Icinga2 can check various things using nagios-style scripts.

It can also run specific commands, as far as they provide the required return code.

When dealing with automated upgrades or multiple users managing different parts of apache or nginx configuration files, it's best to check if the overall configuration is still correct.

Icinga2 can periodically checks for apache2ctl -t / nginx -t, and warns if anything is wrong.

It requires new commands. One for apache and one for nginx.

For apache2:

object CheckCommand "Apache check command" {
    import "plugin-check-command"
    command = "/usr/bin/sudo /usr/sbin/apache2ctl -t || exit 2"

For nginx:

object CheckCommand "Nginx check command" {
    import "plugin-check-command"
    command = "/usr/bin/sudo /usr/sbin/nginx -t || exit 2"

If using Icinga director, make sure to enable the "Render as string" option.

Sudo rules to allow icinga2 to run as root those commands, assuming icinga2 runs as nagios user:

nagios ALL=(root) NOPASSWD: /usr/sbin/apache2ctl -t
nagios ALL=(root) NOPASSWD: /usr/sbin/nginx -t

Once done, create a service on required hosts. If anything goes wrong, you'll know why !

icinga-apache-config-service.png, déc. 2021

apache configuration is not ok, déc. 2021