zabbix-docker/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf

LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so

Listen 8443

SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512

AddType application/x-x509-ca-cert .crt

SSLSessionCache     shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout  300

<VirtualHost *:8443>
    # Enable/Disable SSL for this virtual host.
    SSLEngine on

    # intermediate configuration
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
    SSLHonorCipherOrder     off
    SSLSessionTickets       off

    SSLCertificateFile /etc/ssl/apache2/ssl.crt
    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
    # SSLCACertificatePath /etc/ssl/apache2/chain/

    # enable HTTP/2, if available
    Protocols h2 http/1.1

    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
    Header always set Strict-Transport-Security "max-age=63072000"

    <LocationMatch "/(ping|status)">
        Require all granted

        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
    </LocationMatch>

    <Directory "/usr/share/zabbix">
        Options FollowSymLinks
        AllowOverride None
        Require all granted

        <FilesMatch \.php$>
            SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
        </FilesMatch>

        <filesMatch "\.(ico)$">
            ExpiresActive On
            ExpiresDefault "access plus 1 year"
            Header append Cache-Control "public"
        </filesMatch>

        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
            ExpiresActive On
            ExpiresDefault "access plus 14 day"
            Header append Cache-Control "public"
        </filesMatch>
    </Directory>

    <Directory "/usr/share/zabbix/conf">
        Require all denied
        <files *.php>
            Require all denied
        </files>
    </Directory>

    <Directory "/usr/share/zabbix/app">
        Require all denied
        <files *.php>
            Require all denied
        </files>
    </Directory>

    <Directory "/usr/share/zabbix/include">
        Require all denied
        <files *.php>
            Require all denied
        </files>
    </Directory>

    <Directory "/usr/share/zabbix/local">
        Require all denied
        <files *.php>
            Require all denied
        </files>
    </Directory>

    <Directory "/usr/share/zabbix/locale">
        Require all denied
        <files *.php>
            Require all denied
        </files>
    </Directory>

    <Directory "/usr/share/zabbix/vendor">
        Require all denied
        <files *.php>
            Require all denied
        </files>
    </Directory>
</VirtualHost>
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so`
			`LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so`
Added Centos images 2018-02-18 21:45:33 +01:00
Updated CentOS images 2020-04-26 18:45:42 +02:00			`Listen 8443`
Added Centos images 2018-02-18 21:45:33 +01:00
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`SSLRandomSeed startup builtin`
			`SSLRandomSeed startup file:/dev/urandom 512`
			`SSLRandomSeed connect builtin`
			`SSLRandomSeed connect file:/dev/urandom 512`
Added Centos images 2018-02-18 21:45:33 +01:00
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`AddType application/x-x509-ca-cert .crt`
Added Centos images 2018-02-18 21:45:33 +01:00
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)`
			`SSLSessionCacheTimeout 300`
Fixed HTTPS on CentOS 2018-09-28 12:44:57 +02:00
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`<VirtualHost *:8443>`
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`# Enable/Disable SSL for this virtual host.`
			`SSLEngine on`
Optimizations for Nginx/Apache configs 2021-06-09 01:48:27 +02:00
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`# intermediate configuration`
			`SSLProtocol -all +TLSv1.2 +TLSv1.3`
			`SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305`
			`SSLHonorCipherOrder off`
			`SSLSessionTickets off`
Fixed HTTPS on CentOS 2018-09-28 12:44:57 +02:00
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`SSLCertificateFile /etc/ssl/apache2/ssl.crt`
			`SSLCertificateKeyFile /etc/ssl/apache2/ssl.key`
			`# SSLCACertificatePath /etc/ssl/apache2/chain/`
Added PHP status and ping pages processing 2022-08-15 16:35:34 +02:00
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`# enable HTTP/2, if available`
			`Protocols h2 http/1.1`

			`# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)`
			`Header always set Strict-Transport-Security "max-age=63072000"`

			`<LocationMatch "/(ping\|status)">`
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`Require all granted`
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00
			`SetHandler "proxy:unix:/tmp/php-fpm.sock\|fcgi://localhost"`
			`</LocationMatch>`

			`<Directory "/usr/share/zabbix">`
			`Options FollowSymLinks`
			`AllowOverride None`
			`Require all granted`

Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`<FilesMatch \.php$>`
Added PHP status and ping pages processing 2022-08-15 16:35:34 +02:00			`SetHandler "proxy:unix:/tmp/php-fpm.sock\|fcgi://localhost"`
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`</FilesMatch>`

			`<filesMatch "\.(ico)$">`
			`ExpiresActive On`
			`ExpiresDefault "access plus 1 year"`
			`Header append Cache-Control "public"`
			`</filesMatch>`

			`<filesMatch "\.(js\|css\|png\|jpg\|jpeg\|gif\|xml\|txt)$">`
			`ExpiresActive On`
			`ExpiresDefault "access plus 14 day"`
			`Header append Cache-Control "public"`
			`</filesMatch>`
			`</Directory>`

			`<Directory "/usr/share/zabbix/conf">`
			`Require all denied`
			`<files *.php>`
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`Require all denied`
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`</files>`
			`</Directory>`

			`<Directory "/usr/share/zabbix/app">`
			`Require all denied`
			`<files *.php>`
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`Require all denied`
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`</files>`
			`</Directory>`

			`<Directory "/usr/share/zabbix/include">`
			`Require all denied`
			`<files *.php>`
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`Require all denied`
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`</files>`
			`</Directory>`

			`<Directory "/usr/share/zabbix/local">`
			`Require all denied`
			`<files *.php>`
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`Require all denied`
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`</files>`
			`</Directory>`

			`<Directory "/usr/share/zabbix/locale">`
			`Require all denied`
			`<files *.php>`
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`Require all denied`
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`</files>`
			`</Directory>`

			`<Directory "/usr/share/zabbix/vendor">`
			`Require all denied`
			`<files *.php>`
Migrate to PHP-FPM for all Web images 2025-01-14 06:48:23 +01:00			`Require all denied`
Migrate to PHP-FPM for all Web images 2025-01-13 11:24:39 +01:00			`</files>`
			`</Directory>`
			`</VirtualHost>`