Monit on Ubuntu 24.04 on Azure User Guide
Overview
This image runs Monit 5.33.0, a small, self contained daemon that both supervises processes and monitors the health of a host, on Ubuntu 24.04 LTS. Monit watches the things you tell it to care about, system load, CPU, memory and swap, filesystem space, and individual processes, and it acts automatically when something goes wrong: it can restart a service that has died and alert you when a threshold is crossed. Everything it manages is visible on a single built in web dashboard that shows each monitored item, its current status, and the live system metrics, refreshed on a short interval.
The cloudimg image is secure by default. Monit's built in web server is bound only to the loopback interface, fronted by an nginx reverse proxy on port 80. The dashboard is protected by HTTP Basic authentication with a unique password generated on first boot for each instance and written to a root only file. The notorious default admin:monit web login that ships commented out in the stock configuration is never enabled, no credential is baked into the image, and no two deployments share one.
What is included:
- Monit 5.33.0 installed from the Ubuntu 24.04 package, running as the stock
monit.service - Monit's built in web dashboard bound to
127.0.0.1:2812, fronted by nginx on port80 - An unauthenticated
/healthzendpoint on nginx for Azure Load Balancer probes - A one shot
monit-firstboot.servicethat generates a per instance password on first boot and writes it to/root/monit-info.txt(mode0600) - HTTP Basic authentication (username
admin) protecting the web dashboard - A ready to use set of checks (system load and memory, the root filesystem, and the nginx web front) so the dashboard is populated the moment the instance boots
- A fully patched Ubuntu 24.04 LTS base with unattended security upgrades enabled
- 24/7 cloudimg support
Monit is published by the Monit project (Tildeslash) under the GNU AGPL 3.0 licence. This image is packaged by cloudimg and is not affiliated with or endorsed by the Monit project.
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is ample for monitoring a single host. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web dashboard. Monit serves plain HTTP on port 80; for production or shared access, terminate TLS in front of it with your own domain using a reverse proxy or Azure Application Gateway.
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Monit by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Then Review + create then Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name monit \
--image <marketplace-image-urn> \
--size Standard_B2s \
--admin-username azureuser \
--ssh-key-values ~/.ssh/id_ed25519.pub \
--vnet-name <your-vnet> --subnet <your-subnet> \
--public-ip-sku Standard
az vm open-port --resource-group <your-rg> --name monit --port 80 --priority 1010
Step 3 - Connect to your VM
ssh azureuser@<vm-public-ip>
Step 4 - Confirm the services are running
Monit runs as monit.service, with its web server on the loopback interface fronted by nginx on port 80. A one shot monit-firstboot.service runs once on first boot to generate the per instance password. Confirm all three units are active, and that nginx is listening on port 80 while Monit's web server stays private on 127.0.0.1:2812:
sudo systemctl is-active nginx monit monit-firstboot
sudo ss -tlnp | grep -E ':80 |:2812 '
Expected output:
active
active
active
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",...))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",...))
LISTEN 0 5 127.0.0.1:2812 0.0.0.0:* users:(("monit",...))
Monit's web server listens only on 127.0.0.1, so it is never reachable directly from the network; every request goes through nginx on port 80.

Step 5 - Retrieve your per instance credentials
The dashboard is protected by HTTP Basic authentication. The username is admin and the password is generated uniquely for this instance on first boot and stored in a root only file. Read it with:
sudo cat /root/monit-info.txt
You will see the access URL, the username and the per instance password:
monit_url=http://<vm-ip>/
monit_username=admin
monit_password=<your-unique-password>

Keep this password safe. It is unique to this VM; no default password ships in the image.
Step 6 - Confirm the dashboard is secure by default
The /healthz endpoint used by load balancer probes is intentionally open and returns 200. The dashboard itself requires the credentials, so an unauthenticated request returns 401, while supplying the per instance credentials returns 200. Replace <monit-password> with the password from /root/monit-info.txt:
curl -s -o /dev/null -w 'no credentials: %{http_code}\n' http://127.0.0.1/
curl -s -o /dev/null -w 'health probe: %{http_code}\n' http://127.0.0.1/healthz
curl -s -o /dev/null -w 'with password: %{http_code}\n' -u admin:<monit-password> http://127.0.0.1/
Expected output:
no credentials: 401
health probe: 200
with password: 200

Step 7 - Read the monitored services from the command line
Monit ships a command line client that talks to the same daemon. Confirm the version and print the live summary of every monitored item and its status:
monit -V | head -1
sudo monit summary
Expected output (the System entry plus the nginx process and the root filesystem, all reporting OK):
This is Monit version 5.33.0
Monit 5.33.0 uptime: 5m
Service Name Status Type
monit OK System
nginx OK Process
rootfs OK Filesystem

The checks that populate this list are defined in /etc/monit/conf.d/. You can add your own by dropping extra check stanzas there and running sudo monit reload; see the Monit documentation for the full check syntax.
Step 8 - Open the web dashboard
In a browser, open http://<vm-public-ip>/ and sign in as admin with the per instance password. The Monit Service Manager page lists every monitored item, the System entry with live load, CPU, memory and swap, the nginx process, and the root filesystem, each with an at a glance OK status.

Selecting the System entry opens its detail page: load average, a full CPU breakdown, memory and swap usage, uptime, and the alert thresholds configured for each metric, so you can see exactly when Monit will raise an alert.

Selecting a monitored process, such as nginx, shows its process detail: the pid file Monit tracks, the current pid, uptime, CPU and memory, and the start and stop programs Monit uses to heal the service automatically if it stops responding.

Selecting the root filesystem shows its detail: filesystem type and flags, total and free space, inode usage and read and write rates, so you can watch disk capacity alongside everything else.

Enabling HTTPS for production
Monit serves plain HTTP on port 80 behind nginx. For production or shared access, put your own TLS certificate in front of it. Point a DNS record at the VM's public IP, then terminate TLS with Azure Application Gateway or extend the nginx configuration in /etc/nginx/sites-available/cloudimg-monit with a certbot issued certificate for your domain. Restrict port 80 to your Application Gateway or management network in the NSG once TLS is in place.
Support
Every cloudimg image includes 24/7 support, 365 days a year, by email and live chat with a 24 hour response SLA. Contact support@cloudimg.co.uk with the product name and your Azure region and we will help.