extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-02-23 05:10:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Migrate to PHP-FPM for all Web images

Browse Source
This commit is contained in:
Alexey Pustovalov 2025-01-13 19:24:39 +09:00
parent 5d9fbca9ea
commit 05daffc99e
127 changed files with 3828 additions and 1782 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfiles/agent/windows/docker-entrypoint.ps1
View File

@ -130,8 +130,8 @@ function File-Process-From-Env {
) )
if (![string]::IsNullOrEmpty($VarValue)) { if (![string]::IsNullOrEmpty($VarValue)) {
$VarValue | Set-Content "$ZabbixInternalEncDir\$VarName" $VarValue | Set-Content "$ZabbixInternalEncDir\VarName"
$FileName="$ZabbixInternalEncDir\$VarName" $FileName="$ZabbixInternalEncDir\VarName"
} }
Update-Config-Var $ZbxAgentConfig "$VarName" "$FileName" Update-Config-Var $ZbxAgentConfig "$VarName" "$FileName"

4
Dockerfiles/agent2/windows/docker-entrypoint.ps1
View File

@ -130,8 +130,8 @@ function File-Process-From-Env {
) )
if (![string]::IsNullOrEmpty($VarValue)) { if (![string]::IsNullOrEmpty($VarValue)) {
$VarValue | Set-Content "$ZabbixInternalEncDir\$VarName" $VarValue | Set-Content "$ZabbixInternalEncDir\VarName"
$FileName="$ZabbixInternalEncDir\$VarName" $FileName="$ZabbixInternalEncDir\VarName"
} }
Update-Config-Var $ZbxAgentConfig "$VarName" "$FileName" Update-Config-Var $ZbxAgentConfig "$VarName" "$FileName"

58
Dockerfiles/web-apache-mysql/alpine/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
@ -28,19 +29,19 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
RUN set -eux && \ RUN set -eux && \
INSTALL_PKGS="bash \ INSTALL_PKGS="bash \
tzdata \ tzdata \
apache2 \
curl \ curl \
mariadb-client \ mariadb-client \
mariadb-connector-c \ mariadb-connector-c \
php83-apache2 \ apache2-proxy \
php83-bcmath \ php83-bcmath \
php83-ctype \ php83-ctype \
php83-fpm \
php83-gd \ php83-gd \
php83-gettext \ php83-gettext \
php83-json \ php83-json \
@ -53,7 +54,8 @@ RUN set -eux && \
php83-fileinfo \ php83-fileinfo \
php83-xmlreader \ php83-xmlreader \
php83-xmlwriter \ php83-xmlwriter \
php83-openssl" && \ php83-openssl \
supervisor" && \
apk add \ apk add \
--no-cache \ --no-cache \
--clean-protected \ --clean-protected \
@ -81,38 +83,40 @@ RUN set -eux && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \ mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
rm -f "/etc/apache2/conf.d/default.conf" && \ rm -f "/etc/apache2/conf.d/default.conf" && \
rm -f "/etc/apache2/conf.d/ssl.conf" && \ rm -f "/etc/apache2/conf.d/ssl.conf" && \
sed -ri \ rm -f "/etc/apache2/conf.d/info.conf" && \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ rm -f "/etc/apache2/conf.d/mpm.conf" && \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ rm -f "/etc/apache2/conf.d/proxy.conf" && \
"/etc/apache2/httpd.conf" && \ rm -f "/etc/apache2/conf.d/userdir.conf" && \
sed -ri \ mkdir -p /var/lib/php/session && \
-e 's!^(\s*PidFile)\s+\S+!\1 "/tmp/httpd.pid"!g' \ rm -rf /etc/php83/php-fpm.d/www.conf && \
"/etc/apache2/conf.d/mpm.conf" && \
sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf && \
rm -rf "/var/run/apache2/" && \ rm -rf "/var/run/apache2/" && \
cd /usr/share/zabbix/ && \ cd ${ZABBIX_WWW_ROOT}/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chgrp -R 0 /etc/apache2/ /etc/php83/ && \ chgrp -R 0 /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chmod -R g=u /etc/apache2/ /etc/php83/ chmod -R g=u /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]
USER 1997 USER 1997
ENTRYPOINT ["docker-entrypoint.sh"] ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]

8
Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/conf.d/mime.conf Normal file
View File

@ -0,0 +1,8 @@
<IfModule mime_module>
TypesConfig /etc/apache2/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule mime_magic_module>
MIMEMagicFile /etc/apache2/magic
</IfModule>

75
Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/httpd.conf Normal file
View File

@ -0,0 +1,75 @@
ServerRoot /etc/apache2/
ServerRoot /var/www
DefaultRuntimeDir /tmp/apache2/
PidFile /tmp/apache2.pid
ServerName 127.0.0.1
IncludeOptional /etc/apache2/includes.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule unixd_module>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
</IfModule>
HostnameLookups Off
LogLevel warn
<IfModule log_config_module>
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
</IfModule>
ErrorLog /proc/self/fd/2
LogLevel warn
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
<FilesMatch "^\.">
Require all denied
</FilesMatch>
ServerTokens ${APACHE_SERVER_TOKENS}
ServerSignature ${APACHE_SERVER_SIGNATURE}
TraceEnable Off
AddDefaultCharset UTF-8
<IfModule status_module>
<Location /apache-status>
SetHandler server-status
Require local
</Location>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>

3
Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/includes.conf Normal file
View File

@ -0,0 +1,3 @@
IncludeOptional /etc/apache2/modules.conf
IncludeOptional /etc/apache2/conf.d/*.conf

24
Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf Normal file
View File

@ -0,0 +1,24 @@
LoadModule logio_module modules/mod_logio.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule status_module modules/mod_status.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so

10
Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini
View File

@ -1,10 +0,0 @@
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
memory_limit = ${ZBX_MEMORYLIMIT}
post_max_size = ${ZBX_POSTMAXSIZE}
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1
max_input_vars = 10000
date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

10
Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.conf Normal file
View File

@ -0,0 +1,10 @@
include=/etc/php83/php-fpm.d/*.conf
[global]
pid = /tmp/php-fpm.pid
error_log = /dev/fd/2
log_level = notice
daemonize = no

36
Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf Normal file
View File

@ -0,0 +1,36 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no
pm = ${PHP_FPM_PM}
pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
slowlog = /dev/fd/1
php_admin_value[error_log] = /dev/fd/2
php_admin_flag[log_errors] = on
catch_workers_output = yes
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars] = 10000
php_value[date.timezone] = ${PHP_TZ}
; PHP-FPM monitoring
pm.status_path = /status
ping.path = /ping

30
Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf Normal file
View File

@ -0,0 +1,30 @@
[supervisord]
nodaemon = true
[program:httpd]
command = /usr/sbin/%(program_name)s -D FOREGROUND
auto_start = true
autorestart = true
startsecs=2
startretries=3
stopsignal=TERM
stopwaitsecs=2
redirect_stderr=true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
[program:php-fpm83]
command = /usr/sbin/%(program_name)s -F -y /etc/php83/php-fpm.conf
auto_start = true
autorestart = true
startsecs=2
startretries=3
stopsignal=TERM
stopwaitsecs=2
redirect_stderr=true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0

35
Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/supervisord.conf Normal file
View File

@ -0,0 +1,35 @@
; supervisor config file
[unix_http_server]
file = /tmp/supervisor.sock ; (the path to the socket file)
chmod = 0700 ; sockef file mode (default 0700)
username = zbx
password = password
[supervisord]
logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log)
pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP)
critical = critical
;user = zabbix
logfile_maxbytes = 0
logfile_backupcount = 0
loglevel = info
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf

32
Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf
View File

@ -1,14 +1,44 @@
Listen 8080
<VirtualHost *:8080> <VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<LocationMatch "/(ping|status)">
Order Allow,Deny
Allow from all
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</LocationMatch>
<Directory "/usr/share/zabbix"> <Directory "/usr/share/zabbix">
Options FollowSymLinks Options FollowSymLinks
AllowOverride None AllowOverride None
Require all granted Require all granted
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

35
Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf
View File

@ -1,17 +1,20 @@
LoadModule ssl_module modules/mod_ssl.so LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
Listen 8443 Listen 8443
<IfModule mod_ssl.c>
<VirtualHost *:8443> <VirtualHost *:8443>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# Enable/Disable SSL for this virtual host. # Enable/Disable SSL for this virtual host.
SSLEngine on SSLEngine on
@ -31,10 +34,33 @@ Listen 8443
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000" Header always set Strict-Transport-Security "max-age=63072000"
<LocationMatch "/(ping|status)">
Order Allow,Deny
Allow from all
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</LocationMatch>
<Directory "/usr/share/zabbix"> <Directory "/usr/share/zabbix">
Options FollowSymLinks Options FollowSymLinks
AllowOverride None AllowOverride None
Require all granted Require all granted
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">
@ -85,4 +111,3 @@ Listen 8443
</files> </files>
</Directory> </Directory>
</VirtualHost> </VirtualHost>
</IfModule>

