Added Zabbix web-interface with MySQL and Nginx support based on RHEL image

web-nginx-mysql/rhel/conf/etc/nginx/nginx.conf

@@ -0,0 +1,71 @@
+#user nginx;
+worker_processes 5;
+worker_rlimit_nofile 256000;
+
+error_log /dev/fd/2 error;
+
+pid        /tmp/nginx.pid;
+
+events {
+    worker_connections 5120;
+    use epoll;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /dev/fd/1 main;
+    error_log /dev/fd/2 error;
+
+    client_body_temp_path /tmp/client_body 1 2;
+    proxy_temp_path /tmp/proxy 1 2;
+    fastcgi_temp_path /tmp/fastcgi 1 2;
+    uwsgi_temp_path /tmp/uwsgi 1 2;
+    scgi_temp_path /tmp/scgi 1 2;
+
+    client_body_timeout             5m;
+    send_timeout                    5m;
+
+    connection_pool_size            4096;
+    client_header_buffer_size       4k;
+    large_client_header_buffers     4 4k;
+    request_pool_size               4k;
+    reset_timedout_connection       on;
+
+
+    gzip                            on;
+    gzip_min_length                 100;
+    gzip_buffers                    4 8k;
+    gzip_comp_level                 5;
+    gzip_types                      text/plain;
+    gzip_types                      application/x-javascript;
+    gzip_types                      text/css;
+
+    output_buffers                  128 512k;
+    postpone_output                 1460;
+    aio                             on;
+    directio                        512;
+
+    sendfile                        on;
+    client_max_body_size            8m;
+    client_body_buffer_size	    256k;
+    fastcgi_intercept_errors        on;
+
+    tcp_nopush                      on;
+    tcp_nodelay                     on;
+
+    keepalive_timeout               75 20;
+
+    ignore_invalid_headers          on;
+
+    index                           index.php;
+    server_tokens                   off;
+
+    include /etc/nginx/conf.d/*.conf;
+}

web-nginx-mysql/rhel/conf/etc/php-fpm.conf

@@ -0,0 +1,9 @@
+include=/etc/php-fpm.d/*.conf
+
+[global]
+
+pid = /tmp/php-fpm.pid
+
+error_log = /dev/fd/2
+
+daemonize = no

web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf

@@ -0,0 +1,25 @@
+[zabbix]
+
+listen = /tmp/php-fpm.sock
+
+pm = dynamic
+pm.max_children = 50
+pm.start_servers = 5
+pm.min_spare_servers = 5
+pm.max_spare_servers = 35
+
+slowlog = /dev/fd/1
+
+php_admin_value[error_log] = /dev/fd/2
+php_admin_flag[log_errors] = on
+
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+
+php_value[max_execution_time]= 300
+php_value[memory_limit]= 128M
+php_value[post_max_size]= 16M
+php_value[upload_max_filesize]= 2M
+php_value[max_input_time]= 300
+php_value[max_input_vars]= 10000
+; php_value[date.timezone]= Europe/Riga

web-nginx-mysql/rhel/conf/etc/supervisor/conf.d/supervisord_web_nginx.conf

@@ -0,0 +1,30 @@
+[supervisord]
+nodaemon = true
+
+[program:nginx]
+command = /usr/sbin/%(program_name)s -g "daemon off;" -c /etc/nginx/%(program_name)s.conf
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+
+[program:php-fpm]
+command = /usr/sbin/%(program_name)s -F -y /etc/%(program_name)s.conf
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0

web-nginx-mysql/rhel/conf/etc/supervisor/supervisord.conf

@@ -0,0 +1,35 @@
+; supervisor config file
+
+[unix_http_server]
+file = /tmp/supervisor.sock   ; (the path to the socket file)
+chmod = 0700                       ; sockef file mode (default 0700)
+username = zbx
+password = password
+
+[supervisord]
+logfile = /dev/stdout                        ; (main log file;default $CWD/supervisord.log)
+pidfile = /tmp/supervisord.pid           ; (supervisord pidfile;default supervisord.pid)
+childlogdir = /tmp                           ; ('AUTO' child log dir, default $TEMP)
+critical = critical
+;user = zabbix
+logfile_maxbytes = 0
+logfile_backupcount = 0
+loglevel = info
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf

