Ubuntu Server remote administration – Ajenti

Ajenti LogoToday, I will present Ajenti, a remote administration tool for Linux and FreeBSD.

This article is part of a series about remote administration of Linux-based server (actually some of the tool work on *BSD systems too). You can find all article pertaining to this series using the Tag remote-server-admin.

Ajenti

Ajenti is a rather new project but with a really cool UI and lots of promise! Ajenti provides an administration panel (via a web interface) to help you do some basic monitoring and configuration of your server. It can be enhanced/completed by a suite of plug-ins, many provided by the Ajenti developers themselves, to help you configure or monitor what Ajenti does not at its core. It is therefore easily extensible.

Ajenti is known to work on Linux and FreeBSD. In the first version of this article, Ajenti version 0.6 was tested. The project is now at version 1.2, the screenshot are therefore no longer actual, however the installation steps have been updated to match those necessary for version 1.2. I am planning on having a follow-up article using the latest Ajenti version on Ubuntu 14.04 when it will be out.

Installation

Ajenti is not in the default repository of Ubuntu 12.04 LTS, it needs to be added.

$ sudo vi /etc/apt/sources.list.d/ajenti.list

And add the following in the file (updated since Ajenti 0.6):

deb http://repo.ajenti.org/ng/debian main main ubuntu

And import the signing key for this new repository:

$ wget http://repo.ajenti.org/debian/key -O- | sudo apt-key add -

Now, refresh the list of packages:

$ sudo apt-get update

And install Ajenti

$ sudo apt-get install ajenti

Configuration

It is all done via the Web UI. So open your favorite web browser and go the page https://IP:8000 Example: https://192.168.1.2:8000 (whereas Ajenti 0.6 was HTTP by default, newer version are using HTTPS by default).

You will be prompted for a user and password enter ‘root‘ for the username and ‘admin‘ for the password (note: this was previously ‘admin‘ for both entries).

In earlier version (incl. 0.6) you would then be prompted for the admin login name and password, and it was recommended to update them. Try to use something different from admin or root for a slightly increased security. With recent versions, this is no longer the case, and if you want to change the default (which I highly recommend), you need to go in the ‘Configure’ and under Users change the ‘root’ password.

Then you will be able to select optional plug-ins. You don’t have to and will be able to add later in the configuration of Ajenti.

Some of those plug-ins require extra python libraries or software to be operable. This can be seen in the Plugins panel once connected to Ajenti. For each plug-in that needs extra package, you will see a small warning icon (warning). On earlier Ajenti 0.6 mouse over it, it will tell you what is missing, on Ajenti 1.2 simply click on the plug-in name.

Example: I have installed Munin plug-in and it tells me “Requires python module BeautifulSoup”. To find this package you can use the following command:

$ apt-cache search BeautifulSoup
python-beautifulsoup - error-tolerant HTML parser for Python
python-bs4 - error-tolerant HTML parser for Python
python-bs4-doc - error-tolerant HTML parser for Python - documentation
python3-bs4 - error-tolerant HTML parser for Python 3

Now you can install the missing package:

$ sudo apt-get install python-beautifulsoup

After you installed the necessary dependencies, restart Ajenti by clicking on the “Restart Ajenti” button in the Web UI.

Ajenti Admin Panel example

Ajenti Admin Panel example

Updated: This article has been partially updated to reflect the necessary changes to install the latest version of Ajenti on Ubuntu 12.04 LTS.

14 thoughts on “Ubuntu Server remote administration – Ajenti

    1. jcberthon Post author

      As a quick follow-up, without going through a reverse proxy (which in my opinion bring some security advantages) you can directly in Ajenti settings set SSL support.

      You need to check SSL option and provide a server key and a signed certificate (either self-signed or signed by a CA). Generating a server key and a signed certificate is properly explained in Ubuntu documentation (applicable to Linux or Unix OS as long as OpenSSL is used): https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html

      For example, if you follow the instructions and create a self-signed certificate, you should enter the full path to the file server.key for the server key setting and the full path to the file server.crt for the server certificate (the self-signed one, or one signed by a CA).
      Save the settings and restart Ajenti (make sure it is restarted). Then you should connect to the same address but using https instead of http.

  1. jcberthon Post author

    I would try to set-up Ajenti behind a reverse proxy which does the SSL encryption. You could use Apache HTTPd or Nginx or Lighttpd for this purpose. If you look for SSL reverse proxy and one of the above mentioned tool, you will find plenty of how to explaining how to proceed.

    So basically the idea is:

    Client –HTTPS–> Reverse proxy –HTTP–>Ajenti

    But this is a good idea for an article, maybe I will write one dedicated to Ajenti one day…

  2. Cameron Verotti

    This is all great, but the issue I have is in the munin app page of ajenti all I see if a drop down called “Hosts” click on it and nothing… not sure what I did wrong. any words of wisdom or adive on the issue jcberthon.

    1. jcberthon Post author

      Cameron, You have to make sure you installed munin properly. Check if it is working without Ajenti.
      The URL you used to access munin directly is the one you need to configure in the preferences (under the Settings of Ajenti, there is a section regarding the plugins).
      If accessing munin requires a login and password, the settings will allow you to enter this information.

      In case you followed my guide on installing munin, try to bind the munin-node to all address instead of localhost and see if this helps.
      # Which address to bind to;
      host *
      # host 127.0.0.1

      This is a less secure setting, but you could setup a firewall to protect munin.

  3. Paulo Pires

    I’m trying to get Ajenti to work with Nginx as reverse-proxy but it doesn’t work. Probably it’s something Socket.IO related, but the thing is that the page is accessed (I can see it in Nginx and Ajenti logs) but the login modal form is not shown. Have you tried it?

  4. kikin81

    Thank you so much for this guide, and the munin guide.

    I had a quick question.
    I successfully installed munin, and made sure it was running. On Ajenti, when I go to Munin->Host->localhost-> to add a graph, the image shows the “broken image” icon. Any thoughts on what might be causing it? Maybe leave it a day to gather data?

    1. jcberthon Post author

      Hi Francisco,
      If you right click the “broken image” in your browser and select to display the image (“View Image” in Firefox), do you see an error message, does the URL seems correct?

    1. jcberthon Post author

      Just to be on the safe side :-) did you replace the term ‘IP’ by the IP address of your machine running Ajenti? So did you try something like 192.168.0.2:8000 (assuming your server has the IP address 192.168.0.2) ?
      Note that you can get the IP address of your server by entering ‘ip addr’ or ‘ifconfig’ in the server terminal.
      If you had correctly replaced the term IP. Did you check that Ajenti was running on this port or that it was successfully binding to this port? Use the following command on your server: sudo netstat -ltpn
      This command will list the TCP port that are currently opened and for which an application is waiting command/input, so you should see Ajenti hopefully on port 8000. If that is not the case, and you see Ajenti on a different port, then replace 8000 by the port Ajenti is listening to. If you do not see Ajenti, then it was not successful in starting up or attaching to the port 8000. Try to look at the Ajenti log file for any error.

Comments are closed.