101
Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh
View File

@ -18,11 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user settings
: ${DAEMON_USER:="apache"}
: ${DAEMON_GROUP:="apache"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file # Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/httpd.conf" HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
# Apache additional configuration files directory
APACHE_SITES_DIR="/etc/apache2/conf.d"
# Directory with SSL certificate files for Apache
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -131,7 +139,12 @@ check_db_connect() {
} }
prepare_web_server() { prepare_web_server() {
APACHE_SITES_DIR=/etc/apache2/conf.d if [ "$(id -u)" == '0' ]; then
export APACHE_RUN_USER=${DAEMON_USER}
else
export APACHE_RUN_USER=$(id -n -u)
fi
export APACHE_RUN_GROUP=${DAEMON_GROUP}
echo "** Adding Zabbix virtual host (HTTP)" echo "** Adding Zabbix virtual host (HTTP)"
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@ -140,7 +153,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host" echo "**** Impossible to enable HTTP virtual host"
fi fi
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
echo "** Adding Zabbix virtual host (HTTPS)" echo "** Adding Zabbix virtual host (HTTPS)"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@ -150,10 +163,42 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
fi fi
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
: ${ENABLE_WEB_ACCESS_LOG:="true"}
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
export APACHE_CUSTOM_LOG="/dev/null"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
export APACHE_SERVER_TOKENS="OS"
export APACHE_SERVER_SIGNATURE="On"
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
export APACHE_SERVER_TOKENS="Prod"
export APACHE_SERVER_SIGNATURE="Off"
fi
mkdir -p /tmp/apache2
} }
prepare_zbx_web_config() { prepare_zbx_php_config() {
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing PHP configuration"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,} export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
@ -200,45 +245,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache.conf"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################
@ -247,17 +261,18 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"
if [ "$1" != "" ]; then if [ "$1" != "" ]; then
echo "** Executing '$@'" echo "** Executing '$@'"
exec "$@" exec "$@"
elif [ -f "/usr/sbin/httpd" ]; then elif [ -f "/usr/bin/supervisord" ]; then
echo "** Executing HTTPD" echo "** Executing supervisord"
exec /usr/sbin/httpd -D FOREGROUND exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
else else
echo "Unknown instructions. Exiting..." echo "Unknown instructions. Exiting..."
exit 1 exit 1

50
Dockerfiles/web-apache-mysql/centos/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@ -52,12 +53,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
glibc-locale-source \ glibc-locale-source \
shadow-utils \ shadow-utils \
supervisor" && \ supervisor" && \
microdnf -y module enable \
--disablerepo "*" \
--enablerepo "appstream" \
--setopt=install_weak_deps=0 \
--setopt=keepcache=0 \
php:8.2 && \
microdnf -y install \ microdnf -y install \
--disablerepo "*" \ --disablerepo "*" \
--enablerepo "extras-common" \ --enablerepo "extras-common" \
@ -65,6 +60,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
--setopt=keepcache=0 \ --setopt=keepcache=0 \
--best \ --best \
--nodocs epel-release && \ --nodocs epel-release && \
microdnf -y module enable \
--disablerepo "*" \
--enablerepo "appstream" \
--setopt=install_weak_deps=0 \
--setopt=keepcache=0 \
php:8.2 && \
microdnf -y install \ microdnf -y install \
--disablerepo "*" \ --disablerepo "*" \
--enablerepo "baseos" \ --enablerepo "baseos" \
@ -98,26 +99,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \ mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
rm -f "/etc/httpd/conf.d/default.conf" && \ rm -f "/etc/httpd/conf.d/default.conf" && \
rm -f "/etc/httpd/conf.d/ssl.conf" && \ rm -f "/etc/httpd/conf.d/ssl.conf" && \
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
rm -f "/etc/httpd/conf.d/php.conf" && \
rm -f "/etc/httpd/conf.d/userdir.conf" && \
rm -f "/etc/httpd/conf.d/welcome.conf" && \
rm -f /etc/php-fpm.d/www.conf && \ rm -f /etc/php-fpm.d/www.conf && \
sed -ri \ find /etc/ -name '*.rpmnew' | xargs rm -f && \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ cd ${ZABBIX_WWW_ROOT}/ && \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"/etc/httpd/conf/httpd.conf" && \
sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
cd /usr/share/zabbix/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \ cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@ -128,9 +129,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
findutils \ findutils \
glibc-locale-source glibc-locale-source
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]

3
Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf
View File

@ -1,3 +0,0 @@
<IfModule !mpm_netware_module>
PidFile "/tmp/httpd.pid"
</IfModule>

9
Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/mime.conf Normal file
View File

@ -0,0 +1,9 @@
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>

75
Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf/httpd.conf Normal file
View File

@ -0,0 +1,75 @@
ServerRoot /etc/httpd/
ServerRoot /var/www
DefaultRuntimeDir /tmp/httpd/
PidFile /tmp/httpd.pid
ServerName 127.0.0.1
IncludeOptional /etc/httpd/includes.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule unixd_module>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
</IfModule>
HostnameLookups Off
LogLevel warn
<IfModule log_config_module>
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
</IfModule>
ErrorLog /proc/self/fd/2
LogLevel warn
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
<FilesMatch "^\.">
Require all denied
</FilesMatch>
ServerTokens ${APACHE_SERVER_TOKENS}
ServerSignature ${APACHE_SERVER_SIGNATURE}
TraceEnable Off
AddDefaultCharset UTF-8
<IfModule status_module>
<Location /apache-status>
SetHandler server-status
Require local
</Location>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>

3
Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/includes.conf Normal file
View File

@ -0,0 +1,3 @@
IncludeOptional /etc/httpd/modules.conf
IncludeOptional /etc/httpd/conf.d/*.conf

24
Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf Normal file
View File

@ -0,0 +1,24 @@
LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so

21
Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf
View File

@ -1,10 +1,17 @@
Listen 8080
<VirtualHost *:8080> <VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<LocationMatch "/(ping|status)"> <LocationMatch "/(ping|status)">
Order Allow,Deny Order Allow,Deny
Allow from all Allow from all
@ -20,6 +27,18 @@
<FilesMatch \.(php|phar)$> <FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

22
Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf
View File

@ -1,16 +1,20 @@
LoadModule ssl_module modules/mod_ssl.so LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
Listen 8443 Listen 8443
<VirtualHost *:8443> <VirtualHost *:8443>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# Enable/Disable SSL for this virtual host. # Enable/Disable SSL for this virtual host.
SSLEngine on SSLEngine on
@ -45,6 +49,18 @@ Listen 8443
<FilesMatch \.(php|phar)$> <FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

91
Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh
View File

@ -18,11 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user settings
: ${DAEMON_USER:="apache"}
: ${DAEMON_GROUP:="apache"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file # Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf" HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# Apache additional configuration files directory
APACHE_SITES_DIR="/etc/httpd/conf.d"
# Directory with SSL certificate files for Apache
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -131,7 +139,12 @@ check_db_connect() {
} }
prepare_web_server() { prepare_web_server() {
APACHE_SITES_DIR=/etc/httpd/conf.d if [ "$(id -u)" == '0' ]; then
export APACHE_RUN_USER=${DAEMON_USER}
else
export APACHE_RUN_USER=$(id -n -u)
fi
export APACHE_RUN_GROUP=${DAEMON_GROUP}
echo "** Adding Zabbix virtual host (HTTP)" echo "** Adding Zabbix virtual host (HTTP)"
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@ -140,7 +153,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host" echo "**** Impossible to enable HTTP virtual host"
fi fi
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
echo "** Adding Zabbix virtual host (HTTPS)" echo "** Adding Zabbix virtual host (HTTPS)"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@ -150,12 +163,28 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
fi fi
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
: ${ENABLE_WEB_ACCESS_LOG:="true"}
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
export APACHE_CUSTOM_LOG="/dev/null"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
export APACHE_SERVER_TOKENS="OS"
export APACHE_SERVER_SIGNATURE="On"
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
export APACHE_SERVER_TOKENS="Prod"
export APACHE_SERVER_SIGNATURE="Off"
fi
mkdir -p /tmp/httpd
} }
prepare_zbx_web_config() { prepare_zbx_php_config() {
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing PHP configuration"
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"} export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"} export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@ -165,10 +194,10 @@ prepare_zbx_web_config() {
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"} export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE" echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
@ -216,45 +245,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache.conf"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################
@ -263,8 +261,9 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"

38
Dockerfiles/web-apache-mysql/ol/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"]
@ -85,26 +86,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \ mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
rm -f "/etc/httpd/conf.d/default.conf" && \ rm -f "/etc/httpd/conf.d/default.conf" && \
rm -f "/etc/httpd/conf.d/ssl.conf" && \ rm -f "/etc/httpd/conf.d/ssl.conf" && \
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
rm -f "/etc/httpd/conf.d/php.conf" && \
rm -f "/etc/httpd/conf.d/userdir.conf" && \
rm -f "/etc/httpd/conf.d/welcome.conf" && \
rm -f /etc/php-fpm.d/www.conf && \ rm -f /etc/php-fpm.d/www.conf && \
sed -ri \ find /etc/ -name '*.rpmnew' | xargs rm -f && \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ cd ${ZABBIX_WWW_ROOT}/ && \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"/etc/httpd/conf/httpd.conf" && \
sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
cd /usr/share/zabbix/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \ cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@ -115,9 +116,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
findutils \ findutils \
glibc-locale-source glibc-locale-source
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]