web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo

@@ -0,0 +1,8 @@
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+

web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf

@@ -0,0 +1,74 @@
+server {
+    listen          8080;
+    server_name     zabbix;
+    index           index.php;
+
+    access_log      /dev/fd/1 main;
+    error_log       /dev/fd/2 notice;
+
+    set $webroot '/usr/share/zabbix';
+
+    root $webroot;
+
+    large_client_header_buffers 8 8k;
+    client_max_body_size 10M;
+
+
+    location = /favicon.ico {
+        log_not_found off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # deny running scripts inside writable directories
+    location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
+        return 403;
+        error_page 403 /403_error.html;
+    }
+
+    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    # caching of files
+    location ~* \.(ico|pdf|flv)$ {
+        expires 1y;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
+        expires 14d;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location ~ .php$ {
+        fastcgi_pass   unix:/tmp/php-fpm.sock;
+        fastcgi_index  index.php;
+
+        fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
+
+        include fastcgi_params;
+        fastcgi_param  QUERY_STRING     $query_string;
+        fastcgi_param  REQUEST_METHOD   $request_method;
+        fastcgi_param  CONTENT_TYPE     $content_type;
+        fastcgi_param  CONTENT_LENGTH   $content_length;
+        fastcgi_intercept_errors        on;
+        fastcgi_ignore_client_abort     off;
+        fastcgi_connect_timeout 60;
+        fastcgi_send_timeout 180;
+        fastcgi_read_timeout 180;
+        fastcgi_buffer_size 128k;
+        fastcgi_buffers 4 256k;
+        fastcgi_busy_buffers_size 256k;
+        fastcgi_temp_file_write_size 256k;
+    }
+}

web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf

@@ -0,0 +1,98 @@
+server {
+    listen          8443 http2;
+    server_name     zabbix;
+    server_name_in_redirect off;
+
+    index  index.php;
+    access_log      /dev/fd/1 main;
+    error_log       /dev/fd/2 error;
+
+    set $webroot '/usr/share/zabbix';
+
+    root $webroot;
+
+    large_client_header_buffers 8 8k;
+
+    client_max_body_size 10M;
+
+
+    ssl on;
+#    ssl_stapling on;
+    ssl_certificate     /etc/ssl/nginx/ssl.crt;
+    ssl_certificate_key /etc/ssl/nginx/ssl.key;
+    ssl_dhparam /etc/ssl/nginx/dhparam.pem;
+
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_verify_depth 3;
+    ssl_session_cache    shared:SSL:10m;
+    ssl_session_timeout  10m;
+    ssl_prefer_server_ciphers on;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
+    add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
+
+    location =/nginx_status {
+        stub_status on;
+        access_log   off;
+        allow 127.0.0.1;
+        deny all;
+    }
+
+    location = /favicon.ico {
+        log_not_found off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }   
+
+    # deny running scripts inside writable directories
+    location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
+        return 403;
+        error_page 403 /403_error.html;
+    }
+
+    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    # caching of files
+    location ~* \.(ico|pdf|flv)$ {
+        expires 1y;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
+        expires 14d;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location ~ .php$ {
+        fastcgi_pass   unix:/tmp/php-fpm.sock;
+        fastcgi_index  index.php;
+
+        fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
+
+        include fastcgi_params;
+        fastcgi_param  QUERY_STRING     $query_string;
+        fastcgi_param  REQUEST_METHOD   $request_method;
+        fastcgi_param  CONTENT_TYPE     $content_type;
+        fastcgi_param  CONTENT_LENGTH   $content_length;
+        fastcgi_intercept_errors        on;
+        fastcgi_ignore_client_abort     off;
+        fastcgi_connect_timeout 60;
+        fastcgi_send_timeout 180;
+        fastcgi_read_timeout 180;
+        fastcgi_buffer_size 128k;
+        fastcgi_buffers 4 256k;
+        fastcgi_busy_buffers_size 256k;
+        fastcgi_temp_file_write_size 256k;
+    }
+}

web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php

@@ -0,0 +1,38 @@
+<?php
+// Zabbix GUI configuration file.
+global $DB, $HISTORY;
+
+$DB['TYPE']     = 'MYSQL';
+$DB['SERVER']   = '{DB_SERVER_HOST}';
+$DB['PORT']     = '{DB_SERVER_PORT}';
+$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
+$DB['USER']     = '{DB_SERVER_USER}';
+$DB['PASSWORD'] = '{DB_SERVER_PASS}';
+
+// Schema name. Used for IBM DB2 and PostgreSQL.
+$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
+
+$ZBX_SERVER      = '{ZBX_SERVER_HOST}';
+$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
+$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
+
+// Used for TLS connection.
+$DB['ENCRYPTION']		= {ZBX_DB_ENCRYPTION};
+$DB['KEY_FILE']			= '{ZBX_DB_KEY_FILE}';
+$DB['CERT_FILE']		= '{ZBX_DB_CERT_FILE}';
+$DB['CA_FILE']			= '{ZBX_DB_CA_FILE}';
+$DB['VERIFY_HOST']		= {ZBX_DB_VERIFY_HOST};
+$DB['CIPHER_LIST']		= '{ZBX_DB_CIPHER_LIST}';
+
+// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
+// This option is enabled by default for new Zabbix installations.
+// For upgraded installations, please read database upgrade notes before enabling this option.
+$DB['DOUBLE_IEEE754']	= {DB_DOUBLE_IEEE754};
+
+
+$IMAGE_FORMAT_DEFAULT	= IMAGE_FORMAT_PNG;
+
+// Elasticsearch url (can be string if same url is used for all types).
+$HISTORY['url']   = '{ZBX_HISTORYSTORAGEURL}';
+// Value types stored in Elasticsearch.
+$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};