Using RPi-Monitor with Lighttpd webserver instead of the embedded one

I wanted to integrate the RPi Monitor page into my exisiting lighttpd config and to be able to call the page like https://<your.IP>/status or https://MyLovelyDDNS.domain/status instead of connecting to port 8888 http://<your.IP>:8888.

  1. Login as root.

  2. (If not already done) Install Lighttpd: dietpi-software install 84
    (I also set up certbot / Let’s encrypt and a DDNS to make the server reachable via a domain, this tutorial will not cover this proces)

  3. Install RPi-Monitor: dietpi-software install 66.
    You can check if it’s working by browsing to http://<your.IP>:8888

  4. Disable the embedded server in rpimonitor config: nano /etc/rpimonitor/daemon.conf,
    uncomment the line #daemon.noserver=1 to daemon.noserver=1.
    Restart RPi-Monitor with systemctl restart rpimonitor
    (you can check again, now it shouldn’t be available on port 8888)

  5. Create a folder in your webroot, I call mine “status”: mkdir /var/www/status

  6. Finally create two symlinks, one from the web root of RPi-Monitor to your created folder and one to get the statistics right:
    mkdir /var/www/status/stat && ln -s /usr/share/rpimonitor/web/* /var/www/status && sudo ln -s /var/lib/rpimonitor/stat/* /var/www/status/stat

Now the monitor page is available at https://<your.IP>/status, but it’s also reachable from the internet.
We can deny this by adding some config to lighttpd:

  1. Create a new drop-in config: nano /etc/lighttpd/conf-available/99-dietpi-rpimonitor.conf
    Put this in and save the file.
HTTP["url"] =~ "^/status/" {
    $HTTP["remoteip"] == "192.168.178.0/24" {
    }
    else {
        url.access-deny = ( "" )
    }
}

Make sure to change the IP to match your network config! In this example the page is available from every IP in the subnet of 192.168.178.*

  1. Load the config we just made and activate it:
    lighttpd-enable-mod dietpi-rpimonitor && service lighttpd force-reload

Voilá, the status page is now only available from inside your network.

Optional:
Now it annoys me a bit that I always have to type in the IP of my device to reach the page, I can’t use my DDNS domain for that, because then the request will come from the internet and will be denied by the rules we just made. There is a workaround, if you use a local DNS resolver like Pi-Hole / Adguard.
You can create there DNS records for your domains to point to the LAN IP of your webserver / RPi. Now the request goes straight to my Raspberry Pi, never leaving my LAN. So I can use https://MyLovelyDDNS.domain/status, even when I’m connected via VPN.

Cheers.

1 Like