3
Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf
View File

@ -1,3 +0,0 @@
<IfModule !mpm_netware_module>
PidFile "/tmp/httpd.pid"
</IfModule>

9
Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/mime.conf Normal file
View File

@ -0,0 +1,9 @@
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>

75
Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf/httpd.conf Normal file
View File

@ -0,0 +1,75 @@
ServerRoot /etc/httpd/
ServerRoot /var/www
DefaultRuntimeDir /tmp/httpd/
PidFile /tmp/httpd.pid
ServerName 127.0.0.1
IncludeOptional /etc/httpd/includes.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule unixd_module>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
</IfModule>
HostnameLookups Off
LogLevel warn
<IfModule log_config_module>
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
</IfModule>
ErrorLog /proc/self/fd/2
LogLevel warn
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
<FilesMatch "^\.">
Require all denied
</FilesMatch>
ServerTokens ${APACHE_SERVER_TOKENS}
ServerSignature ${APACHE_SERVER_SIGNATURE}
TraceEnable Off
AddDefaultCharset UTF-8
<IfModule status_module>
<Location /apache-status>
SetHandler server-status
Require local
</Location>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>

3
Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/includes.conf Normal file
View File

@ -0,0 +1,3 @@
IncludeOptional /etc/httpd/modules.conf
IncludeOptional /etc/httpd/conf.d/*.conf

24
Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf Normal file
View File

@ -0,0 +1,24 @@
LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so

21
Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf
View File

@ -1,10 +1,17 @@
Listen 8080
<VirtualHost *:8080> <VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<LocationMatch "/(ping|status)"> <LocationMatch "/(ping|status)">
Order Allow,Deny Order Allow,Deny
Allow from all Allow from all
@ -20,6 +27,18 @@
<FilesMatch \.(php|phar)$> <FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

22
Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf
View File

@ -1,16 +1,20 @@
LoadModule ssl_module modules/mod_ssl.so LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
Listen 8443 Listen 8443
<VirtualHost *:8443> <VirtualHost *:8443>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# Enable/Disable SSL for this virtual host. # Enable/Disable SSL for this virtual host.
SSLEngine on SSLEngine on
@ -45,6 +49,18 @@ Listen 8443
<FilesMatch \.(php|phar)$> <FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

91
Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh
View File

@ -18,11 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user settings
: ${DAEMON_USER:="apache"}
: ${DAEMON_GROUP:="apache"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file # Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf" HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# Apache additional configuration files directory
APACHE_SITES_DIR="/etc/httpd/conf.d"
# Directory with SSL certificate files for Apache
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -131,7 +139,12 @@ check_db_connect() {
} }
prepare_web_server() { prepare_web_server() {
APACHE_SITES_DIR=/etc/httpd/conf.d if [ "$(id -u)" == '0' ]; then
export APACHE_RUN_USER=${DAEMON_USER}
else
export APACHE_RUN_USER=$(id -n -u)
fi
export APACHE_RUN_GROUP=${DAEMON_GROUP}
echo "** Adding Zabbix virtual host (HTTP)" echo "** Adding Zabbix virtual host (HTTP)"
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@ -140,7 +153,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host" echo "**** Impossible to enable HTTP virtual host"
fi fi
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
echo "** Adding Zabbix virtual host (HTTPS)" echo "** Adding Zabbix virtual host (HTTPS)"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@ -150,12 +163,28 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
fi fi
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
: ${ENABLE_WEB_ACCESS_LOG:="true"}
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
export APACHE_CUSTOM_LOG="/dev/null"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
export APACHE_SERVER_TOKENS="OS"
export APACHE_SERVER_SIGNATURE="On"
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
export APACHE_SERVER_TOKENS="Prod"
export APACHE_SERVER_SIGNATURE="Off"
fi
mkdir -p /tmp/httpd
} }
prepare_zbx_web_config() { prepare_zbx_php_config() {
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing PHP configuration"
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"} export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"} export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@ -165,10 +194,10 @@ prepare_zbx_web_config() {
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"} export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE" echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
@ -216,45 +245,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache.conf"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################
@ -263,8 +261,9 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"

66
Dockerfiles/web-apache-mysql/ubuntu/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
@ -37,21 +38,25 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \
INSTALL_PKGS="bash \ INSTALL_PKGS="bash \
tzdata \ tzdata \
apache2 \
curl \ curl \
libapache2-mod-php \
ca-certificates \ ca-certificates \
curl \
mysql-client \ mysql-client \
apache2 \
locales \ locales \
libldap-common \ libldap-common \
php8.3-bcmath \ php8.3-bcmath \
php8.3-fpm \
php8.3-gd \ php8.3-gd \
php8.3-ldap \ php8.3-ldap \
php8.3-mbstring \ php8.3-mbstring \
php8.3-mysql \ php8.3-mysql \
php8.3-xml" && \ php8.3-xml \
supervisor" && \
apt-get -y update && \ apt-get -y update && \
DEBIAN_FRONTEND=noninteractive apt-get -y \ DEBIAN_FRONTEND=noninteractive apt-get -y \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" \
--no-install-recommends install \ --no-install-recommends install \
${INSTALL_PKGS} && \ ${INSTALL_PKGS} && \
groupadd \ groupadd \
@ -69,50 +74,45 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
mkdir -p ${ZABBIX_CONF_DIR} && \ mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \ mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \ mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p /var/lib/php/session && \
find /etc/ -name '*.dpkg-dist' | xargs rm -f && \
rm -f /etc/apache2/sites-available/* && \ rm -f /etc/apache2/sites-available/* && \
rm -f /etc/apache2/sites-enabled/* && \ rm -f /etc/apache2/sites-enabled/* && \
/usr/sbin/a2enmod ssl && \ rm -f /etc/php/8.3/fpm/pool.d/www.conf && \
sed -ri \ rm -f /var/run/apache2/ && \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ cd ${ZABBIX_WWW_ROOT}/ && \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"/etc/apache2/apache2.conf" && \
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"/etc/apache2/conf-available/other-vhosts-access-log.conf" && \
sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf && \
sed -i 's/Listen 443/Listen 8443/g' /etc/apache2/ports.conf && \
sed -i 's|/var/run/apache2$SUFFIX|/tmp|g' /etc/apache2/envvars && \
rm -f /var/run/apache2/apache2.pid && \
cd /usr/share/zabbix/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
mkdir -p /var/lib/locales/supported.d/ && \ mkdir -p /var/lib/locales/supported.d/ && \
rm -f /var/lib/locales/supported.d/local && \ rm -f /var/lib/locales/supported.d/local && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \ cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \ xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \
dpkg-reconfigure locales && \ dpkg-reconfigure locales && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/fpm/ && \
chgrp -R 0 /etc/apache2/ /etc/php/8.3/ && \ chgrp -R 0 /etc/apache2/ /etc/php/8.3/fpm/ && \
chmod -R g=u /etc/apache2/ /etc/php/8.3/ chmod -R g=u /etc/apache2/ /etc/php/8.3/fpm/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]
USER 1997 USER 1997
ENTRYPOINT ["docker-entrypoint.sh"] ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]

75
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/apache2.conf Normal file
View File

@ -0,0 +1,75 @@
ServerRoot /etc/apache2/
ServerRoot /var/www
DefaultRuntimeDir /tmp/apache2/
PidFile /tmp/apache2.pid
ServerName 127.0.0.1
IncludeOptional /etc/apache2/includes.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule unixd_module>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
</IfModule>
HostnameLookups Off
LogLevel warn
<IfModule log_config_module>
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
</IfModule>
ErrorLog /proc/self/fd/2
LogLevel warn
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
<FilesMatch "^\.">
Require all denied
</FilesMatch>
ServerTokens ${APACHE_SERVER_TOKENS}
ServerSignature ${APACHE_SERVER_SIGNATURE}
TraceEnable Off
AddDefaultCharset UTF-8
<IfModule status_module>
<Location /apache-status>
SetHandler server-status
Require local
</Location>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>

8
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/includes.conf Normal file
View File

@ -0,0 +1,8 @@
IncludeOptional /etc/apache2/modules.conf
IncludeOptional mods-enabled/mime.conf
IncludeOptional mods-enabled/negotiation.conf
IncludeOptional mods-enabled/reqtimeout.conf
IncludeOptional mods-enabled/setenvif.conf
IncludeOptional sites-enabled/*.conf

21
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf Normal file
View File

@ -0,0 +1,21 @@
LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
LoadModule env_module /usr/lib/apache2/modules/mod_env.so
LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
LoadModule status_module /usr/lib/apache2/modules/mod_status.so
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so

10
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini
View File

@ -1,10 +0,0 @@
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
memory_limit = ${ZBX_MEMORYLIMIT}
post_max_size = ${ZBX_POSTMAXSIZE}
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1
max_input_vars = 10000
date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

10
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf Normal file
View File

@ -0,0 +1,10 @@
include=/etc/php/8.3/fpm/pool.d/*.conf
[global]
pid = /tmp/php-fpm.pid
error_log = /dev/fd/2
log_level = notice
daemonize = no

