diff --git a/.env_web b/.env_web index 4d9e27016..4732507a9 100644 --- a/.env_web +++ b/.env_web @@ -9,6 +9,7 @@ ZBX_SERVER_NAME=Composed installation # ZBX_DB_CIPHER_LIST= # Available since 5.0.0 # ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5 # ZBX_HISTORYSTORAGETYPES=['uint', 'dbl', 'str', 'text', 'log'] # Available since 3.4.5 +# ZBX_SSO_SETTINGS=[] # Available since 5.0.0 # ENABLE_WEB_ACCESS_LOG=true # ZBX_MAXEXECUTIONTIME=600 # ZBX_MEMORYLIMIT=128M diff --git a/test.sh b/test.sh deleted file mode 100644 index b13dce3e1..000000000 --- a/test.sh +++ /dev/null @@ -1,16 +0,0 @@ -TAGS_ARRAY=() - -IMAGE_NAME="zabbix/zabbix-agent" -RELEASE_VERSION="refs/tags/5.0.3" -RELEASE_VERSION=${RELEASE_VERSION:10} - -GIT_BRANCH=${RELEASE_VERSION%.*} -echo "::debug::Release version ${RELEASE_VERSION}. Branch ${GIT_BRANCH}" -TAGS_ARRAY+=("$IMAGE_NAME:alpine-${RELEASE_VERSION}") - -if [ "alpine" == "alpine" ] && [ "${LATEST_BRANCH}" == "${GIT_BRANCH}" ]; then - TAGS_ARRAY+=("$IMAGE_NAME:latest") - fi -TAGS=$(printf -- "--tag %s " "${TAGS_ARRAY[@]}") - -echo $TAGS \ No newline at end of file diff --git a/web-apache-mysql/alpine/Dockerfile b/web-apache-mysql/alpine/Dockerfile index 8403632f1..d77f9ae6b 100644 --- a/web-apache-mysql/alpine/Dockerfile +++ b/web-apache-mysql/alpine/Dockerfile @@ -19,6 +19,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ apk add --clean-protected --no-cache \ apache2 \ bash \ diff --git a/web-apache-mysql/alpine/conf/etc/php7/conf.d/99-zabbix.ini b/web-apache-mysql/alpine/conf/etc/php7/conf.d/99-zabbix.ini index b060e4689..5dfff39cd 100644 --- a/web-apache-mysql/alpine/conf/etc/php7/conf.d/99-zabbix.ini +++ b/web-apache-mysql/alpine/conf/etc/php7/conf.d/99-zabbix.ini @@ -1,8 +1,8 @@ -max_execution_time=300 -memory_limit=128M -post_max_size=16M -upload_max_filesize=2M -max_input_time=300 +max_execution_time = ${ZBX_MAXEXECUTIONTIME} +memory_limit = ${ZBX_MEMORYLIMIT} +post_max_size = ${ZBX_POSTMAXSIZE} +upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE} +max_input_time = ${ZBX_MAXINPUTTIME} ; always_populate_raw_post_data=-1 -max_input_vars=10000 -; date.timezone=Europe/Riga +max_input_vars = 10000 +date.timezone = ${PHP_TZ} diff --git a/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 29f041457..920b8ab1c 100644 --- a/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'MYSQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-apache-mysql/alpine/docker-entrypoint.sh b/web-apache-mysql/alpine/docker-entrypoint.sh index dd9a0792c..69c292e41 100755 --- a/web-apache-mysql/alpine/docker-entrypoint.sh +++ b/web-apache-mysql/alpine/docker-entrypoint.sh @@ -57,67 +57,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - # Check prerequisites for MySQL database check_variables() { : ${DB_SERVER_HOST:="mysql-server"} @@ -229,54 +168,38 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" - PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini" + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" + export DB_SERVER_TYPE="MYSQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-apache-mysql/centos/Dockerfile b/web-apache-mysql/centos/Dockerfile index 21e21a1e0..8bd88b80b 100644 --- a/web-apache-mysql/centos/Dockerfile +++ b/web-apache-mysql/centos/Dockerfile @@ -17,6 +17,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ dnf --quiet makecache && \ dnf -y install epel-release && \ dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ diff --git a/web-apache-mysql/centos/conf/etc/php-fpm.d/zabbix.conf b/web-apache-mysql/centos/conf/etc/php-fpm.d/zabbix.conf index a4926f4ae..1d19fd099 100644 --- a/web-apache-mysql/centos/conf/etc/php-fpm.d/zabbix.conf +++ b/web-apache-mysql/centos/conf/etc/php-fpm.d/zabbix.conf @@ -2,6 +2,8 @@ listen = /tmp/php-fpm.sock +clear_env = no + pm = dynamic pm.max_children = 50 pm.start_servers = 5 @@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session -php_value[max_execution_time]= 300 -php_value[memory_limit]= 128M -php_value[post_max_size]= 16M -php_value[upload_max_filesize]= 2M -php_value[max_input_time]= 300 -php_value[max_input_vars]= 10000 -; php_value[date.timezone]= Europe/Riga +php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME} +php_value[memory_limit] = ${ZBX_MEMORYLIMIT} +php_value[post_max_size] = ${ZBX_POSTMAXSIZE} +php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE} +php_value[max_input_time] = ${ZBX_MAXINPUTTIME} +php_value[max_input_vars] = 10000 +php_value[date.timezone] = ${PHP_TZ} diff --git a/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index 29f041457..920b8ab1c 100644 --- a/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'MYSQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-apache-mysql/centos/docker-entrypoint.sh b/web-apache-mysql/centos/docker-entrypoint.sh index 323cc08ba..8332b1eda 100755 --- a/web-apache-mysql/centos/docker-entrypoint.sh +++ b/web-apache-mysql/centos/docker-entrypoint.sh @@ -57,67 +57,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - # Check prerequisites for MySQL database check_variables() { : ${DB_SERVER_HOST:="mysql-server"} @@ -229,21 +168,10 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}" - if [ "$(id -u)" == '0' ]; then echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE" @@ -251,39 +179,36 @@ prepare_zbx_web_config() { echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" fi - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_SERVER_TYPE="MYSQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} + + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-apache-mysql/ubuntu/Dockerfile b/web-apache-mysql/ubuntu/Dockerfile index 65f246678..4d3e70991 100644 --- a/web-apache-mysql/ubuntu/Dockerfile +++ b/web-apache-mysql/ubuntu/Dockerfile @@ -20,6 +20,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ apache2 \ diff --git a/web-apache-mysql/ubuntu/conf/etc/php/7.4/apache2/conf.d/99-zabbix.ini b/web-apache-mysql/ubuntu/conf/etc/php/7.4/apache2/conf.d/99-zabbix.ini index be93bd73a..5dfff39cd 100644 --- a/web-apache-mysql/ubuntu/conf/etc/php/7.4/apache2/conf.d/99-zabbix.ini +++ b/web-apache-mysql/ubuntu/conf/etc/php/7.4/apache2/conf.d/99-zabbix.ini @@ -1,9 +1,8 @@ -max_execution_time=300 -memory_limit=128M -post_max_size=16M -upload_max_filesize=2M -max_input_time=300 -always_populate_raw_post_date=-1 -max_input_vars=10000 -; date.timezone=Europe/Riga -;session.save_path=/var/lib/php/session +max_execution_time = ${ZBX_MAXEXECUTIONTIME} +memory_limit = ${ZBX_MEMORYLIMIT} +post_max_size = ${ZBX_POSTMAXSIZE} +upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE} +max_input_time = ${ZBX_MAXINPUTTIME} +; always_populate_raw_post_data=-1 +max_input_vars = 10000 +date.timezone = ${PHP_TZ} diff --git a/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 29f041457..920b8ab1c 100644 --- a/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'MYSQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-apache-mysql/ubuntu/docker-entrypoint.sh b/web-apache-mysql/ubuntu/docker-entrypoint.sh index 1a2616df9..698a5c258 100755 --- a/web-apache-mysql/ubuntu/docker-entrypoint.sh +++ b/web-apache-mysql/ubuntu/docker-entrypoint.sh @@ -57,67 +57,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - # Check prerequisites for MySQL database check_variables() { : ${DB_SERVER_HOST:="mysql-server"} @@ -229,55 +168,38 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - PHP_CONFIG_FILE="/etc/php/7.4/apache2/conf.d/99-zabbix.ini" + export DB_SERVER_TYPE="MYSQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") - - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-apache-pgsql/alpine/Dockerfile b/web-apache-pgsql/alpine/Dockerfile index c503c5945..450cb5d6e 100644 --- a/web-apache-pgsql/alpine/Dockerfile +++ b/web-apache-pgsql/alpine/Dockerfile @@ -19,6 +19,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ apk add --clean-protected --no-cache \ apache2 \ bash \ diff --git a/web-apache-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini b/web-apache-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini index b060e4689..5dfff39cd 100644 --- a/web-apache-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini +++ b/web-apache-pgsql/alpine/conf/etc/php7/conf.d/99-zabbix.ini @@ -1,8 +1,8 @@ -max_execution_time=300 -memory_limit=128M -post_max_size=16M -upload_max_filesize=2M -max_input_time=300 +max_execution_time = ${ZBX_MAXEXECUTIONTIME} +memory_limit = ${ZBX_MEMORYLIMIT} +post_max_size = ${ZBX_POSTMAXSIZE} +upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE} +max_input_time = ${ZBX_MAXINPUTTIME} ; always_populate_raw_post_data=-1 -max_input_vars=10000 -; date.timezone=Europe/Riga +max_input_vars = 10000 +date.timezone = ${PHP_TZ} diff --git a/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index a964548fa..920b8ab1c 100644 --- a/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'POSTGRESQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-apache-pgsql/alpine/docker-entrypoint.sh b/web-apache-pgsql/alpine/docker-entrypoint.sh index 87251c25f..c52ee4145 100755 --- a/web-apache-pgsql/alpine/docker-entrypoint.sh +++ b/web-apache-pgsql/alpine/docker-entrypoint.sh @@ -57,67 +57,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - # Check prerequisites for PostgreSQL database check_variables() { file_env POSTGRES_USER @@ -213,54 +152,38 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" - PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini" + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" + export DB_SERVER_TYPE="POSTGRESQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-apache-pgsql/centos/Dockerfile b/web-apache-pgsql/centos/Dockerfile index 61efef2bf..4200a9a03 100644 --- a/web-apache-pgsql/centos/Dockerfile +++ b/web-apache-pgsql/centos/Dockerfile @@ -17,6 +17,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ dnf --quiet makecache && \ dnf -y install epel-release && \ dnf -y install --setopt=install_weak_deps=False --best --setopt=tsflags=nodocs \ diff --git a/web-apache-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf b/web-apache-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf index a4926f4ae..1d19fd099 100644 --- a/web-apache-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf +++ b/web-apache-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf @@ -2,6 +2,8 @@ listen = /tmp/php-fpm.sock +clear_env = no + pm = dynamic pm.max_children = 50 pm.start_servers = 5 @@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session -php_value[max_execution_time]= 300 -php_value[memory_limit]= 128M -php_value[post_max_size]= 16M -php_value[upload_max_filesize]= 2M -php_value[max_input_time]= 300 -php_value[max_input_vars]= 10000 -; php_value[date.timezone]= Europe/Riga +php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME} +php_value[memory_limit] = ${ZBX_MEMORYLIMIT} +php_value[post_max_size] = ${ZBX_POSTMAXSIZE} +php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE} +php_value[max_input_time] = ${ZBX_MAXINPUTTIME} +php_value[max_input_vars] = 10000 +php_value[date.timezone] = ${PHP_TZ} diff --git a/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index a964548fa..920b8ab1c 100644 --- a/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'POSTGRESQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-apache-pgsql/centos/docker-entrypoint.sh b/web-apache-pgsql/centos/docker-entrypoint.sh index 01fd2fd1c..74611f8fa 100755 --- a/web-apache-pgsql/centos/docker-entrypoint.sh +++ b/web-apache-pgsql/centos/docker-entrypoint.sh @@ -60,67 +60,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - # Check prerequisites for PostgreSQL database check_variables() { file_env POSTGRES_USER @@ -216,21 +155,10 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}" - if [ "$(id -u)" == '0' ]; then echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE" @@ -238,39 +166,36 @@ prepare_zbx_web_config() { echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" fi - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_SERVER_TYPE="POSTGRESQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} + + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-apache-pgsql/ubuntu/Dockerfile b/web-apache-pgsql/ubuntu/Dockerfile index b02adbce9..fffc5a7b1 100644 --- a/web-apache-pgsql/ubuntu/Dockerfile +++ b/web-apache-pgsql/ubuntu/Dockerfile @@ -20,6 +20,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ apache2 \ diff --git a/web-apache-pgsql/ubuntu/conf/etc/php/7.4/apache2/conf.d/99-zabbix.ini b/web-apache-pgsql/ubuntu/conf/etc/php/7.4/apache2/conf.d/99-zabbix.ini index b5356c3da..5dfff39cd 100644 --- a/web-apache-pgsql/ubuntu/conf/etc/php/7.4/apache2/conf.d/99-zabbix.ini +++ b/web-apache-pgsql/ubuntu/conf/etc/php/7.4/apache2/conf.d/99-zabbix.ini @@ -1,9 +1,8 @@ -max_execution_time=300 -memory_limit=128M -post_max_size=16M -upload_max_filesize=2M -max_input_time=300 -always_populate_raw_post_date=-1 -max_input_vars=10000 -; date.timezone=Europe/Riga -session.save_path=/var/lib/php/sessions +max_execution_time = ${ZBX_MAXEXECUTIONTIME} +memory_limit = ${ZBX_MEMORYLIMIT} +post_max_size = ${ZBX_POSTMAXSIZE} +upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE} +max_input_time = ${ZBX_MAXINPUTTIME} +; always_populate_raw_post_data=-1 +max_input_vars = 10000 +date.timezone = ${PHP_TZ} diff --git a/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index a964548fa..920b8ab1c 100644 --- a/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'POSTGRESQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-apache-pgsql/ubuntu/docker-entrypoint.sh b/web-apache-pgsql/ubuntu/docker-entrypoint.sh index d539e4727..3cdef0052 100755 --- a/web-apache-pgsql/ubuntu/docker-entrypoint.sh +++ b/web-apache-pgsql/ubuntu/docker-entrypoint.sh @@ -60,68 +60,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - # Check prerequisites for PostgreSQL database check_variables() { file_env POSTGRES_USER @@ -221,55 +159,38 @@ clear_deploy() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - PHP_CONFIG_FILE="/etc/php/7.4/apache2/conf.d/99-zabbix.ini" + export DB_SERVER_TYPE="POSTGRESQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") - - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-nginx-mysql/alpine/Dockerfile b/web-nginx-mysql/alpine/Dockerfile index be825a464..d9a293caa 100644 --- a/web-nginx-mysql/alpine/Dockerfile +++ b/web-nginx-mysql/alpine/Dockerfile @@ -19,6 +19,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ mkdir -p /var/lib/php/session && \ apk add --clean-protected --no-cache \ bash \ diff --git a/web-nginx-mysql/alpine/conf/etc/php7/php-fpm.d/zabbix.conf b/web-nginx-mysql/alpine/conf/etc/php7/php-fpm.d/zabbix.conf index a4926f4ae..1d19fd099 100644 --- a/web-nginx-mysql/alpine/conf/etc/php7/php-fpm.d/zabbix.conf +++ b/web-nginx-mysql/alpine/conf/etc/php7/php-fpm.d/zabbix.conf @@ -2,6 +2,8 @@ listen = /tmp/php-fpm.sock +clear_env = no + pm = dynamic pm.max_children = 50 pm.start_servers = 5 @@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session -php_value[max_execution_time]= 300 -php_value[memory_limit]= 128M -php_value[post_max_size]= 16M -php_value[upload_max_filesize]= 2M -php_value[max_input_time]= 300 -php_value[max_input_vars]= 10000 -; php_value[date.timezone]= Europe/Riga +php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME} +php_value[memory_limit] = ${ZBX_MEMORYLIMIT} +php_value[post_max_size] = ${ZBX_POSTMAXSIZE} +php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE} +php_value[max_input_time] = ${ZBX_MAXINPUTTIME} +php_value[max_input_vars] = 10000 +php_value[date.timezone] = ${PHP_TZ} diff --git a/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 