🚀 Deploy Nagios on Ubuntu VPS

This guide walks through deploying Nagios Core on an Ubuntu VPS, from system prep to web access, plugins, hosts/services, and hardening. Commands target Ubuntu 22.04 LTS (works similarly on 20.04/24.04).

What You’ll Build

• A Nagios Core monitoring server
• Web UI secured with HTTP auth
• Standard monitoring plugins
• Example host & service checks
• Basic security and troubleshooting

Prerequisites

• Ubuntu VPS with root or sudo access
• 2 vCPU / 2 GB RAM minimum (4 GB recommended)
• Public IP or hostname
• Open ports: 80/443 (web), 5666 (optional NRPE)

How to Deploy Nagios on Ubuntu VPS (Step-by-Step)

To deploy Nagios on Ubuntu VPS, follow the steps below:

1. Update the System

   sudo apt update && sudo apt upgrade -y
   sudo reboot
   

2. Install Required Packages

   Nagios Core is typically compiled from source for the latest stable features.

   sudo apt-get install -y autoconf gcc libc6 make wget unzip apache2 php libapache2-mod-php libgd-dev ufw
   sudo apt-get install -y openssl libssl-dev
   

   Enable Apache modules:

   sudo a2enmod rewrite cgi
   sudo systemctl restart apache2
   

3. Create Nagios User & Groups

   sudo useradd nagios
   sudo groupadd nagcmd
   sudo usermod -aG nagcmd nagios
   sudo usermod -aG nagcmd www-data
   

4. Download & Compile Nagios Core

   cd /tmp
   wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.5.5.tar.gz
   tar xzf nagios-4.5.5.tar.gz
   cd nagios-4.5.5
   

   Configure and build:

   ./configure --with-command-group=nagcmd
   make all
   sudo make install
   sudo make install-init
   sudo make install-commandmode
   sudo make install-config
   sudo make install-webconf
   

5. Set Apache Authentication

   Create a web admin user:

   sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
   

   Restart Apache:

   sudo systemctl restart apache2
   

6. Install Nagios Plugins

   Plugins power checks (CPU, disk, HTTP, ping, etc.).

   cd /tmp
   wget https://nagios-plugins.org/download/nagios-plugins-2.4.8.tar.gz
   tar xzf nagios-plugins-2.4.8.tar.gz
   cd nagios-plugins-2.4.8
   ./configure --with-nagios-user=nagios --with-nagios-group=nagios
   make
   sudo make install
   

7. Start & Enable Nagios

   sudo systemctl enable nagios
   sudo systemctl start nagios
   

   Verify config before restarts:

   sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
   

8. Access the Web Interface
   Open in your browser:

   http://YOUR_SERVER_IP/nagios
   

   Login with:

   • Username: nagiosadmin
   • Password: (set earlier)

9. Add a Host to Monitor

   Create a hosts file:

   sudo nano /usr/local/nagios/etc/objects/hosts.cfg
   

   Example:

   define host {
     use             linux-server
     host_name       web01
     alias           Web Server 01
     address         192.0.2.10
     max_check_attempts 5
     check_period    24x7
     notification_interval 30
     notification_period 24x7
   }
   

   Include it in nagios.cfg:

   sudo nano /usr/local/nagios/etc/nagios.cfg
   

   Add:

   cfg_file=/usr/local/nagios/etc/objects/hosts.cfg
   

   Restart:

   sudo systemctl restart nagios
   

10. Add Service Checks

    Edit services:

    sudo nano /usr/local/nagios/etc/objects/services.cfg
    

    Example HTTP check:

    define service {
      use                 generic-service
      host_name           web01
      service_description HTTP
      check_command       check_http
    }
    

    Restart Nagios after changes.

11. (Optional) Monitor Remote Servers with NRPE

    Install NRPE on the remote host:

    sudo apt install -y nagios-nrpe-server nagios-plugins
    

    Allow the Nagios server IP in:

    sudo nano /etc/nagios/nrpe.cfg
    

    Restart NRPE:

    sudo systemctl restart nagios-nrpe-server
    

    On the Nagios server, define NRPE commands and services.