36
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf Normal file
View File

@ -0,0 +1,36 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no
pm = ${PHP_FPM_PM}
pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
slowlog = /dev/fd/1
php_admin_value[error_log] = /dev/fd/2
php_admin_flag[log_errors] = on
catch_workers_output = yes
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars] = 10000
php_value[date.timezone] = ${PHP_TZ}
; PHP-FPM monitoring
pm.status_path = /status
ping.path = /ping

30
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf Normal file
View File

@ -0,0 +1,30 @@
[supervisord]
nodaemon = true
[program:apache2]
command = /usr/sbin/%(program_name)s -D FOREGROUND
auto_start = true
autorestart = true
startsecs=2
startretries=3
stopsignal=TERM
stopwaitsecs=2
redirect_stderr=true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
[program:php-fpm8.3]
command = /usr/sbin/%(program_name)s -F -y /etc/php/8.3/fpm/php-fpm.conf
auto_start = true
autorestart = true
startsecs=2
startretries=3
stopsignal=TERM
stopwaitsecs=2
redirect_stderr=true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0

35
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/supervisord.conf Normal file
View File

@ -0,0 +1,35 @@
; supervisor config file
[unix_http_server]
file = /tmp/supervisor.sock ; (the path to the socket file)
chmod = 0700 ; sockef file mode (default 0700)
username = zbx
password = password
[supervisord]
logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log)
pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP)
critical = critical
;user = zabbix
logfile_maxbytes = 0
logfile_backupcount = 0
loglevel = info
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf

32
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf
View File

@ -1,14 +1,44 @@
Listen 8080
<VirtualHost *:8080> <VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<LocationMatch "/(ping|status)">
Order Allow,Deny
Allow from all
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</LocationMatch>
<Directory "/usr/share/zabbix"> <Directory "/usr/share/zabbix">
Options FollowSymLinks Options FollowSymLinks
AllowOverride None AllowOverride None
Require all granted Require all granted
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

4
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_envvars
View File

@ -1,4 +0,0 @@
export APACHE_RUN_USER=$(id -n -u)
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/tmp/apache2.pid
export APACHE_RUN_DIR=/tmp/apache2

34
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf
View File

@ -1,16 +1,20 @@
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
<IfModule mod_ssl.c> Listen 8443
<VirtualHost *:8443> <VirtualHost *:8443>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# Enable/Disable SSL for this virtual host. # Enable/Disable SSL for this virtual host.
SSLEngine on SSLEngine on
@ -30,10 +34,33 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000" Header always set Strict-Transport-Security "max-age=63072000"
<LocationMatch "/(ping|status)">
Order Allow,Deny
Allow from all
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</LocationMatch>
<Directory "/usr/share/zabbix"> <Directory "/usr/share/zabbix">
Options FollowSymLinks Options FollowSymLinks
AllowOverride None AllowOverride None
Require all granted Require all granted
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">
@ -84,4 +111,3 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
</files> </files>
</Directory> </Directory>
</VirtualHost> </VirtualHost>
</IfModule>

108
Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh
View File

@ -18,13 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user settings
: ${DAEMON_USER:="www-data"}
: ${DAEMON_GROUP:="www-data"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file # Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/apache2.conf" HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
# Apache security configuration file # Apache additional configuration files directory
HTTPD_SECURITY_CONF_FILE="/etc/apache2/conf-enabled/security.conf" APACHE_SITES_DIR="/etc/apache2/sites-enabled"
# Directory with SSL certificate files for Apache
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -133,9 +139,12 @@ check_db_connect() {
} }
prepare_web_server() { prepare_web_server() {
APACHE_SITES_DIR="/etc/apache2/sites-enabled" if [ "$(id -u)" == '0' ]; then
export APACHE_RUN_USER=${DAEMON_USER}
ln -sfT "$ZABBIX_CONF_DIR/apache_envvars" "/etc/apache2/envvars" else
export APACHE_RUN_USER=$(id -n -u)
fi
export APACHE_RUN_GROUP=${DAEMON_GROUP}
echo "** Adding Zabbix virtual host (HTTP)" echo "** Adding Zabbix virtual host (HTTP)"
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@ -144,7 +153,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host" echo "**** Impossible to enable HTTP virtual host"
fi fi
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
echo "** Adding Zabbix virtual host (HTTPS)" echo "** Adding Zabbix virtual host (HTTPS)"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@ -154,10 +163,42 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
fi fi
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
: ${ENABLE_WEB_ACCESS_LOG:="true"}
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
export APACHE_CUSTOM_LOG="/dev/null"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
export APACHE_SERVER_TOKENS="OS"
export APACHE_SERVER_SIGNATURE="On"
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
export APACHE_SERVER_TOKENS="Prod"
export APACHE_SERVER_SIGNATURE="Off"
fi
mkdir -p /tmp/apache2
} }
prepare_zbx_web_config() { prepare_zbx_php_config() {
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing PHP configuration"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,} export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
@ -204,48 +245,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache.conf"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"$HTTPD_CONF_FILE"
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/conf-available/other-vhosts-access-log.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_SECURITY_CONF_FILE"
fi
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO}/g" \
"$HTTPD_SECURITY_CONF_FILE"
} }
################################################# #################################################
@ -254,17 +261,18 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"
if [ "$1" != "" ]; then if [ "$1" != "" ]; then
echo "** Executing '$@'" echo "** Executing '$@'"
exec "$@" exec "$@"
elif [ -f "/usr/sbin/httpd" ]; then elif [ -f "/usr/bin/supervisord" ]; then
echo "** Executing HTTPD" echo "** Executing supervisord"
exec /usr/sbin/httpd -D FOREGROUND exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
else else
echo "Unknown instructions. Exiting..." echo "Unknown instructions. Exiting..."
exit 1 exit 1

58
Dockerfiles/web-apache-pgsql/alpine/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
@ -28,17 +29,17 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
RUN set -eux && \ RUN set -eux && \
INSTALL_PKGS="bash \ INSTALL_PKGS="bash \
tzdata \ tzdata \
apache2 \
curl \ curl \
php83-apache2 \ apache2-proxy \
php83-bcmath \ php83-bcmath \
php83-ctype \ php83-ctype \
php83-fpm \
php83-gd \ php83-gd \
php83-gettext \ php83-gettext \
php83-json \ php83-json \
@ -52,7 +53,8 @@ RUN set -eux && \
php83-xmlreader \ php83-xmlreader \
php83-xmlwriter \ php83-xmlwriter \
php83-openssl \ php83-openssl \
postgresql17-client" && \ postgresql17-client \
supervisor" && \
apk add \ apk add \
--no-cache \ --no-cache \
--clean-protected \ --clean-protected \
@ -80,38 +82,40 @@ RUN set -eux && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \ mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
rm -f "/etc/apache2/conf.d/default.conf" && \ rm -f "/etc/apache2/conf.d/default.conf" && \
rm -f "/etc/apache2/conf.d/ssl.conf" && \ rm -f "/etc/apache2/conf.d/ssl.conf" && \
sed -ri \ rm -f "/etc/apache2/conf.d/info.conf" && \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ rm -f "/etc/apache2/conf.d/mpm.conf" && \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ rm -f "/etc/apache2/conf.d/proxy.conf" && \
"/etc/apache2/httpd.conf" && \ rm -f "/etc/apache2/conf.d/userdir.conf" && \
sed -ri \ mkdir -p /var/lib/php/session && \
-e 's!^(\s*PidFile)\s+\S+!\1 "/tmp/httpd.pid"!g' \ rm -rf /etc/php83/php-fpm.d/www.conf && \
"/etc/apache2/conf.d/mpm.conf" && \
sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf && \
rm -rf "/var/run/apache2/" && \ rm -rf "/var/run/apache2/" && \
cd /usr/share/zabbix/ && \ cd ${ZABBIX_WWW_ROOT}/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chgrp -R 0 /etc/apache2/ /etc/php83/ && \ chgrp -R 0 /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chmod -R g=u /etc/apache2/ /etc/php83/ chmod -R g=u /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]
USER 1997 USER 1997
ENTRYPOINT ["docker-entrypoint.sh"] ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]

8
Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/conf.d/mime.conf Normal file
View File

@ -0,0 +1,8 @@
<IfModule mime_module>
TypesConfig /etc/apache2/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule mime_magic_module>
MIMEMagicFile /etc/apache2/magic
</IfModule>

75
Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/httpd.conf Normal file
View File

@ -0,0 +1,75 @@
ServerRoot /etc/apache2/
ServerRoot /var/www
DefaultRuntimeDir /tmp/apache2/
PidFile /tmp/apache2.pid
ServerName 127.0.0.1
IncludeOptional /etc/apache2/includes.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule unixd_module>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
</IfModule>
HostnameLookups Off
LogLevel warn
<IfModule log_config_module>
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
</IfModule>
ErrorLog /proc/self/fd/2
LogLevel warn
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
<FilesMatch "^\.">
Require all denied
</FilesMatch>
ServerTokens ${APACHE_SERVER_TOKENS}
ServerSignature ${APACHE_SERVER_SIGNATURE}
TraceEnable Off
AddDefaultCharset UTF-8
<IfModule status_module>
<Location /apache-status>
SetHandler server-status
Require local
</Location>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>

