Hi All,
I am busy configuring OPNsense (20.1.4) in a VirtualBox before I let it loose in production. I am taking copious notes and am considering posting them as a HOWTO once done. So far I am seriously impressed! Thank you for the incredible work.
That said, I'd rather post this bit now, given how much of my time this has wasted.
Problem: ntopng doesn't start.
Solution:
1. Install and enable os-redis plugin
2. Do NOT define a password under Services > Redis > Restrictions > Server Password
Requests:
1. In Docs > Community Plugins > ntopng:
Change the Installation section to highlight the os-redis prerequisite before explaining how to go about installing ntopng. As it is now you are pretty much saying "Install ntopng. Notice that it doesn't work. That's because you should first have installed Redis."
2.1. Until the os-ntopng source has been updated, remove the os-redis plugin option to enter a Server Password, especially since its help text says "Choose a secure value. It is recommended that you generate this password." What is interesting to me is that I discovered this statement (from 2016!) that says it has been fixed: https://github.com/ntop/ntopng/issues/685.
2.2. Assuming the above, append "NB: If you are going to make changes to the Redis configuration by hand, do not enable a password, as that will break ntopng. Rather protect it by binding it to localhost." That would be for those of us who want it set up more securely and tend to mess around with (up!) config files.
Again, thanks for what thus far seems a truly splendid system!
Hi,
regarding for the documentation, you can try to add this as a PR, this would help everyone :)
The help text for password comes from the plugin maintainer of Redis, it has nothing to do with ntopng since it can also be used by other plugins (like rspamd). I think it would be best to just add a note to the docs.
Thx :)
Thanks for the reply, but the reality is (and reality always wins) that I have not written compiled code this millennium, and do not use Git.
Nevertheless, I had a look to see how much work it would be, but I am afraid there is zero chance that I am going to follow pages and pages of instructions to create a local copy of an entire source tree merely to change a few sentences in documentation.
So, here are the changes if someone who has done all of this would like to improve the documentation.
These changes are to Docs > Community Plugins > Reporting > ntopng
[The entire Installation section should be replaced by the following]
Redis is a prerequisite for ntopng, so if you have not installed it, first do so via System ‣ Firmware ‣ Plugins, where you would install plugin os-redis. Once installed, change to Services ‣ Redis and in the General Settings tab enable the service. Ensure that Listen Interfaces is set to "Nothing selected" and that Enable Protected Mode is ticked. This causes Redis to be bound to localhost.
NOTE: ntopng breaks when Redis has a password. You need to protect Redis by binding it to localhost as explained above. In the Restrictions tab make sure that Server Password is blank. [Why is this? See (from 2016) https://github.com/ntop/ntopng/issues/685, or does it not apply?]
Now install the os-ntopng plugin from System ‣ Firmware ‣ Plugins. Once done, follow on below.