29f041457..920b8ab1c 100644 --- a/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'MYSQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-nginx-mysql/alpine/docker-entrypoint.sh b/web-nginx-mysql/alpine/docker-entrypoint.sh index 3925f62a9..49f0d2714 100755 --- a/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -59,83 +59,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - -update_config_multiple_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - - var_value="${var_value%\"}" - var_value="${var_value#\"}" - - local IFS=, - local OPT_LIST=($var_value) - - for value in "${OPT_LIST[@]}"; do - update_config_var $config_path $var_name $value true - done -} - # Check prerequisites for MySQL database check_variables() { : ${DB_SERVER_HOST:="mysql-server"} @@ -249,22 +172,10 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" - PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}" - if [ "$(id -u)" == '0' ]; then echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE" @@ -272,39 +183,36 @@ prepare_zbx_web_config() { echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" fi - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_SERVER_TYPE="MYSQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} + + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-nginx-mysql/centos/Dockerfile b/web-nginx-mysql/centos/Dockerfile index 06b859e8f..13a391974 100644 --- a/web-nginx-mysql/centos/Dockerfile +++ b/web-nginx-mysql/centos/Dockerfile @@ -17,6 +17,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ mkdir -p /var/lib/php/session && \ dnf --quiet makecache && \ dnf -y install epel-release && \ diff --git a/web-nginx-mysql/centos/conf/etc/php-fpm.d/zabbix.conf b/web-nginx-mysql/centos/conf/etc/php-fpm.d/zabbix.conf index a4926f4ae..1d19fd099 100644 --- a/web-nginx-mysql/centos/conf/etc/php-fpm.d/zabbix.conf +++ b/web-nginx-mysql/centos/conf/etc/php-fpm.d/zabbix.conf @@ -2,6 +2,8 @@ listen = /tmp/php-fpm.sock +clear_env = no + pm = dynamic pm.max_children = 50 pm.start_servers = 5 @@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session -php_value[max_execution_time]= 300 -php_value[memory_limit]= 128M -php_value[post_max_size]= 16M -php_value[upload_max_filesize]= 2M -php_value[max_input_time]= 300 -php_value[max_input_vars]= 10000 -; php_value[date.timezone]= Europe/Riga +php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME} +php_value[memory_limit] = ${ZBX_MEMORYLIMIT} +php_value[post_max_size] = ${ZBX_POSTMAXSIZE} +php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE} +php_value[max_input_time] = ${ZBX_MAXINPUTTIME} +php_value[max_input_vars] = 10000 +php_value[date.timezone] = ${PHP_TZ} diff --git a/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index 29f041457..920b8ab1c 100644 --- a/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'MYSQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-nginx-mysql/centos/docker-entrypoint.sh b/web-nginx-mysql/centos/docker-entrypoint.sh index 8b92ee362..22cc9ddb7 100755 --- a/web-nginx-mysql/centos/docker-entrypoint.sh +++ b/web-nginx-mysql/centos/docker-entrypoint.sh @@ -59,83 +59,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - -update_config_multiple_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - - var_value="${var_value%\"}" - var_value="${var_value#\"}" - - local IFS=, - local OPT_LIST=($var_value) - - for value in "${OPT_LIST[@]}"; do - update_config_var $config_path $var_name $value true - done -} - # Check prerequisites for MySQL database check_variables() { : ${DB_SERVER_HOST:="mysql-server"} @@ -249,22 +172,10 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" - PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}" - if [ "$(id -u)" == '0' ]; then echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE" @@ -272,39 +183,36 @@ prepare_zbx_web_config() { echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" fi - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_SERVER_TYPE="MYSQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} + + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-nginx-mysql/rhel/Dockerfile b/web-nginx-mysql/rhel/Dockerfile index 42a742485..fc6b074ae 100644 --- a/web-nginx-mysql/rhel/Dockerfile +++ b/web-nginx-mysql/rhel/Dockerfile @@ -68,6 +68,7 @@ RUN set -eux && INSTALL_PKGS="bash \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ mkdir -p /var/lib/php/session && \ rm -f /etc/nginx/conf.d/*.conf && \ rm -f /etc/php-fpm.d/www.conf && \ diff --git a/web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf b/web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf index a4926f4ae..1d19fd099 100644 --- a/web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf +++ b/web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf @@ -2,6 +2,8 @@ listen = /tmp/php-fpm.sock +clear_env = no + pm = dynamic pm.max_children = 50 pm.start_servers = 5 @@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session -php_value[max_execution_time]= 300 -php_value[memory_limit]= 128M -php_value[post_max_size]= 16M -php_value[upload_max_filesize]= 2M -php_value[max_input_time]= 300 -php_value[max_input_vars]= 10000 -; php_value[date.timezone]= Europe/Riga +php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME} +php_value[memory_limit] = ${ZBX_MEMORYLIMIT} +php_value[post_max_size] = ${ZBX_POSTMAXSIZE} +php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE} +php_value[max_input_time] = ${ZBX_MAXINPUTTIME} +php_value[max_input_vars] = 10000 +php_value[date.timezone] = ${PHP_TZ} diff --git a/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php b/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php index 29f041457..920b8ab1c 100644 --- a/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'MYSQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-nginx-mysql/rhel/docker-entrypoint.sh b/web-nginx-mysql/rhel/docker-entrypoint.sh index 8b92ee362..38122c352 100755 --- a/web-nginx-mysql/rhel/docker-entrypoint.sh +++ b/web-nginx-mysql/rhel/docker-entrypoint.sh @@ -249,22 +249,10 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" - PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}" - if [ "$(id -u)" == '0' ]; then echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE" @@ -272,39 +260,36 @@ prepare_zbx_web_config() { echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" fi - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_SERVER_TYPE="MYSQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} + + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-nginx-mysql/ubuntu/Dockerfile b/web-nginx-mysql/ubuntu/Dockerfile index 8416f6054..110208752 100644 --- a/web-nginx-mysql/ubuntu/Dockerfile +++ b/web-nginx-mysql/ubuntu/Dockerfile @@ -19,6 +19,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ mkdir -p /var/lib/php/session && \ apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ diff --git a/web-nginx-mysql/ubuntu/conf/etc/php/7.4/fpm/pool.d/zabbix.conf b/web-nginx-mysql/ubuntu/conf/etc/php/7.4/fpm/pool.d/zabbix.conf index a4926f4ae..1d19fd099 100644 --- a/web-nginx-mysql/ubuntu/conf/etc/php/7.4/fpm/pool.d/zabbix.conf +++ b/web-nginx-mysql/ubuntu/conf/etc/php/7.4/fpm/pool.d/zabbix.conf @@ -2,6 +2,8 @@ listen = /tmp/php-fpm.sock +clear_env = no + pm = dynamic pm.max_children = 50 pm.start_servers = 5 @@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session -php_value[max_execution_time]= 300 -php_value[memory_limit]= 128M -php_value[post_max_size]= 16M -php_value[upload_max_filesize]= 2M -php_value[max_input_time]= 300 -php_value[max_input_vars]= 10000 -; php_value[date.timezone]= Europe/Riga +php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME} +php_value[memory_limit] = ${ZBX_MEMORYLIMIT} +php_value[post_max_size] = ${ZBX_POSTMAXSIZE} +php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE} +php_value[max_input_time] = ${ZBX_MAXINPUTTIME} +php_value[max_input_vars] = 