3
Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/includes.conf Normal file
View File

@ -0,0 +1,3 @@
IncludeOptional /etc/apache2/modules.conf
IncludeOptional /etc/apache2/conf.d/*.conf

24
Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf Normal file
View File

@ -0,0 +1,24 @@
LoadModule logio_module modules/mod_logio.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule status_module modules/mod_status.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so

10
Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/conf.d/99-zabbix.ini
View File

@ -1,10 +0,0 @@
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
memory_limit = ${ZBX_MEMORYLIMIT}
post_max_size = ${ZBX_POSTMAXSIZE}
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1
max_input_vars = 10000
date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

10
Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.conf Normal file
View File

@ -0,0 +1,10 @@
include=/etc/php83/php-fpm.d/*.conf
[global]
pid = /tmp/php-fpm.pid
error_log = /dev/fd/2
log_level = notice
daemonize = no

36
Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf Normal file
View File

@ -0,0 +1,36 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no
pm = ${PHP_FPM_PM}
pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
slowlog = /dev/fd/1
php_admin_value[error_log] = /dev/fd/2
php_admin_flag[log_errors] = on
catch_workers_output = yes
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars] = 10000
php_value[date.timezone] = ${PHP_TZ}
; PHP-FPM monitoring
pm.status_path = /status
ping.path = /ping

30
Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf Normal file
View File

@ -0,0 +1,30 @@
[supervisord]
nodaemon = true
[program:httpd]
command = /usr/sbin/%(program_name)s -D FOREGROUND
auto_start = true
autorestart = true
startsecs=2
startretries=3
stopsignal=TERM
stopwaitsecs=2
redirect_stderr=true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
[program:php-fpm83]
command = /usr/sbin/%(program_name)s -F -y /etc/php83/php-fpm.conf
auto_start = true
autorestart = true
startsecs=2
startretries=3
stopsignal=TERM
stopwaitsecs=2
redirect_stderr=true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0

35
Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/supervisord.conf Normal file
View File

@ -0,0 +1,35 @@
; supervisor config file
[unix_http_server]
file = /tmp/supervisor.sock ; (the path to the socket file)
chmod = 0700 ; sockef file mode (default 0700)
username = zbx
password = password
[supervisord]
logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log)
pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP)
critical = critical
;user = zabbix
logfile_maxbytes = 0
logfile_backupcount = 0
loglevel = info
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf

32
Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf
View File

@ -1,14 +1,44 @@
Listen 8080
<VirtualHost *:8080> <VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<LocationMatch "/(ping|status)">
Order Allow,Deny
Allow from all
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</LocationMatch>
<Directory "/usr/share/zabbix"> <Directory "/usr/share/zabbix">
Options FollowSymLinks Options FollowSymLinks
AllowOverride None AllowOverride None
Require all granted Require all granted
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

31
Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf
View File

@ -3,15 +3,18 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Listen 8443 Listen 8443
<IfModule mod_ssl.c>
<VirtualHost *:8443> <VirtualHost *:8443>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# Enable/Disable SSL for this virtual host. # Enable/Disable SSL for this virtual host.
SSLEngine on SSLEngine on
@ -31,10 +34,33 @@ Listen 8443
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000" Header always set Strict-Transport-Security "max-age=63072000"
<LocationMatch "/(ping|status)">
Order Allow,Deny
Allow from all
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</LocationMatch>
<Directory "/usr/share/zabbix"> <Directory "/usr/share/zabbix">
Options FollowSymLinks Options FollowSymLinks
AllowOverride None AllowOverride None
Require all granted Require all granted
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">
@ -85,4 +111,3 @@ Listen 8443
</files> </files>
</Directory> </Directory>
</VirtualHost> </VirtualHost>
</IfModule>

101
Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh
View File

@ -18,11 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user settings
: ${DAEMON_USER:="apache"}
: ${DAEMON_GROUP:="apache"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file # Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/httpd.conf" HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
# Apache additional configuration files directory
APACHE_SITES_DIR="/etc/apache2/conf.d"
# Directory with SSL certificate files for Apache
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -130,7 +138,12 @@ check_db_connect() {
} }
prepare_web_server() { prepare_web_server() {
APACHE_SITES_DIR=/etc/apache2/conf.d if [ "$(id -u)" == '0' ]; then
export APACHE_RUN_USER=${DAEMON_USER}
else
export APACHE_RUN_USER=$(id -n -u)
fi
export APACHE_RUN_GROUP=${DAEMON_GROUP}
echo "** Adding Zabbix virtual host (HTTP)" echo "** Adding Zabbix virtual host (HTTP)"
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@ -139,7 +152,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host" echo "**** Impossible to enable HTTP virtual host"
fi fi
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
echo "** Adding Zabbix virtual host (HTTPS)" echo "** Adding Zabbix virtual host (HTTPS)"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@ -149,10 +162,42 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
fi fi
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
: ${ENABLE_WEB_ACCESS_LOG:="true"}
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
export APACHE_CUSTOM_LOG="/dev/null"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
export APACHE_SERVER_TOKENS="OS"
export APACHE_SERVER_SIGNATURE="On"
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
export APACHE_SERVER_TOKENS="Prod"
export APACHE_SERVER_SIGNATURE="Off"
fi
mkdir -p /tmp/apache2
} }
prepare_zbx_web_config() { prepare_zbx_php_config() {
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing PHP configuration"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,} export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
@ -199,45 +244,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache.conf"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################
@ -246,17 +260,18 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"
if [ "$1" != "" ]; then if [ "$1" != "" ]; then
echo "** Executing '$@'" echo "** Executing '$@'"
exec "$@" exec "$@"
elif [ -f "/usr/sbin/httpd" ]; then elif [ -f "/usr/bin/supervisord" ]; then
echo "** Executing HTTPD" echo "** Executing supervisord"
exec /usr/sbin/httpd -D FOREGROUND exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
else else
echo "Unknown instructions. Exiting..." echo "Unknown instructions. Exiting..."
exit 1 exit 1

38
Dockerfiles/web-apache-pgsql/centos/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@ -99,26 +100,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \ mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
rm -f "/etc/httpd/conf.d/default.conf" && \ rm -f "/etc/httpd/conf.d/default.conf" && \
rm -f "/etc/httpd/conf.d/ssl.conf" && \ rm -f "/etc/httpd/conf.d/ssl.conf" && \
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
rm -f "/etc/httpd/conf.d/php.conf" && \
rm -f "/etc/httpd/conf.d/userdir.conf" && \
rm -f "/etc/httpd/conf.d/welcome.conf" && \
rm -f /etc/php-fpm.d/www.conf && \ rm -f /etc/php-fpm.d/www.conf && \
sed -ri \ find /etc/ -name '*.rpmnew' | xargs rm -f && \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ cd ${ZABBIX_WWW_ROOT}/ && \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"/etc/httpd/conf/httpd.conf" && \
sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
cd /usr/share/zabbix/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \ cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@ -129,9 +130,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
findutils \ findutils \
glibc-locale-source glibc-locale-source
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit `
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]

3
Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf
View File

@ -1,3 +0,0 @@
<IfModule !mpm_netware_module>
PidFile "/tmp/httpd.pid"
</IfModule>

9
Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/mime.conf Normal file
View File

@ -0,0 +1,9 @@
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>

75
Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf/httpd.conf Normal file
View File

@ -0,0 +1,75 @@
ServerRoot /etc/httpd/
ServerRoot /var/www
DefaultRuntimeDir /tmp/httpd/
PidFile /tmp/httpd.pid
ServerName 127.0.0.1
IncludeOptional /etc/httpd/includes.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule unixd_module>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
</IfModule>
HostnameLookups Off
LogLevel warn
<IfModule log_config_module>
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
</IfModule>
ErrorLog /proc/self/fd/2
LogLevel warn
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
<FilesMatch "^\.">
Require all denied
</FilesMatch>
ServerTokens ${APACHE_SERVER_TOKENS}
ServerSignature ${APACHE_SERVER_SIGNATURE}
TraceEnable Off
AddDefaultCharset UTF-8
<IfModule status_module>
<Location /apache-status>
SetHandler server-status
Require local
</Location>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>

3
Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/includes.conf Normal file
View File

@ -0,0 +1,3 @@
IncludeOptional /etc/httpd/modules.conf
IncludeOptional /etc/httpd/conf.d/*.conf

24
Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf Normal file
View File

@ -0,0 +1,24 @@
LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so

21
Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf
View File

@ -1,10 +1,17 @@
Listen 8080
<VirtualHost *:8080> <VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<LocationMatch "/(ping|status)"> <LocationMatch "/(ping|status)">
Order Allow,Deny Order Allow,Deny
Allow from all Allow from all
@ -20,6 +27,18 @@
<FilesMatch \.(php|phar)$> <FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

22
Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf
View File

@ -1,16 +1,20 @@
LoadModule ssl_module modules/mod_ssl.so LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
Listen 8443 Listen 8443
<VirtualHost *:8443> <VirtualHost *:8443>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# Enable/Disable SSL for this virtual host. # Enable/Disable SSL for this virtual host.
SSLEngine on SSLEngine on
@ -45,6 +49,18 @@ Listen 8443
<FilesMatch \.(php|phar)$> <FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

