How To

Install Icinga Web 2 on RHEL 10 / Rocky Linux 10

Josphat Mutai Updated Mar 22, 2026 · 7 min read

Icinga Web 2 is the web frontend for Icinga 2, the open source monitoring system. It gives you a clean, responsive dashboard for viewing host and service states, acknowledging problems, scheduling downtimes, and browsing performance data. Icinga Web 2 is a standalone PHP application that talks to Icinga 2 through its IDO database or IcingaDB backend. The latest stable release is version 2.12.6 (November 2025).

Original content from computingforgeeks.com - post 39078

This guide covers installing Icinga Web 2 on RHEL 10 and Rocky Linux 10 using packages from the official Icinga repository. We will set up MariaDB as the backend database, configure Apache as the web server, walk through the browser-based setup wizard, connect the monitoring module to Icinga 2, add the Grafana module for performance graphs, and configure firewall rules and SELinux policies.

Prerequisites

  • A server running RHEL 10 or Rocky Linux 10 with at least 2 GB RAM
  • Icinga 2 installed and running with the IDO MySQL feature enabled – follow our Icinga 2 installation guide first
  • Root or sudo access
  • EPEL repository enabled
  • Ports 80/443 (HTTP/HTTPS) open in the firewall

Step 1: Add the Icinga Repository on RHEL 10 / Rocky Linux 10

Icinga provides community packages through their Fedora repository that work on RHEL 10 and Rocky Linux 10. Start by enabling the EPEL and CodeReady Builder (CRB) repositories, which provide dependencies that Icinga packages need.

sudo dnf install -y epel-release
sudo dnf config-manager --set-enabled crb

On RHEL 10 (not Rocky/Alma), enable the CRB equivalent through subscription manager instead.

sudo subscription-manager repos --enable codeready-builder-for-rhel-10-x86_64-rpms
sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm

Create the Icinga repository configuration file. Since Icinga’s community repository for EL 10 uses the Fedora 40 package base, we point to it directly.

sudo vi /etc/yum.repos.d/icinga-stable-release.repo

Add the following content to the file.

[icinga-stable-release]
name=ICINGA (stable release for RHEL 10)
baseurl=https://packages.icinga.com/fedora/40/release/
enabled=1
gpgcheck=1
gpgkey=https://packages.icinga.com/icinga.key

Import the Icinga GPG signing key and refresh the package cache.

sudo rpm --import https://packages.icinga.com/icinga.key
sudo dnf makecache

Step 2: Install Icinga Web 2 Packages

Install Icinga Web 2, the CLI tool, and the SELinux policy package.

sudo dnf install -y icingaweb2 icingacli icingaweb2-selinux

Verify the installed version to confirm the packages were pulled from the Icinga repository.

icingacli version

The output should show the Icinga Web 2 version.

Icinga Web 2 (2.12.6)

Step 3: Install PHP and Required Extensions

RHEL 10 and Rocky Linux 10 ship with PHP 8.3 in the default repositories. Icinga Web 2 requires PHP 7.2 or later, so the default version works well. Install PHP and all the extensions that Icinga Web 2 needs.

sudo dnf install -y php php-cli php-fpm php-mysqlnd php-pgsql php-xml php-mbstring php-curl php-json php-intl php-gd php-ldap php-opcache php-process php-gmp php-imagick

Confirm PHP is installed and check the version.

php --version

You should see PHP 8.3 confirmed in the output.

PHP 8.3.14 (cli) (built: Dec  3 2025 10:45:22) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.3.14, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.14, Copyright (c), by Zend Technologies

Set the PHP timezone in the configuration file to avoid warnings during the setup wizard.

sudo vi /etc/php.ini

Find the date.timezone line and set it to your timezone.

date.timezone = Africa/Nairobi

Step 4: Install and Configure MariaDB

Icinga Web 2 stores its user accounts, preferences, and group memberships in a database. Install the MariaDB server from the default repositories.

sudo dnf install -y mariadb-server mariadb

Start and enable MariaDB so it runs on boot.

sudo systemctl enable --now mariadb

Run the security hardening script to set a root password and remove test databases.

sudo mariadb-secure-installation

Answer the prompts to set a root password, remove anonymous users, disable remote root login, and remove the test database.

