Using RPi-Monitor with Lighttpd webserver instead of the embedded one

Community Tutorials
, , , ,
1

I wanted to integrate the RPi Monitor page into my exisiting lighttpd config and to be able to call the page like https://<your.IP>/status or https://MyLovelyDDNS.domain/status instead of connecting to port 8888 http://<your.IP>:8888.

  1. Login as root.

  2. (If not already done) Install Lighttpd: dietpi-software install 84
    (I also set up certbot / Let’s encrypt and a DDNS to make the server reachable via a domain, this tutorial will not cover this proces)

  3. Install RPi-Monitor: dietpi-software install 66.
    You can check if it’s working by browsing to http://<your.IP>:8888

  4. Disable the embedded server in rpimonitor config: nano /etc/rpimonitor/daemon.conf,
    uncomment the line #daemon.noserver=1 to daemon.noserver=1.
    Restart RPi-Monitor with systemctl restart rpimonitor
    (you can check again, now it shouldn’t be available on port 8888)

  5. Create a folder in your webroot, I call mine “status”: mkdir /var/www/status

  6. Finally create two symlinks, one from the web root of RPi-Monitor to your created folder and one to get the statistics right:
    mkdir /var/www/status/stat && ln -s /usr/share/rpimonitor/web/* /var/www/status && sudo ln -s /var/lib/rpimonitor/stat/* /var/www/status/stat

Now the monitor page is available at https://<your.IP>/status, but it’s also reachable from the internet.
We can deny this by adding some config to lighttpd:

  1. Create a new drop-in config: nano /etc/lighttpd/conf-available/99-dietpi-rpimonitor.conf
    Put this in and save the file.
HTTP["url"] =~ "^/status/" {
    $HTTP["remoteip"] == "192.168.178.0/24" {
    }
    else {
        url.access-deny = ( "" )
    }
}

Make sure to change the IP to match your network config! In this example the page is available from every IP in the subnet of 192.168.178.*

  1. Load the config we just made and activate it:
    lighttpd-enable-mod dietpi-rpimonitor && service lighttpd force-reload

Voilá, the status page is now only available from inside your network.

Optional:
Now it annoys me a bit that I always have to type in the IP of my device to reach the page, I can’t use my DDNS domain for that, because then the request will come from the internet and will be denied by the rules we just made. There is a workaround, if you use a local DNS resolver like Pi-Hole / Adguard.
You can create there DNS records for your domains to point to the LAN IP of your webserver / RPi. Now the request goes straight to my Raspberry Pi, never leaving my LAN. So I can use https://MyLovelyDDNS.domain/status, even when I’m connected via VPN.

Cheers.

1 Like
2

Do you happen to know the config settings for unbound to achieve that?

3

Do you use anything else like PiHole or AGH or just Unbound?

4

I use unbound for everything around DNS. Currently Pihole is installed, too. But probably not going to keep it. So, I like to go on with unbound.

My whole setup works fine to obtain a Let’s Encrypt certificate for abc.duckdns.org, i.e. I type abc.duckdns.org in my browser and it opens a secured webpage to access the service at 192.168.66.2 (a reverse proxy).

And the hint from your orignal post made me hope to make the URL abc.duckdns.org accessible from within my LAN, too, wihtout internet connection but I haven’t succeeded yet.

I added three lines to unbound’s config:

private-domain: "abc.duckdns.org"
local-zone: "abc.duckdns.org." redirect
local-data: "abc.duckdns.org. IN A 192.168.66.2"

… whereas 192.168.66.2 is my rPi’s LAN IP
and abc.duckdns.org is the DDNS service that points to 192.168.66.2 (‘abc’ is just random for here in the forum, no real address.)

5

This should be fine.
Did you reload unbound after the change was made?

service unbound reload

Maybe it’s even better to make your own config file, so the default one does not get overwritten on update.
e.g.: /etc/unbound/unbound.conf.d/dns.conf

6

usually your DDNS should be reachable from inside your local network as well and it doesn’t require to be configured on local DNS server? Actually I’m not sure what you mean by “wihtout internet connection”. Without internet, Unbound is not able to resolve anything at all as it is not able to reach global DNS root server. :confused:

Anyway you should be able to create local DNS records in Unbound. Unbound: Adding Custom DNS Records | www.bentasker.co.uk