12. Secure & Harden

    • Use HTTPS (Let’s Encrypt with Apache)
    • Restrict /nagios via firewall/IP allowlist
    • Change default object definitions
    • Rotate logs (/usr/local/nagios/var/)
    • Use ufw:

      sudo ufw allow OpenSSH
      sudo ufw allow 80
      sudo ufw enable
    

13. Troubleshooting

    Check status

    sudo systemctl status nagios
    

    Validate config

    sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
    

    Common paths

    • Config: /usr/local/nagios/etc/
    • Plugins: /usr/local/nagios/libexec/
    • Logs: /usr/local/nagios/var/nagios.log

HTTPS + Let’s Encrypt Automation for Nagios on Ubuntu VPS

Now that we know how to deploy Nagios on Ubuntu VPS, let’s add HTTPS and Let’s Encrypt automation. This guide secures the Nagios web interface with HTTPS using automated certificates from Let’s Encrypt, via Certbot on Apache. It includes automatic renewal and validation checks.

Assumptions

• Nagios Core already installed at /usr/local/nagios
• Apache in use (apache2)
• Public DNS name pointing to your VPS (recommended)
• Ubuntu 20.04 / 22.04 / 24.04

To configure HTTPS + Let’s Encrypt automation for Nagios on Ubuntu VPS, follow the steps below:

1. Install Certbot for Apache

   sudo apt update
   sudo apt install -y certbot python3-certbot-apache
   

   Verify:

   certbot --version
   

2. Nagios installs its Apache config here:

   /etc/apache2/conf-enabled/nagios.conf
   

   Confirm Apache is serving on port 80:

   sudo apachectl -S
   

   You should see your Nagios site bound to *:80.

3. Obtain the SSL Certificate (Auto-Configure Apache)

   Run Certbot and let it modify Apache automatically:

   sudo certbot --apache
   

   During prompts:

   • Enter your email
   • Agree to TOS
   • Choose the domain serving Nagios (e.g. nagios.example.com)
   • Select Redirect HTTP to HTTPS (recommended)

   Certbot will:

   • Issue the certificate
   • Create SSL VirtualHost
   • Add redirect rules

4. Verify HTTPS Access

   Open in browser:

   https://nagios.example.com/nagios
   

   Confirm:

   • Valid certificate
   • No mixed-content warnings
   • Login works normally

5. Force HTTPS for Nagios (Optional Hardening)

   If you want an explicit redirect at Apache level:

   sudo nano /etc/apache2/conf-enabled/nagios.conf
   

   Add near the top:

   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
   

   Reload Apache:

   sudo systemctl reload apache2
   

6. Automatic Certificate Renewal (Systemd Timer)

   Certbot installs a systemd timer by default.

   Check status:

   systemctl list-timers | grep certbot
   

   Test renewal safely:

   sudo certbot renew --dry-run
   

   No errors = automation is working.

7. Harden TLS Configuration (Recommended)

   Edit the SSL VirtualHost created by Certbot (usually):

   /etc/apache2/sites-enabled/000-default-le-ssl.conf
   

   Add:

   SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
   SSLCipherSuite HIGH:!aNULL:!MD5
   SSLHonorCipherOrder on
   Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
   

   Enable headers module if needed:

   sudo a2enmod headers
   sudo systemctl reload apache2
   

8. Firewall Check

   Ensure HTTPS is allowed:

   sudo ufw allow 443
   sudo ufw reload
   

9. Common Issues & Fixes

   Certificate issued but browser still shows HTTP

   • Apache reload required:

     sudo systemctl reload apache2
   

   Certbot fails validation

   • DNS not pointing to server
   • Port 80 blocked by firewall
   • Incorrect VirtualHost

   Mixed content warning

   • Ensure no http:// references in custom Nagios UI assets

10. File Locations (Quick Reference)

    • Certificates:
      /etc/letsencrypt/live/nagios.example.com/
    • Apache SSL vhost:
      /etc/apache2/sites-enabled/*-le-ssl.conf
    • Nagios Apache config:
      /etc/apache2/conf-enabled/nagios.conf

Result

You now have:

• Full HTTPS encryption
• Automatic 90-day certificate renewal
• Enforced HTTPS redirects
• Hardened TLS configuration

Summary

You now know how to deploy Nagios on Ubuntu VPS.