Monitoring

How to install and set up M/Monit on Linux

Install M/Monit from the official tarball on Linux, run it under systemd, open the firewall for port 8080, reverse-proxy with Nginx, then point Monit agents at the collector URL—plus licensing and default-password hardening.

M/Monit is the central console for Monit: Monit runs on each host and reports status and events; M/Monit stores them, charts trends, and can drive alerts and remote actions. This guide covers a typical Linux x86_64 install under /opt, systemd supervision, firewalld or UFW, an optional Nginx reverse proxy, and the Monit set mmonit line that registers agents with the collector.

Monit-only (no central UI): see How to install and configure Monit on Rocky Linux 8.

Note: M/Monit is commercial software; distribution tarballs usually require a license (or trial) obtained from mmonit.com. On first start, a missing license may trigger a one-time HTTPS check to mmonit.com—plan accordingly on air-gapped networks.

What you will set up

PieceRole
M/Monit (port 8080 by default)Web UI and collector endpoint (/collector) for Monit agents
Monit on each hostLocal checks; set mmonit posts to M/Monit
FirewallAllow 8080/tcp (or only 80/443 if everything goes through Nginx)
Nginx (optional)DNS name, TLS, and hiding 8080 from browsers

Official architecture summary: M/Monit manual (Monit agents → 8080/tcp UI/collector; M/Monit → Monit 2812/tcp for remote actions when configured).

Prerequisites

  • 64-bit Linux (glibc) matching a tarball from M/Monit download
  • root or sudo for /opt, systemd, and firewall
  • A license file or acceptance of trial terms before production

1. Download and unpack

Pick the current mmonit-*-linux-x64.tar.gz from the download page (version in filenames changes often). Example:

1
2
3
4

cd /opt
sudo curl -fLO https://mmonit.com/dist/mmonit-3.7.11-linux-x64.tar.gz
sudo tar -xzf mmonit-3.7.11-linux-x64.tar.gz
sudo rm -f mmonit-3.7.11-linux-x64.tar.gz

Upgrade tip: keep a symlink so systemd and Nginx do not need edits every release:

1

sudo ln -sfn /opt/mmonit-3.7.11 /opt/mmonit

Use /opt/mmonit in unit files below if you adopt the symlink.

The daemon binary is /opt/mmonit/bin/mmonit (adjust if you keep only a versioned directory). See mmonit -h on your tarball for flags supported in that build.

2. systemd service

Create /etc/systemd/system/mmonit.service. This pattern matches common installs: WorkingDirectory is the M/Monit home (contains conf/, db/, etc.):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

[Unit]
Description=M/Monit monitoring console
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
WorkingDirectory=/opt/mmonit
# Adjust ExecStart if your tarball documents a different foreground or pid path:
ExecStart=/opt/mmonit/bin/mmonit -i -p /var/run
ExecStop=/opt/mmonit/bin/mmonit stop
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

Reload and start:

1
2
3

sudo systemctl daemon-reload
sudo systemctl enable --now mmonit
sudo systemctl status mmonit

If the service exits immediately, run /opt/mmonit/bin/mmonit -id once in a terminal (foreground diagnostic mode per the manual) and read the error, or check /opt/mmonit/logs/ if present.

Hardening: the vendor recommends a dedicated UNIX account for M/Monit in production; chown the install tree and add User= / Group= once file permissions and writable db/ paths are aligned.

3. Firewall

firewalld (RHEL, Rocky, Alma, Fedora, …)

1
2

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

UFW (Debian, Ubuntu, …)

1
2

sudo ufw allow 8080/tcp comment 'M/Monit'
sudo ufw status verbose

If you terminate TLS on Nginx and only expose 80/443, you can skip opening 8080 publicly and keep it bound to 127.0.0.1 (after editing conf/server.xml—see the manual’s Connector address / port).

4. First login (change defaults immediately)

Browse to http://SERVER_IP:8080/.

Built-in accounts (from M/Monit documentation):

UserDefault passwordTypical use
adminswordfishWeb UI administration
monitmonitOften used in set mmonit http://monit:monit@HOST:8080/collector URLs

Treat these as emergency defaults only. Change passwords under Admin → Users (or your version’s equivalent) before exposing the UI to a network.

5. Register Monit agents with M/Monit

On each host that runs Monit, edit /etc/monitrc (or /etc/monit/monitrc) near the top. Minimal pattern from the M/Monit manual (replace host, port, and credentials):

1
2
3
4
5
6

set eventqueue basedir /var/monit/ slots 1000
set mmonit http://monit:[email protected]:8080/collector
set httpd port 2812 and use address 192.168.1.101
    allow localhost
    allow 192.168.1.10
    allow monit:monit
  • 192.168.1.10 — M/Monit server (must match listener port, default 8080).
  • 192.168.1.101 — this Monit host’s IP; 2812 is Monit’s control port for M/Monit → Monit actions.
  • allow lines must permit M/Monit to reach Monit’s httpd with the given user:password.

Reload Monit:

1
2
3

sudo monit reload
# or
sudo systemctl reload monit

Hosts should begin appearing in the M/Monit UI after the next report cycle.

6. Optional: Nginx reverse proxy

Point monit.example.com at the M/Monit server, then install Nginx:

1
2
3
4
5

# RHEL / Rocky / Alma
sudo dnf install -y nginx

# Debian / Ubuntu
sudo apt install -y nginx

Important: M/Monit’s default HTTP port is 8080. The upstream in proxy_pass must match whatever conf/server.xml defines (default 8080). An old proxy_pass http://127.0.0.1:8190 line is a common typo and will yield 502 Bad Gateway.

Example /etc/nginx/conf.d/mmonit.conf:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

server {
    listen 80;
    server_name monit.example.com;
    server_tokens off;

    location / {
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://127.0.0.1:8080;
    }
}

Test and reload:

1
2
3

sudo nginx -t
sudo systemctl enable --now nginx
sudo systemctl reload nginx

Then open http://monit.example.com. For HTTPS, use Let’s Encrypt (certbot --nginx) or your PKI and add a listen 443 ssl server block.

Monit set mmonit URL: if you terminate TLS on Nginx, the collector URL Monit uses may need https://user:[email protected]/collector and a certificate Monit trusts—see the manual for TLS on the Monit side.

7. Change listening port or bind address

If 8080 clashes with another service, edit Connector port="8080" (and optionally address) in /opt/mmonit/conf/server.xml, then restart:

1

sudo systemctl restart mmonit

Update firewall, Nginx proxy_pass, and every set mmonit URL accordingly.

Troubleshooting

IssueWhat to check
502 from Nginxproxy_pass port; is **`ss -tlnpgrep mmonit`showing127.0.0.1:8080**?
Blank UI / licenseLicense file path; outbound HTTPS for trial; journalctl -u mmonit
Agents never appearset mmonit URL, credentials, firewall 8080, Monit allow for M/Monit IP
Cannot run actions from UIMonit httpd reachable from M/Monit; allow user/password

Conclusion

You can run M/Monit from the official tarball under /opt, supervise it with systemd, expose 8080 (or hide it behind Nginx on 80/443), and wire Monit using set mmonit …/collector. Rotate default passwords, align ports in server.xml, Nginx, and monitrc, and keep a current manual handy for TLS, external databases, and upgrades.

comments powered by Disqus
© 2020 - 2026 Citizix, Ltd.
Citizix Ltd
Built with Hugo
Theme Stack designed by Jimmy