DockerHub: https://hub.docker.com/r/konekod/supervisord-monitor
Telegram: https://t.me/supervisord_monitor
- Monitor unlimited supervisord servers and processes
- Start/Stop/Restart process
- Read stderr log
- Monitor process uptime status
- Security by password authorization
There are 3 different ways to start. The first is to start by extending a new Dockerfile from the project image and defining the jwt-keys (it may seem complicated, but it is the most reliable and safe). The second is to run via docker-compose with overriding env application parameters and volume for automatically generated keys. And the third option is to just run with env variable definition (the fastest but not the most reliable, jwt key will be recreated uniquely every time).
First let's generate jwt passphrase, we need a random password with a length of 64 characters, as an option use this command:
tr -dc A-Za-z0-9 </dev/urandom | head -c 64; echo
You also need 2 files private.pem and public.pem, you can get them by running the container and copying the automatically generated keys :
docker run --detach --name supervisord-monitor -e JWT_PASSPHRASE=your-generated-jwt-passphrase konekod/supervisord-monitor
docker exec --user app -it supervisord-monitor php bin/console lexik:jwt:generate-keypair
docker cp supervisord-monitor:/var/www/supervisor-monitor/config/jwt/private.pem private.pem
docker cp supervisord-monitor:/var/www/supervisor-monitor/config/jwt/public.pem public.pem
docker kill supervisord-monitor
docker rm supervisord-monitor
After that, let's create a Dockerfile in a separate directory:
FROM konekod/supervisord-monitor:latest
ENV JWT_PASSPHRASE=your-generated-jwt-passphrase
# Generated jwt keys
COPY private.pem config/jwt/private.pem
COPY public.pem config/jwt/public.pem
# Please set secure credentials for the administrator account instead default admin admin
ENV APP_CREDENTIALS=admin:admin
# Host on which it is planned to run supervisord-monitor (needed to set cookie authorization)
ENV API_HOST=localhost
# Your remote suprevisors
ENV SUPERVISORS_SERVERS=[{"ip":"app-container-frontent","port":9551,"name":"frontent","username":"default","password":"default"},{"ip":"app-container-backend","port":9551,"name":"backend","username":"default","password":"default"}]
# Disable r/w access for project(exclude var dir) for improve security
USER www-data
Final start
docker buildx build -t supervisord-monitor-override --load .
docker run --detach --name supervisord-monitor-override -p "10011:8080" supervisord-monitor-override
The main trick is that you can close write access to these keys so that you can't change them afterward
In a specific folder, create docker-compose.yml: Be sure to create a jwt folder that will become volume manually, otherwise the created folder will have root privileges, which will break key creation(The jwt folder should always be there, it contains the keys)
version: "3.8"
name: supervisord-monitor-example
services:
supervisord-monitor-app:
container_name: supervisord-monitor-app
image: konekod/supervisord-monitor
environment:
- API_HOST=localhost
- APP_CREDENTIALS=admin:admin
- JWT_PASSPHRASE=your-generated-jwt-passphrase
volumes:
- ./jwt:/var/www/supervisor-monitor/config/jwt:cached
ports:
- "10011:8080"
Here you can also change the mount settings in volume to ro after creation keys.
jwt keys will be generated automatically via supervisor configured program
config/docker/supervisor/supervisord-dist.conf
see program:generate-jwt-if-not-exists
docker run \
--detach \
--name supervisord-monitor \
-e APP_CREDENTIALS=admin:admin \
-e API_HOST=localhost \
-e SUPERVISORS_SERVERS=[{"ip":"app-container-frontent","port":9551,"name":"frontent","username":"default","password":"default"},{"ip":"app-container-backend","port":9551,"name":"backend","username":"default","password":"default"}] \
konekod/supervisord-monitor
With this script it is possible to automatically recreate a container with everything needed
#!/bin/bash
container_id=$(docker ps | grep my-supervisord-monitor | awk '{ print $1 }')
docker kill "$container_id"
docker rm "$container_id"
docker pull konekod/supervisord-monitor
docker run -d \
--name my-supervisord-monitor \
-e SUPERVISORS_SERVERS="$(< /home/dev/supervisord_monitor/supervisord_monitor_servers.json)" \
-e APP_CREDENTIALS=admin:admin \
-e JWT_PASSPHRASE=your-generated-jwt-passphrase \
-e API_HOST=supervisord-monitor.site.com \
-p 10011:8080 \
--restart=always \
--network project_network \
--volume /home/dev/supervisord_monitor/jwt:/var/www/supervisor-monitor/config/jwt:cached \
konekod/supervisord-monitor:latest
1.Clone supervisord-monitor to your vhost/webroot:
git clone [email protected]:KoNekoD/supervisord-monitor.git
2.Copy config/docker/.env.dist to config/docker/.env
cp config/docker/.env.dist config/docker/.env
3.Enable/Uncomment inet_http_server (found in supervisord.conf) for all your supervisord servers.
[inet_http_server]
port=*:9001
username="yourusername"
password="yourpass"
Do not forget to restart supervisord service after changing supervisord.conf
4.Edit supervisord-monitor configuration file and add all your supervisord servers
nvim config/docker/.env
5.Open web browser and enter your url localhost:$NGINX_HOST_HTTP_PORT, where $NGINX_HOST_HTTP_PORT must be set in copied .env - custom port
Did not receive a '200 OK' response from remote server.
Having this messages in most cases means that Supervisord Monitoring tools does not have direct network access to the Supervisord RPC2 http interface. Check your firewall and network conectivity.
But it is possible to get error 500, in that case it is a supervisord-monitor problem, run this command to activate the profiler. Where “my-supervisord-monitor-container-name” is the name of your container, please replace with the one you need
container_id=$(docker ps | grep my-supervisord-monitor-container-name | awk '{ print $1 }'); docker exec -it --user app $container_id sed -i 's/APP_ENV=prod/APP_ENV=dev/g' .env; docker exec -it --user app $container_id composer install
After that try to reproduce the error again and after that you need to share with us the error data from profiler, trace, error name. To open it add to URL /profiler, it will be something like “http://localhost:10011/_profiler” and find the 500 error you need in the profiler.
Did not receive a '200 OK' response from remote server. (HTTP/1.0 401 Unauthorized)
Having 401 Unauthorized
means that you have connection between Supervisord Monitoring tool and Supervisord but the username or password are wrong.
NO_FILE
This error can be seen when reading logs with active flag "redirect_stderr=true", just remove this line, and you will be able to read stderr logs in supervisord-monitor.
UNKNOWN_METHOD
Having this message means that your supervisord service doesn't have rpc interface enabled (only for v3+ of Supervisord). To enable the rpc interface add this lines to the configuration file:
From the Supervisord Docs
In the sample config file, there is a section which is named [rpcinterface:supervisor]. By default, it looks like the following:
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
The [rpcinterface:supervisor] section must remain in the configuration for the standard setup of supervisor to work properly. If you don’t want supervisor to do anything it doesn’t already do out of the box, this is all you need to know about this type of section.
For more information go to the offitial Supervisord Configuration Docs: http://supervisord.org/configuration.html#rpcinterface-x-section-settings
just me
If you've used Supervisord Monitor Tool send me email to [email protected] to add your project/company to this list.