extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-08-09 16:45:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Migrate to PHP-FPM for all Web images

Browse Source
This commit is contained in:
Alexey Pustovalov
2025-01-13 19:24:39 +09:00
parent 5d9fbca9ea
commit 05daffc99e
127 changed files with 3828 additions and 1782 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
Dockerfiles/web-nginx-pgsql/alpine/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix"
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with PostgreSQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"]
RUN set -eux && \
@ -84,17 +85,17 @@ RUN set -eux && \
rm -f /etc/nginx/http.d/*.conf && \
ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log && \
cd /usr/share/zabbix/ && \
cd ${ZABBIX_WWW_ROOT}/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chgrp -R 0 /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chmod -R g=u /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
@ -102,9 +103,12 @@ RUN set -eux && \
chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \
chmod -R g=u /var/lib/php/session/ /var/lib/nginx/
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix
WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"]

1
Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php83/php-fpm.conf
View File

@ -5,5 +5,6 @@ include=/etc/php83/php-fpm.d/*.conf
pid = /tmp/php-fpm.pid
error_log = /dev/fd/2
log_level = notice
daemonize = no

9
Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf
View File

@ -46,8 +46,17 @@ server {
return 404;
}
location = /nginx-status {
access_log off;
allow 127.0.0.1;
allow ::1;
deny all;
stub_status;
}
location ~ ^/(status|ping)$ {
access_log off;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;

123
Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh
View File

@ -18,14 +18,19 @@ fi
# Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"}
# Default user
# Default user settings
: ${DAEMON_USER:="nginx"}
: ${DAEMON_GROUP:="nginx"}
# Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# Nginx virtual hosts configuration directory
NGINX_CONFD_DIR="/etc/nginx/http.d"
# Directory with SSL certificate files for Nginx
NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -133,12 +138,15 @@ check_db_connect() {
}
prepare_web_server() {
NGINX_CONFD_DIR="/etc/nginx/http.d"
NGINX_SSL_CONFIG="/etc/ssl/nginx"
if [ "$(id -u)" == '0' ]; then
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
fi
if [ ! -f "/proc/net/if_inet6" ]; then
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
echo "** Adding Zabbix virtual host (HTTP)"
@ -148,7 +156,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host"
fi
if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
echo "** Enable SSL support for Nginx"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@ -158,12 +166,53 @@ prepare_web_server() {
else
echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
prepare_zbx_web_config() {
echo "** Preparing Zabbix frontend configuration file"
PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
prepare_zbx_php_config() {
echo "** Preparing PHP configuration"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@ -173,12 +222,10 @@ prepare_zbx_web_config() {
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi
: ${ZBX_DENY_GUI_ACCESS:="false"}
@ -226,55 +273,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp"
fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################
@ -283,8 +289,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with PostgreSQL database"
check_variables
check_db_connect
prepare_zbx_php_config
prepare_web_server
prepare_zbx_web_config
prepare_zbx_config
echo "########################################################"