This guide walks you through installing Icinga 2 and its web front‑end on CentOS 8, covering everything from repository setup to database configuration, SELinux tuning, firewall adjustments, and the initial wizard steps. It begins by listing prerequisites—a fresh OS install, root or sudo access, an internet connection, and a few command‑line basics—then shows how to add Icinga’s official RPM repo with a single download. After installing the core packages and the ido‑mysql module, you’ll enable SELinux booleans so Apache can read Icinga configuration and talk to MariaDB, open HTTP, HTTPS, and port 5665 in firewalld, and start the services; the database is created, secured, and seeded with the proper schema. Finally, the tutorial guides you through the web UI wizard, adding a host via icingacli, reloading Icinga 2, and offers quick fixes for common pitfalls such as SELinux blocks or missing IDO data.

Install and Configure Icinga2 and Its Web Front‑End on CentOS 8

You’ll learn how to get a fully functional Icinga2 monitoring stack up and running on CentOS 8, including the web UI that turns raw metrics into pretty dashboards. The guide walks through adding the official repo, installing core packages, tuning SELinux, opening the right firewall ports, and hooking everything together with MariaDB for the web interface. By the end you’ll have a working system that keeps an eye on your servers without the headache of manual config files.

1 . Prerequisites: What You Need

• CentOS 8 (or stream) freshly installed, fully updated
• Root or sudo privileges
• A machine with internet access – Icinga2’s repo sits on GitHub mirrors
• Basic familiarity with the command line; you’ll be typing a few commands anyway

If your host is behind a strict corporate proxy, make sure http_proxy and https_proxy environment variables are set for all tools that need them.

2 . Add the Official Icinga Repository

Icinga maintains an RPM repo that keeps everything in sync with its upstream releases. Without it you’d have to manually download each package, which is a pain and often leads to version mismatches.

# Install the repo package first
dnf install -y https://packages.icinga.com/icinga-repo-release.rpm

The repo file lands in /etc/yum.repos.d. Check it:

cat /etc/yum.repos.d/icinga.repo

You should see entries for icinga2 and icingaweb2. If you’re on CentOS 8, the packages are built against python3, so no conflict with system Python.

3 . Install Icinga2 Core

dnf install -y icinga2 icinga2-ido-mysql

icinga2-ido-mysql gives you the IDO (Icinga Data Output) module, which lets Icinga push its state into a MySQL/MariaDB database. This is required for the web UI to display live status.

Once installed, start and enable the service:

systemctl enable --now icinga2

Check the logs if something feels off:

journalctl -u icinga2 -f

4 . Configure SELinux for Icinga

CentOS 8 ships with SELinux enforcing by default, and that’s great unless you forget to set the proper booleans. The web UI needs to read /etc/icinga2 and write to its database directory.

# Let Apache (or Nginx) read Icinga config files
semanage fcontext -a -t httpd_config_t "/etc/icinga2(/.*)?"
restorecon -R /etc/icinga2

# Allow the web server to talk to MariaDB
setsebool -P httpd_can_network_connect_db 1

If you hit a 403 on /icingaworkspace, chances are you forgot one of those booleans.

5 . Open Firewall Ports

Icinga2 uses port 5665 for its agent communication, and the web UI needs HTTP/HTTPS. Add them to firewalld:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=5665/tcp
firewall-cmd --reload

6 . Prepare MariaDB (or MySQL) for Icinga Web

The web UI expects a dedicated database with the proper schema. If you don’t already have MariaDB, install it:

dnf install -y mariadb-server
systemctl enable --now mariadb

Secure the installation and create the database:

mysql_secure_installation   # set root password, remove test dbs

# Log in as root
mysql -u root -p

CREATE DATABASE icingaweb2;
GRANT ALL PRIVILEGES ON icingaweb2.* TO 'icingaweb'@'localhost' IDENTIFIED BY 'YourStrongPassword';
FLUSH PRIVILEGES;
EXIT;

7 . Install Icinga Web 2 and its Dependencies

dnf install -y icingaweb2 icingacli php-fpm php-mysqlnd php-xml php-gd php-cli

Enable PHP-FPM for Apache:

systemctl enable --now php-fpm

Now start the web UI service:

systemctl enable --now icingaweb2-http

8 . Initial Web Setup (Wizard)

Open a browser and navigate to http://<your-server>/icingaweb2. You’ll hit the “Welcome” wizard.

1. Database – pick “MySQL/MariaDB”, fill in host, database name (icingaweb2), user (icingaweb) and password you set earlier.

2. Backend – choose Icinga 2 Backend, provide the path to your Icinga2 config (usually /etc/icinga2).

3. Frontend – pick a theme, set an admin account.

If the wizard complains “Could not connect to MariaDB”, double‑check that httpd_can_network_connect_db is enabled and that you used the correct credentials.

9 . Add Your First Host

From the command line:

icingacli object create host myserver --template "generic-host" \
  --param address="192.168.1.10" \
  --param max_check_attempts=3 --param check_interval=5m

Then reload Icinga2:

systemctl reload icinga2

The new host will appear in the web UI’s “Hosts” page after a few seconds.

10 . Common Pitfalls and Quick Fixes

• 404 on /icingaworkspace – SELinux is still blocking Apache from reading the workspace directory. Run setsebool -P httpd_read_user_content 1.
• “Connection refused” to port 5665 – The Icinga2 service isn’t listening yet. Check with ss -tlnp | grep 5665. If it’s not there, look in /var/log/icinga2/icinga2.log for errors.
• Empty dashboards – You forgot to enable the IDO module or seed the database. Make sure icinga2-ido-mysql is running and that you ran icingacli ido mysql initdb.

11 . Wrap‑Up

That’s it. You’ve got a monitoring stack on CentOS 8 that shows real data, alerts on failures, and lets you drill down via a tidy web UI. Keep an eye on the logs; they’re your best friend when something goes sideways.