Create the Icinga Web 2 Database

Log in to MariaDB and create the icingaweb2 database with a dedicated user.

sudo mariadb -u root -p

Run the following SQL statements to create the database and grant permissions. Replace StrongPassword with your own secure password.

CREATE DATABASE icingaweb2;
GRANT ALL PRIVILEGES ON icingaweb2.* TO 'icingaweb2'@'localhost' IDENTIFIED BY 'StrongPassword';
FLUSH PRIVILEGES;
EXIT;

Import the Icinga Web 2 database schema into the new database.

sudo mariadb -u root -p icingaweb2 < /usr/share/doc/icingaweb2/schema/mysql.schema.sql

Step 5: Configure Apache Web Server for Icinga Web 2

Install Apache (httpd) if it is not already on the system.

sudo dnf install -y httpd

The Icinga Web 2 package includes an Apache configuration file at /etc/httpd/conf.d/icingaweb2.conf that sets up the web application under the /icingaweb2 URL path. No manual Apache configuration is needed for the default setup.

Start and enable Apache.

sudo systemctl enable --now httpd

Verify Apache is running.

sudo systemctl status httpd

The service should show active (running).

Nginx Alternative

If you prefer Nginx over Apache, install it and generate the Icinga Web 2 configuration using the CLI tool.

sudo dnf install -y nginx
sudo icingacli setup config webserver nginx --document-root /usr/share/icingaweb2/public

Save the generated output to /etc/nginx/conf.d/icingaweb2.conf, adjust the server_name and fastcgi_pass settings to match your environment, then start Nginx.

sudo systemctl enable --now nginx

Step 6: Run the Icinga Web 2 Setup Wizard

Generate a setup token that protects the web-based configuration wizard from unauthorized access.

sudo icingacli setup token create

The command outputs a token string that you will enter in the first step of the wizard.

The newly generated setup token is: 3a7c1d2e9f8b4a5c

If you need to retrieve the token later, use this command.

sudo icingacli setup token show

Open a browser and navigate to http://your-server-ip/icingaweb2/setup. Enter the setup token on the first page and click Next.

The wizard walks through these configuration pages:

  • Modules - Enable the Monitoring module (checked by default)
  • PHP Requirements - The wizard checks for required PHP extensions. All should show green if you installed the packages from Step 3
  • Authentication Type - Select "Database" for local user authentication
  • Database Resource - Enter the icingaweb2 database credentials: host localhost, database name icingaweb2, username icingaweb2, and the password you set in Step 4
  • Authentication Backend - Keep the default name "icingaweb2"
  • Admin Account - Create an admin username and password for the web interface
  • Application Configuration - Set logging type, logging level, and application prefix. Defaults work fine

Step 7: Configure the Monitoring Module

After the general setup finishes, the wizard continues with Monitoring module configuration. This connects Icinga Web 2 to the Icinga 2 backend so you can view hosts, services, and events in the dashboard.

  • Monitoring Backend - Select "IDO" as the backend type. This uses the Icinga 2 IDO MySQL database that stores all monitoring data
  • IDO Resource - Enter the Icinga 2 IDO database credentials: host localhost, database name icinga (or whatever you named the IDO database during Icinga 2 setup), username icinga, and its password
  • Command Transport - Select "Icinga 2 API" as the transport type. Enter the API host (localhost), port (5665), API username (root), and API password from your Icinga 2 API user configuration at /etc/icinga2/conf.d/api-users.conf
  • Monitoring Security - Configure which custom variables to protect from being displayed. The default *pw*,*pass*,community pattern hides password-related variables

Click Finish to complete the setup. You will be redirected to the Icinga Web 2 login page. Log in with the admin account you created during the wizard.