91
Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh
View File

@ -18,11 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user settings
: ${DAEMON_USER:="apache"}
: ${DAEMON_GROUP:="apache"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file # Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf" HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# Apache additional configuration files directory
APACHE_SITES_DIR="/etc/httpd/conf.d"
# Directory with SSL certificate files for Apache
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -130,7 +138,12 @@ check_db_connect() {
} }
prepare_web_server() { prepare_web_server() {
APACHE_SITES_DIR=/etc/httpd/conf.d if [ "$(id -u)" == '0' ]; then
export APACHE_RUN_USER=${DAEMON_USER}
else
export APACHE_RUN_USER=$(id -n -u)
fi
export APACHE_RUN_GROUP=${DAEMON_GROUP}
echo "** Adding Zabbix virtual host (HTTP)" echo "** Adding Zabbix virtual host (HTTP)"
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@ -139,7 +152,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host" echo "**** Impossible to enable HTTP virtual host"
fi fi
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
echo "** Adding Zabbix virtual host (HTTPS)" echo "** Adding Zabbix virtual host (HTTPS)"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@ -149,12 +162,28 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
fi fi
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
: ${ENABLE_WEB_ACCESS_LOG:="true"}
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
export APACHE_CUSTOM_LOG="/dev/null"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
export APACHE_SERVER_TOKENS="OS"
export APACHE_SERVER_SIGNATURE="On"
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
export APACHE_SERVER_TOKENS="Prod"
export APACHE_SERVER_SIGNATURE="Off"
fi
mkdir -p /tmp/httpd
} }
prepare_zbx_web_config() { prepare_zbx_php_config() {
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing PHP configuration"
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"} export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"} export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@ -164,10 +193,10 @@ prepare_zbx_web_config() {
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"} export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE" echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
@ -215,45 +244,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache.conf"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################
@ -262,8 +260,9 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"

38
Dockerfiles/web-apache-pgsql/ol/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"]
@ -86,26 +87,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \ mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
rm -f "/etc/httpd/conf.d/default.conf" && \ rm -f "/etc/httpd/conf.d/default.conf" && \
rm -f "/etc/httpd/conf.d/ssl.conf" && \ rm -f "/etc/httpd/conf.d/ssl.conf" && \
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
rm -f "/etc/httpd/conf.d/php.conf" && \
rm -f "/etc/httpd/conf.d/userdir.conf" && \
rm -f "/etc/httpd/conf.d/welcome.conf" && \
rm -f /etc/php-fpm.d/www.conf && \ rm -f /etc/php-fpm.d/www.conf && \
sed -ri \ find /etc/ -name '*.rpmnew' | xargs rm -f && \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ cd ${ZABBIX_WWW_ROOT}/ && \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"/etc/httpd/conf/httpd.conf" && \
sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
cd /usr/share/zabbix/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \ cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@ -116,9 +117,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
findutils \ findutils \
glibc-locale-source glibc-locale-source
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]

3
Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf
View File

@ -1,3 +0,0 @@
<IfModule !mpm_netware_module>
PidFile "/tmp/httpd.pid"
</IfModule>

9
Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/mime.conf Normal file
View File

@ -0,0 +1,9 @@
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>

75
Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf/httpd.conf Normal file
View File

@ -0,0 +1,75 @@
ServerRoot /etc/httpd/
ServerRoot /var/www
DefaultRuntimeDir /tmp/httpd/
PidFile /tmp/httpd.pid
ServerName 127.0.0.1
IncludeOptional /etc/httpd/includes.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule unixd_module>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
</IfModule>
HostnameLookups Off
LogLevel warn
<IfModule log_config_module>
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
</IfModule>
ErrorLog /proc/self/fd/2
LogLevel warn
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
<FilesMatch "^\.">
Require all denied
</FilesMatch>
ServerTokens ${APACHE_SERVER_TOKENS}
ServerSignature ${APACHE_SERVER_SIGNATURE}
TraceEnable Off
AddDefaultCharset UTF-8
<IfModule status_module>
<Location /apache-status>
SetHandler server-status
Require local
</Location>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>

3
Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/includes.conf Normal file
View File

@ -0,0 +1,3 @@
IncludeOptional /etc/httpd/modules.conf
IncludeOptional /etc/httpd/conf.d/*.conf

24
Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf Normal file
View File

@ -0,0 +1,24 @@
LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so

21
Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf
View File

@ -1,10 +1,17 @@
Listen 8080
<VirtualHost *:8080> <VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<LocationMatch "/(ping|status)"> <LocationMatch "/(ping|status)">
Order Allow,Deny Order Allow,Deny
Allow from all Allow from all
@ -20,6 +27,18 @@
<FilesMatch \.(php|phar)$> <FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

22
Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf
View File

@ -1,16 +1,20 @@
LoadModule ssl_module modules/mod_ssl.so LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
Listen 8443 Listen 8443
<VirtualHost *:8443> <VirtualHost *:8443>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# Enable/Disable SSL for this virtual host. # Enable/Disable SSL for this virtual host.
SSLEngine on SSLEngine on
@ -45,6 +49,18 @@ Listen 8443
<FilesMatch \.(php|phar)$> <FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost" SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

107
Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh
View File

@ -18,11 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user settings
: ${DAEMON_USER:="apache"}
: ${DAEMON_GROUP:="apache"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file # Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf" HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# Apache additional configuration files directory
APACHE_SITES_DIR="/etc/httpd/conf.d"
# Directory with SSL certificate files for Apache
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -151,10 +159,53 @@ prepare_web_server() {
fi fi
} }
prepare_zbx_web_config() { prepare_web_server() {
echo "** Preparing Zabbix frontend configuration file" if [ "$(id -u)" == '0' ]; then
export APACHE_RUN_USER=${DAEMON_USER}
else
export APACHE_RUN_USER=$(id -n -u)
fi
export APACHE_RUN_GROUP=${DAEMON_GROUP}
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" echo "** Adding Zabbix virtual host (HTTP)"
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache.conf" "$APACHE_SITES_DIR/zabbix.conf"
else
echo "**** Impossible to enable HTTP virtual host"
fi
if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
echo "** Adding Zabbix virtual host (HTTPS)"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
else
echo "**** Impossible to enable HTTPS virtual host"
fi
else
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
fi
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
: ${ENABLE_WEB_ACCESS_LOG:="true"}
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
export APACHE_CUSTOM_LOG="/dev/null"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
export APACHE_SERVER_TOKENS="OS"
export APACHE_SERVER_SIGNATURE="On"
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
export APACHE_SERVER_TOKENS="Prod"
export APACHE_SERVER_SIGNATURE="Off"
fi
mkdir -p /tmp/httpd
}
prepare_zbx_php_config() {
echo "** Preparing PHP configuration"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"} export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"} export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@ -164,10 +215,10 @@ prepare_zbx_web_config() {
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"} export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE" echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
@ -215,45 +266,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache.conf"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################
@ -262,8 +282,9 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"

65
Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
@ -37,21 +38,24 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \ echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \
INSTALL_PKGS="bash \ INSTALL_PKGS="bash \
tzdata \ tzdata \
apache2 \
curl \ curl \
libapache2-mod-php \
ca-certificates \ ca-certificates \
apache2 \
locales \ locales \
libldap-common \ libldap-common \
php8.3-bcmath \ php8.3-bcmath \
php8.3-fpm \
php8.3-gd \ php8.3-gd \
php8.3-ldap \ php8.3-ldap \
php8.3-mbstring \ php8.3-mbstring \
php8.3-xml \ php8.3-xml \
php8.3-pgsql \ php8.3-pgsql \
postgresql-client" && \ postgresql-client \
supervisor" && \
apt-get -y update && \ apt-get -y update && \
DEBIAN_FRONTEND=noninteractive apt-get -y \ DEBIAN_FRONTEND=noninteractive apt-get -y \
-o Dpkg::Options::="--force-confdef" \
-o Dpkg::Options::="--force-confold" \
--no-install-recommends install \ --no-install-recommends install \
${INSTALL_PKGS} && \ ${INSTALL_PKGS} && \
groupadd \ groupadd \
@ -69,50 +73,45 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
mkdir -p ${ZABBIX_CONF_DIR} && \ mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \ mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \ mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p /var/lib/php/session && \
find /etc/ -name '*.dpkg-dist' | xargs rm -f && \
rm -f /etc/apache2/sites-available/* && \ rm -f /etc/apache2/sites-available/* && \
rm -f /etc/apache2/sites-enabled/* && \ rm -f /etc/apache2/sites-enabled/* && \
/usr/sbin/a2enmod ssl && \ rm -f /etc/php/8.3/fpm/pool.d/www.conf && \
sed -ri \ rm -f /var/run/apache2/ && \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ cd ${ZABBIX_WWW_ROOT}/ && \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"/etc/apache2/apache2.conf" && \
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
"/etc/apache2/conf-available/other-vhosts-access-log.conf" && \
sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf && \
sed -i 's/Listen 443/Listen 8443/g' /etc/apache2/ports.conf && \
sed -i 's|/var/run/apache2$SUFFIX|/tmp|g' /etc/apache2/envvars && \
rm -f /var/run/apache2/apache2.pid && \
cd /usr/share/zabbix/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
mkdir -p /var/lib/locales/supported.d/ && \ mkdir -p /var/lib/locales/supported.d/ && \
rm -f /var/lib/locales/supported.d/local && \ rm -f /var/lib/locales/supported.d/local && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \ cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \ xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \
dpkg-reconfigure locales && \ dpkg-reconfigure locales && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/fpm/ && \
chgrp -R 0 /etc/apache2/ /etc/php/8.3/ && \ chgrp -R 0 /etc/apache2/ /etc/php/8.3/fpm/ && \
chmod -R g=u /etc/apache2/ /etc/php/8.3/ chmod -R g=u /etc/apache2/ /etc/php/8.3/fpm/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]
USER 1997 USER 1997
ENTRYPOINT ["docker-entrypoint.sh"] ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]

