemctl enable $i
   sudo systemctl start $i
done

安装和配置数据库服务器

使用以下指南在CentOS 7服务器上安装MariaDB数据库。

在Ubuntu 18.04和CentOS 7上安装MariaDB 10.x

编辑my.cnf文件，并在[mysqld]部分中添加以下行：

$sudo vim /etc/my.cnf

[mysql]
innodb_file_per_table=1
lower_case_table_names=0

进行更改后，重新启动MariaDB服务器

sudo systemctl enable mariadb
sudo systemctl restart mariadb

数据库服务器安装并运行后，以root用户身份登录：

$mysql -u root -p

创建一个数据库和用户：

CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON librenms.* TO 'librenms_user'@'localhost' IDENTIFIED BY "Password1234!";
FLUSH PRIVILEGES;
EXIT;

在CentOS 7上安装和配置LibreNMS

如果要使用Letsencrypt SSL证书，则需要首先请求它。以root用户身份运行以下命令

wget https://dl.eff.org/certbot-auto -P /usr/local/bin
chmod a+x /usr/local/bin/certbot-auto

如果我们正在运行防火墙服务，请在防火墙上启用" HTTP"端口

sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

现在获取要使用的证书

export DOMAIN='librenms.example.com'
export EMAIL="theitroad@localhost"
certbot-auto certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring

证书将放置在/etc/letsencrypt/live/librenms.example.com/目录下

Github的克隆LibreNMS项目

cd /opt
sudo git clone https://github.com/librenms/librenms.git
sudo chown librenms:librenms -R /opt/librenms

安装PHP依赖项

cd /opt/librenms
./scripts/composer_wrapper.php install --no-dev

成功安装应该具有类似以下的输出：

....
Generating autoload files
> LibreNMS\ComposerHelper::postInstall
setfacl -R -m g::rwx rrd/logs/storage/bootstrap/cache/
setfacl -d -m g::rwx rrd/logs/storage/bootstrap/cache/
php artisan key:generate
Application key [base64:/m3TCBxHJ5lFYdsCda+o9oxLTmmH1/3jXjLipmcIp+4=] set successfully.                                                              
> Illuminate\Foundation\ComposerScripts::postInstall
> php artisan optimize
Generating optimized class loader
The compiled services file has been removed.

将LibreNMS用户添加到系统

sudo useradd librenms -d /opt/librenms -M -r
sudo usermod -a -G librenms nginx

复制并配置SNMP配置模板：

sudo cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
sudo vim /etc/snmp/snmpd.conf

通过替换RANDOMSTRINGGOESHERE设置社区字符串

com2sec readonly  default       MyInternalNetwork

下载发行版本标识符脚本

sudo curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
sudo chmod +x /usr/bin/distro

然后启动并启用snmpd服务

sudo systemctl enable snmpd
sudo systemctl restart snmpd

完成所有操作后，为LibreNMS创建nginx配置文件

没有SSL的Nginx配置

它放在/etc/nginx/conf.d/librenms.conf下

server {
 listen      80;
 server_name librenms.example.com;
 root        /opt/librenms/html;
 index       index.php;

 charset utf-8;
 gzip on;
 gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 location/{
  try_files $uri $uri//index.php?$query_string;
 }
 location /api/v0 {
  try_files $uri $uri//api_v0.php?$query_string;
 }
 location ~ \.php {
  include fastcgi.conf;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
 }
 location ~ /\.ht {
  deny all;
 }
}

使用SSL的Nginx配置

server {
        listen 80;
        root        /opt/librenms/html;
        server_name librenms.example.com;
        return 301 https://$server_name$request_uri;
}

server {
    	listen 443 ssl http2;
        server_name librenms.example.com;
        root        /opt/librenms/html;
        index       index.php;

	# Set Logs path
     	access_log  /var/log/nginx/access.log;
     	error_log   /var/log/nginx/error.log;

	# Configure SSL
	ssl_certificate /etc/letsencrypt/live/librenms.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/librenms.example.com/privkey.pem;

   	# Enabling Gzip compression on Nginx
 	 charset utf-8;
         gzip on;
         gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

     location/{
         try_files $uri $uri//index.php?$query_string;
     }

     location /api/v0 {
         try_files $uri $uri//api_v0.php?$query_string;
     }

     # PHP-FPM handle all .php files requests
     location ~ \.php {
         include fastcgi.conf;
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
         fastcgi_pass unix:/run/php-fpm/php7.2-fpm.sock;
     }

     location ~ /\.ht {
         deny all;
     }
 }

确认nginx语法：

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

如果一切正常，请重新启动服务

sudo systemctl restart nginx

配置Cron作业

sudo cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

复制logrotate配置

LibreNMS将日志保存在"/opt/librenms/logs"中。随着时间的流逝，它们可能会变大并向外旋转。

要轮换出旧日志，可以使用提供的logrotate配置文件：

sudo cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

设置适当的权限

sudo chown -R librenms:librenms /opt/librenms
setfacl -d -m g::rwx /opt/librenms/logs
sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache//opt/librenms/storage/
sudo setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache//opt/librenms/storage/

启动LibreNMS Web安装程序

在网络浏览器上打开http://librenms.example.com/install.php以完成安装。

确认所有"安装前检查"均已通过，然后单击"下一步"

配置数据库凭据，如先前创建的。它将开始导入数据库架构并填充数据。

在下一页上，系统将要求我们配置管理员用户帐户。

Username: admin
Password: StrongPassword

接下来是配置文件的生成，如果创建失败，我们可能必须使用给定的内容手动创建该文件。文件路径应该是/opt/librenms/config.php

<?php
## Have a look in defaults.inc.php for examples of settings you can set here. DO NOT EDIT defaults.inc.php!

### Database config
$config['db_host'] = 'localhost';
$config['db_port'] = '3306';
$config['db_user'] = 'librenms';
$config['db_pass'] = 'StrongPassword';
$config['db_name'] = 'librenms';
$config['db_socket'] = '';

//This is the user LibreNMS will run as
//Please ensure this user is created and has the correct permissions to your install
$config['user'] = 'librenms';

### Locations - it is recommended to keep the default
#$config['install_dir']  = "/opt/librenms";

### This should *only* be set if you want to *force* a particular hostname/port
### It will prevent the web interface being usable form any other hostname
#$config['base_url']        = "http://librenms.company.com";

### Enable this to use rrdcached. Be sure rrd_dir is within the rrdcached dir
### and that your web server has permission to talk to rrdcached.
#$config['rrdcached']    = "unix:/var/run/rrdcached.sock";

### Default community
$config['snmp']['community'] = array("public");

### Authentication Model
$config['auth_mechanism'] = "mysql"; # default, other options: ldap, http-auth
#$config['http_auth_guest'] = "guest"; # remember to configure this user if you use http-auth

### List of RFC1918 networks to allow scanning-based discovery
#$config['nets'][] = "10.0.0.0/8";
#$config['nets'][] = "172.16.0.0/12";
#$config['nets'][] = "192.168.0.0/16";

# Update configuration
#$config['update_channel'] = 'release';  # uncomment to follow the monthly release channel
#$config['update'] = 0;  # uncomment to completely disable updates

将文件所有权更改为librenms用户：

sudo chown librenms:librenms /opt/librenms/config.php

单击完成安装按钮以在CentOS 7上完成LibreNMS安装。

我们应该会看到一个管理员登录页面。登录并选择"验证安装"