Monit HTTPD encryption https not working and other issues

[errored out]

First off, I have recently changed my FW from pfsense to opnsense.  (Yay me).

I have been running into issues with setting up and the configuration of different parts of the Software which is to be expected.

I finally was able to start Monit HTTPD and access the page. Here is the issue, I am not able to use a secure connection.  In advance mode, I first started Monit with http access.  Then, after enabling "secure connection"  I am not able to access Monit with https. 

I have tried the following.
Disabling Secure connection then enabling again.
With and without Verification SSL certificates enabled.
All options for SSL version. 
(When using TLS1.3, receive error monit: /usr/local/etc/monitrc:16: Your SSL Library does not support TLS version 1.3 'tlsv13'+)


When attempting to connect to webpage, browers shows ERR_SSL_PROTOCOL_ERROR.
The system time is with 3 mins of the FW.
The FW is passing traffic (as no change in the policy,HTTP to HTTPS would be needed)
I do not have any plugin / extensions running on the browser.
and I just cleared the cookies.

monitrc

    allow localhost
    allow root:"XXXXXXXXXXXXXXXX"
    allow testinguser:"testingpass"
    allow 192.168.1.1/24

Also something of interest; I can still access HTTP even after switching to HTTPS and saving/applying.  After restarting the service, receive following log entries.

monit[1453]: 'host.domain.tld' Monit 5.26.0 started
monit[79757]: Starting Monit 5.26.0 daemon with http interface at [ * ]: 2812
monit[31326]: 'host.domain.tld' Monit 5.26.0 stopped
monit[31326]: Monit daemon with pid [31326] stopped




I am assuming the functionality of the  Secure Connection option is not working correctly.  Does anyone have any information which could help?

Also, does any know how to modify the configuration file manually?  I only have found /usr/local/etc/monitrc.  The file indicates it's autogenerated.  I'm assuming any changes made would be wiped. The page for monit in the opnsense docs only point to monit documentation.






This last part is for people who may run into configuration issues with Monit HTTPd as searching on the forum and on the net did not produce any results which helped with my issue. These issues / troubleshooting are to help users in the future and I am not asking for assistance for these areas but are related to the topic and possibly my issue.

Both the documentation and the "full help" on the Monit settings webpage (Monit HTTPD Access List) "The username:password or host/network etc. for accessing the Monit httpd service."  However, when adding a user/pass by itself.  I received the following error.

(system>Logfiles>General)
monit[80946]: M/Monit: cannot open a connection to https://[192.168.31.1]:80/coll
monit[80946]: Cannot create socket to [192.168.1.1]:80 -- Connection timed out

I also looked at the conf file for monit and noticed there was not an allow for any network.

(/usr/local/etc/monitrc)
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file

set httpd unixsocket /var/run/monit.sock port 2812
    allow localhost
    allow root:"XXXXXXXXXXXXXXXX"
    allow testinguser:"testingpass"

set daemon 120 with start delay 120


The problem, Monit HTTPD requires a username, password, AND network entry.




The other issue I ran into was M/Monit URL.  "   
The M/Monit URL.  https://user:pass@192.168.1.10:8443/collector.  If you want to control Monit services from your M/Monit instance you have to configure the Monit Port too and add corresponding firewall rules as well.

The problem is that anything I entered failed.   (I attempted both http and https)

https://testinguser:"testingpass"@127.0.0.1:2812/collector
https://testinguser:"testingpass"@127.0.0.1:2812
https://127.0.0.1:2812/collector
https://user:pass@127.0.0.1:2812/collector
https://user:"pass"@192.168.1.1:2812/collector
https://testinguser:"testingpass"@192.168.1.1:2812

error message received
M/Monit: cannot open a connection to https://[192.168.1.1]:80/coll
monit[27011]: Cannot create socket to [192.168.1.1]:80 -- Connection timed out
monit[31326]: M/Monit: status message to http://[127.0.0.1]:2812/ failed
monit[31326]: M/Monit: failed to send message to http://[127.0.0.1]:2812/ -- HTTP/1.0 400 Bad Request


I shorted the entries, but you get the point. 

The only thing that worked, is not put any entry.  Leave the entire field blank.

[faunsen]

I finally was able to start Monit HTTPD and access the page. Here is the issue, I am not able to use a secure connection.  In advance mode, I first started Monit with http access.  Then, after enabling "secure connection"  I am not able to access Monit with https. 

The "Secure Connection" is meant for the mail server connection to send notifications encrypted.
SSL for the Monit http service is not supported yet.

Also, does any know how to modify the configuration file manually?  I only have found /usr/local/etc/monitrc.  The file indicates it's autogenerated.  I'm assuming any changes made would be wiped. The page for monit in the opnsense docs only point to monit documentation.

Yes it is auto generated. Please use the webinterface for configuration.

(/usr/local/etc/monitrc)
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file

set httpd unixsocket /var/run/monit.sock port 2812

    allow localhost
    allow root:"XXXXXXXXXXXXXXXX"
    allow testinguser:"testingpass"

set daemon 120 with start delay 120

Looks like a bug.
I'll take a look on this.

[faunsen]

No, not a bug.
Works as expected.

Enable HTTPD, add user:pass to the Monit HTTPD Access List and a rule to allow 2812 to the firewall.
Then curl -u user:pass http://firewall:2812/

[errored out]

Thank you everyone.