75
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/apache2.conf Normal file
View File

@ -0,0 +1,75 @@
ServerRoot /etc/apache2/
ServerRoot /var/www
DefaultRuntimeDir /tmp/apache2/
PidFile /tmp/apache2.pid
ServerName 127.0.0.1
IncludeOptional /etc/apache2/includes.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule unixd_module>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
</IfModule>
HostnameLookups Off
LogLevel warn
<IfModule log_config_module>
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
</IfModule>
ErrorLog /proc/self/fd/2
LogLevel warn
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
<FilesMatch "^\.">
Require all denied
</FilesMatch>
ServerTokens ${APACHE_SERVER_TOKENS}
ServerSignature ${APACHE_SERVER_SIGNATURE}
TraceEnable Off
AddDefaultCharset UTF-8
<IfModule status_module>
<Location /apache-status>
SetHandler server-status
Require local
</Location>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>

8
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/includes.conf Normal file
View File

@ -0,0 +1,8 @@
IncludeOptional /etc/apache2/modules.conf
IncludeOptional mods-enabled/mime.conf
IncludeOptional mods-enabled/negotiation.conf
IncludeOptional mods-enabled/reqtimeout.conf
IncludeOptional mods-enabled/setenvif.conf
IncludeOptional sites-enabled/*.conf

21
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf Normal file
View File

@ -0,0 +1,21 @@
LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
LoadModule env_module /usr/lib/apache2/modules/mod_env.so
LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
LoadModule status_module /usr/lib/apache2/modules/mod_status.so
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so

10
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini
View File

@ -1,10 +0,0 @@
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
memory_limit = ${ZBX_MEMORYLIMIT}
post_max_size = ${ZBX_POSTMAXSIZE}
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1
max_input_vars = 10000
date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

10
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf Normal file
View File

@ -0,0 +1,10 @@
include=/etc/php/8.3/fpm/pool.d/*.conf
[global]
pid = /tmp/php-fpm.pid
error_log = /dev/fd/2
log_level = notice
daemonize = no

36
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf Normal file
View File

@ -0,0 +1,36 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no
pm = ${PHP_FPM_PM}
pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
slowlog = /dev/fd/1
php_admin_value[error_log] = /dev/fd/2
php_admin_flag[log_errors] = on
catch_workers_output = yes
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars] = 10000
php_value[date.timezone] = ${PHP_TZ}
; PHP-FPM monitoring
pm.status_path = /status
ping.path = /ping

30
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf Normal file
View File

@ -0,0 +1,30 @@
[supervisord]
nodaemon = true
[program:apache2]
command = /usr/sbin/%(program_name)s -D FOREGROUND
auto_start = true
autorestart = true
startsecs=2
startretries=3
stopsignal=TERM
stopwaitsecs=2
redirect_stderr=true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
[program:php-fpm8.3]
command = /usr/sbin/%(program_name)s -F -y /etc/php/8.3/fpm/php-fpm.conf
auto_start = true
autorestart = true
startsecs=2
startretries=3
stopsignal=TERM
stopwaitsecs=2
redirect_stderr=true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0

35
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/supervisord.conf Normal file
View File

@ -0,0 +1,35 @@
; supervisor config file
[unix_http_server]
file = /tmp/supervisor.sock ; (the path to the socket file)
chmod = 0700 ; sockef file mode (default 0700)
username = zbx
password = password
[supervisord]
logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log)
pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP)
critical = critical
;user = zabbix
logfile_maxbytes = 0
logfile_backupcount = 0
loglevel = info
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf

32
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf
View File

@ -1,14 +1,44 @@
Listen 8080
<VirtualHost *:8080> <VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
<LocationMatch "/(ping|status)">
Order Allow,Deny
Allow from all
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</LocationMatch>
<Directory "/usr/share/zabbix"> <Directory "/usr/share/zabbix">
Options FollowSymLinks Options FollowSymLinks
AllowOverride None AllowOverride None
Require all granted Require all granted
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">

34
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf
View File

@ -1,16 +1,20 @@
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
<IfModule mod_ssl.c> Listen 8443
<VirtualHost *:8443> <VirtualHost *:8443>
DocumentRoot /usr/share/zabbix/ DocumentRoot /usr/share/zabbix/
ServerName zabbix ServerName zabbix
DirectoryIndex {HTTP_INDEX_FILE}
DirectoryIndex ${HTTP_INDEX_FILE}
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps AddType application/x-httpd-php-source .phps
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# Enable/Disable SSL for this virtual host. # Enable/Disable SSL for this virtual host.
SSLEngine on SSLEngine on
@ -30,10 +34,33 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000" Header always set Strict-Transport-Security "max-age=63072000"
<LocationMatch "/(ping|status)">
Order Allow,Deny
Allow from all
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</LocationMatch>
<Directory "/usr/share/zabbix"> <Directory "/usr/share/zabbix">
Options FollowSymLinks Options FollowSymLinks
AllowOverride None AllowOverride None
Require all granted Require all granted
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
</FilesMatch>
<filesMatch "\.(ico)$">
ExpiresActive On
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
</filesMatch>
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
ExpiresActive On
ExpiresDefault "access plus 14 day"
Header append Cache-Control "public"
</filesMatch>
</Directory> </Directory>
<Directory "/usr/share/zabbix/conf"> <Directory "/usr/share/zabbix/conf">
@ -84,4 +111,3 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
</files> </files>
</Directory> </Directory>
</VirtualHost> </VirtualHost>
</IfModule>

110
Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
View File

@ -18,13 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user settings
: ${DAEMON_USER:="www-data"}
: ${DAEMON_GROUP:="www-data"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file # Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/apache2.conf" HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
# Apache security configuration file # Apache additional configuration files directory
HTTPD_SECURITY_CONF_FILE="/etc/apache2/conf-enabled/security.conf" APACHE_SITES_DIR="/etc/apache2/sites-enabled"
# Directory with SSL certificate files for Apache
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -132,9 +138,12 @@ check_db_connect() {
} }
prepare_web_server() { prepare_web_server() {
APACHE_SITES_DIR="/etc/apache2/sites-enabled" if [ "$(id -u)" == '0' ]; then
export APACHE_RUN_USER=${DAEMON_USER}
ln -sfT "$ZABBIX_CONF_DIR/apache_envvars" "/etc/apache2/envvars" else
export APACHE_RUN_USER=$(id -n -u)
fi
export APACHE_RUN_GROUP=${DAEMON_GROUP}
echo "** Adding Zabbix virtual host (HTTP)" echo "** Adding Zabbix virtual host (HTTP)"
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@ -143,7 +152,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host" echo "**** Impossible to enable HTTP virtual host"
fi fi
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
echo "** Adding Zabbix virtual host (HTTPS)" echo "** Adding Zabbix virtual host (HTTPS)"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@ -153,14 +162,42 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
fi fi
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
: ${ENABLE_WEB_ACCESS_LOG:="true"}
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
export APACHE_CUSTOM_LOG="/dev/null"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
export APACHE_SERVER_TOKENS="OS"
export APACHE_SERVER_SIGNATURE="On"
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
export APACHE_SERVER_TOKENS="Prod"
export APACHE_SERVER_SIGNATURE="Off"
fi
mkdir -p /tmp/httpd
} }
clear_deploy() { prepare_zbx_php_config() {
echo "** Cleaning the system" echo "** Preparing PHP configuration"
}
prepare_zbx_web_config() { export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
echo "** Preparing Zabbix frontend configuration file" export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,} export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
@ -207,48 +244,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache.conf"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/apache_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"$HTTPD_CONF_FILE"
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/conf-available/other-vhosts-access-log.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_SECURITY_CONF_FILE"
fi
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO}/g" \
"$HTTPD_SECURITY_CONF_FILE"
} }
################################################# #################################################
@ -257,17 +260,18 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"
if [ "$1" != "" ]; then if [ "$1" != "" ]; then
echo "** Executing '$@'" echo "** Executing '$@'"
exec "$@" exec "$@"
elif [ -f "/usr/sbin/httpd" ]; then elif [ -f "/usr/bin/supervisord" ]; then
echo "** Executing HTTPD" echo "** Executing supervisord"
exec /usr/sbin/httpd -D FOREGROUND exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
else else
echo "Unknown instructions. Exiting..." echo "Unknown instructions. Exiting..."
exit 1 exit 1