Step 8: Configure the Grafana Module

The Grafana module for Icinga Web 2 embeds Grafana panels directly into the host and service detail views. This gives you performance graphs without leaving the monitoring dashboard. You need a running Grafana instance with an Icinga 2 data source configured.

Install the Grafana module from the official GitHub repository.

MODULE_VERSION=$(curl -s https://api.github.com/repos/Mikesch-mp/icingaweb2-module-grafana/releases/latest | grep tag_name | cut -d '"' -f 4)
sudo git clone https://github.com/Mikesch-mp/icingaweb2-module-grafana.git /usr/share/icingaweb2/modules/grafana --branch "${MODULE_VERSION}"

Enable the module using the Icinga CLI.

sudo icingacli module enable grafana

Create the module configuration directory and config file.

sudo mkdir -p /etc/icingaweb2/modules/grafana

Create the configuration file with your Grafana connection details.

sudo vi /etc/icingaweb2/modules/grafana/config.ini

Add the following configuration, replacing the host and protocol values to match your Grafana setup.

[grafana]
host = "localhost:3000"
protocol = "http"
defaultdashboard = "icinga2-default"
defaultdashboardstore = "db"
accessmode = "proxy"
timeout = "10"
directrefresh = "yes"
height = "280"
width = "640"

Set proper ownership on the module configuration.

sudo chown -R apache:icingaweb2 /etc/icingaweb2/modules/grafana

After saving the config, go to Icinga Web 2 > Configuration > Modules > grafana in the browser to verify the connection and configure Grafana dashboards for your hosts and services.

Step 9: Configure Firewall Rules

Open HTTP and HTTPS ports in firewalld so you can access Icinga Web 2 from your browser.

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Verify the rules are active.

sudo firewall-cmd --list-services

The output should include http and https in the list of allowed services.

cockpit dhcpv6-client http https ssh

Step 10: Configure SELinux Policies for Icinga Web 2

RHEL 10 and Rocky Linux 10 run SELinux in enforcing mode by default. The icingaweb2-selinux package we installed in Step 2 provides the base policy. A few additional SELinux booleans need to be set depending on your setup.

Allow Apache to connect to the database and the Icinga 2 API.

sudo setsebool -P httpd_can_network_connect on
sudo setsebool -P httpd_can_network_connect_db on

If you use LDAP authentication for Icinga Web 2, also enable the LDAP boolean.

sudo setsebool -P httpd_can_connect_ldap on

Verify the booleans are set correctly.

getsebool httpd_can_network_connect httpd_can_network_connect_db

Both values should show on.

httpd_can_network_connect --> on
httpd_can_network_connect_db --> on

Ensure the Icinga Web 2 configuration directory has the correct SELinux context.

sudo restorecon -Rv /etc/icingaweb2/

Conclusion

Icinga Web 2 is now running on your RHEL 10 / Rocky Linux 10 server with MariaDB, Apache, the Monitoring module connected to Icinga 2, and the Grafana module ready for performance graphs. Access the dashboard at http://your-server-ip/icingaweb2 and start monitoring your infrastructure.

For a production deployment, secure the web interface with an SSL/TLS certificate from Let's Encrypt, restrict access to trusted networks using firewall zones or Apache ACLs, and set up regular database backups for both the icinga and icingaweb2 databases.

Josphat Mutai

Founder of Computingforgeeks. Expertise in Virtualization, Cloud, Linux/UNIX Administration, Automation,Storage Systems, Containers, Server Clustering e.t.c.

Related Articles

CentOS How To Install ElasticSearch 7.x on CentOS 7 / RHEL 7 AlmaLinux Install Nomachine RDP on Rocky Linux 8/AlmaLinux 8 CentOS Install and Configure Virtualmin on CentOS 8 | RHEL 8 CentOS Install FreeRADIUS and Daloradius on CentOS 7 / RHEL 7

Leave a Comment

Press ESC to close