26
Dockerfiles/web-nginx-mysql/alpine/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
RUN set -eux && \ RUN set -eux && \
@ -85,17 +86,17 @@ RUN set -eux && \
rm -f /etc/nginx/http.d/*.conf && \ rm -f /etc/nginx/http.d/*.conf && \
ln -sf /dev/stdout /var/log/nginx/access.log && \ ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log && \ ln -sf /dev/stderr /var/log/nginx/error.log && \
cd /usr/share/zabbix/ && \ cd ${ZABBIX_WWW_ROOT}/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \ chown --quiet -R zabbix:root /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chgrp -R 0 /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \ chgrp -R 0 /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
chmod -R g=u /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \ chmod -R g=u /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
@ -103,9 +104,12 @@ RUN set -eux && \
chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \ chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \
chmod -R g=u /var/lib/php/session/ /var/lib/nginx/ chmod -R g=u /var/lib/php/session/ /var/lib/nginx/
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]

1
Dockerfiles/web-nginx-mysql/alpine/conf/etc/php83/php-fpm.conf
View File

@ -5,5 +5,6 @@ include=/etc/php83/php-fpm.d/*.conf
pid = /tmp/php-fpm.pid pid = /tmp/php-fpm.pid
error_log = /dev/fd/2 error_log = /dev/fd/2
log_level = notice
daemonize = no daemonize = no

9
Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf
View File

@ -46,8 +46,17 @@ server {
return 404; return 404;
} }
location = /nginx-status {
access_log off;
allow 127.0.0.1;
allow ::1;
deny all;
stub_status;
}
location ~ ^/(status|ping)$ { location ~ ^/(status|ping)$ {
access_log off; access_log off;
fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;

123
Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh
View File

@ -18,14 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user # Default user settings
: ${DAEMON_USER:="nginx"} : ${DAEMON_USER:="nginx"}
: ${DAEMON_GROUP:="nginx"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file # Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf" NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# Nginx virtual hosts configuration directory
NGINX_CONFD_DIR="/etc/nginx/http.d"
# Directory with SSL certificate files for Nginx
NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -134,12 +139,15 @@ check_db_connect() {
} }
prepare_web_server() { prepare_web_server() {
NGINX_CONFD_DIR="/etc/nginx/http.d" if [ "$(id -u)" == '0' ]; then
NGINX_SSL_CONFIG="/etc/ssl/nginx" sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
fi
if [ ! -f "/proc/net/if_inet6" ]; then if [ ! -f "/proc/net/if_inet6" ]; then
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf" sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf" sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi fi
echo "** Adding Zabbix virtual host (HTTP)" echo "** Adding Zabbix virtual host (HTTP)"
@ -149,7 +157,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host" echo "**** Impossible to enable HTTP virtual host"
fi fi
if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
echo "** Enable SSL support for Nginx" echo "** Enable SSL support for Nginx"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf" ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@ -159,12 +167,53 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Nginx. Certificates are missed." echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
fi fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
prepare_zbx_web_config() { prepare_zbx_php_config() {
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing PHP configuration"
PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"} export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"} export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@ -174,12 +223,10 @@ prepare_zbx_web_config() {
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"} export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE" echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE" echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE" echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE" echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
@ -227,55 +274,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
################################################# #################################################
@ -284,8 +290,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"

28
Dockerfiles/web-nginx-mysql/centos/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@ -100,20 +101,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
rm -f /etc/php-fpm.d/www.conf && \ rm -f /etc/php-fpm.d/www.conf && \
ln -sf /dev/stdout /var/log/nginx/access.log && \ ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log && \ ln -sf /dev/stderr /var/log/nginx/error.log && \
cd /usr/share/zabbix/ && \ cd ${ZABBIX_WWW_ROOT}/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \ cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \ chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \ chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \ chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
@ -124,9 +125,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
findutils \ findutils \
glibc-locale-source glibc-locale-source
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]

1
Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.conf
View File

@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
pid = /tmp/php-fpm.pid pid = /tmp/php-fpm.pid
error_log = /dev/fd/2 error_log = /dev/fd/2
log_level = notice
daemonize = no daemonize = no

9
Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf
View File

@ -46,8 +46,17 @@ server {
return 404; return 404;
} }
location = /nginx-status {
access_log off;
allow 127.0.0.1;
allow ::1;
deny all;
stub_status;
}
location ~ ^/(status|ping)$ { location ~ ^/(status|ping)$ {
access_log off; access_log off;
fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;

123
Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh
View File

@ -18,14 +18,19 @@ fi
# Default timezone for web interface # Default timezone for web interface
: ${PHP_TZ:="Europe/Riga"} : ${PHP_TZ:="Europe/Riga"}
# Default user # Default user settings
: ${DAEMON_USER:="nginx"} : ${DAEMON_USER:="nginx"}
: ${DAEMON_GROUP:="nginx"}
# Default directories # Default directories
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file # Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf" NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# Nginx virtual hosts configuration directory
NGINX_CONFD_DIR="/etc/nginx/conf.d"
# Directory with SSL certificate files for Nginx
NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
# PHP-FPM configuration file
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -134,12 +139,15 @@ check_db_connect() {
} }
prepare_web_server() { prepare_web_server() {
NGINX_CONFD_DIR="/etc/nginx/conf.d" if [ "$(id -u)" == '0' ]; then
NGINX_SSL_CONFIG="/etc/ssl/nginx" sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
fi
if [ ! -f "/proc/net/if_inet6" ]; then if [ ! -f "/proc/net/if_inet6" ]; then
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf" sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf" sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi fi
echo "** Adding Zabbix virtual host (HTTP)" echo "** Adding Zabbix virtual host (HTTP)"
@ -149,7 +157,7 @@ prepare_web_server() {
echo "**** Impossible to enable HTTP virtual host" echo "**** Impossible to enable HTTP virtual host"
fi fi
if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
echo "** Enable SSL support for Nginx" echo "** Enable SSL support for Nginx"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf" ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@ -159,12 +167,53 @@ prepare_web_server() {
else else
echo "**** Impossible to enable SSL support for Nginx. Certificates are missed." echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
fi fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
prepare_zbx_web_config() { prepare_zbx_php_config() {
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing PHP configuration"
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"} export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"} export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@ -174,12 +223,10 @@ prepare_zbx_web_config() {
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"} export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE" echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE" echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE" echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE" echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
fi fi
: ${ZBX_DENY_GUI_ACCESS:="false"} : ${ZBX_DENY_GUI_ACCESS:="false"}
@ -227,55 +274,14 @@ prepare_zbx_web_config() {
export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
}
prepare_zbx_config() {
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp" rm -f "/tmp/defines.inc.php_tmp"
fi fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
################################################# #################################################
@ -284,8 +290,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
check_variables check_variables
check_db_connect check_db_connect
prepare_zbx_php_config
prepare_web_server prepare_web_server
prepare_zbx_web_config prepare_zbx_config
echo "########################################################" echo "########################################################"

28
Dockerfiles/web-nginx-mysql/ol/Dockerfile
View File

@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \ ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \ ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \ org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
STOPSIGNAL SIGTERM STOPSIGNAL SIGTERM
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
COPY ["conf/etc/", "/etc/"] COPY ["conf/etc/", "/etc/"]
COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"] COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"]
@ -87,20 +88,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
rm -f /etc/php-fpm.d/www.conf && \ rm -f /etc/php-fpm.d/www.conf && \
ln -sf /dev/stdout /var/log/nginx/access.log && \ ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log && \ ln -sf /dev/stderr /var/log/nginx/error.log && \
cd /usr/share/zabbix/ && \ cd ${ZABBIX_WWW_ROOT}/ && \
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \ rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
rm -rf tests && \ rm -rf tests && \
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \ rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \ find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \ ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
cut -d"'" -f 2 | sort | \ cut -d"'" -f 2 | sort | \
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \ chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \ chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \ chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \ chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
@ -111,9 +112,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
findutils \ findutils \
glibc-locale-source glibc-locale-source
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1
EXPOSE 8080/TCP 8443/TCP EXPOSE 8080/TCP 8443/TCP
WORKDIR /usr/share/zabbix WORKDIR ${ZABBIX_WWW_ROOT}
COPY ["docker-entrypoint.sh", "/usr/bin/"] COPY ["docker-entrypoint.sh", "/usr/bin/"]

1
Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.conf
View File

@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
pid = /tmp/php-fpm.pid pid = /tmp/php-fpm.pid
error_log = /dev/fd/2 error_log = /dev/fd/2
log_level = notice
daemonize = no daemonize = no

9
Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf
View File

@ -46,8 +46,17 @@ server {
return 404; return 404;
} }
location = /nginx-status {
access_log off;
allow 127.0.0.1;
allow ::1;
deny all;
stub_status;
}
location ~ ^/(status|ping)$ { location ~ ^/(status|ping)$ {
access_log off; access_log off;
fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;

Some files were not shown because too many files have changed in this diff Show More