10000 +php_value[date.timezone] = ${PHP_TZ} diff --git a/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 29f041457..920b8ab1c 100644 --- a/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'MYSQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/web-nginx-mysql/ubuntu/docker-entrypoint.sh index bc1b2bab4..89dcfe779 100755 --- a/web-nginx-mysql/ubuntu/docker-entrypoint.sh +++ b/web-nginx-mysql/ubuntu/docker-entrypoint.sh @@ -59,83 +59,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - -update_config_multiple_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - - var_value="${var_value%\"}" - var_value="${var_value#\"}" - - local IFS=, - local OPT_LIST=($var_value) - - for value in "${OPT_LIST[@]}"; do - update_config_var $config_path $var_name $value true - done -} - # Check prerequisites for MySQL database check_variables() { : ${DB_SERVER_HOST:="mysql-server"} @@ -249,22 +172,10 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" - PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}" - if [ "$(id -u)" == '0' ]; then echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE" @@ -272,39 +183,36 @@ prepare_zbx_web_config() { echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" fi - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_SERVER_TYPE="MYSQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} + + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + + export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-nginx-pgsql/alpine/Dockerfile b/web-nginx-pgsql/alpine/Dockerfile index 60dc2d12d..3afa26cb4 100644 --- a/web-nginx-pgsql/alpine/Dockerfile +++ b/web-nginx-pgsql/alpine/Dockerfile @@ -19,6 +19,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ mkdir -p /var/lib/php/session && \ apk add --clean-protected --no-cache \ bash \ diff --git a/web-nginx-pgsql/alpine/conf/etc/php7/php-fpm.d/zabbix.conf b/web-nginx-pgsql/alpine/conf/etc/php7/php-fpm.d/zabbix.conf index a4926f4ae..1d19fd099 100644 --- a/web-nginx-pgsql/alpine/conf/etc/php7/php-fpm.d/zabbix.conf +++ b/web-nginx-pgsql/alpine/conf/etc/php7/php-fpm.d/zabbix.conf @@ -2,6 +2,8 @@ listen = /tmp/php-fpm.sock +clear_env = no + pm = dynamic pm.max_children = 50 pm.start_servers = 5 @@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session -php_value[max_execution_time]= 300 -php_value[memory_limit]= 128M -php_value[post_max_size]= 16M -php_value[upload_max_filesize]= 2M -php_value[max_input_time]= 300 -php_value[max_input_vars]= 10000 -; php_value[date.timezone]= Europe/Riga +php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME} +php_value[memory_limit] = ${ZBX_MEMORYLIMIT} +php_value[post_max_size] = ${ZBX_POSTMAXSIZE} +php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE} +php_value[max_input_time] = ${ZBX_MAXINPUTTIME} +php_value[max_input_vars] = 10000 +php_value[date.timezone] = ${PHP_TZ} diff --git a/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index a964548fa..920b8ab1c 100644 --- a/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'POSTGRESQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-nginx-pgsql/alpine/docker-entrypoint.sh b/web-nginx-pgsql/alpine/docker-entrypoint.sh index 4454b43a7..9956ce804 100755 --- a/web-nginx-pgsql/alpine/docker-entrypoint.sh +++ b/web-nginx-pgsql/alpine/docker-entrypoint.sh @@ -62,83 +62,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - -update_config_multiple_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - - var_value="${var_value%\"}" - var_value="${var_value#\"}" - - local IFS=, - local OPT_LIST=($var_value) - - for value in "${OPT_LIST[@]}"; do - update_config_var $config_path $var_name $value true - done -} - # Check prerequisites for PostgreSQL database check_variables() { file_env POSTGRES_USER @@ -235,22 +158,10 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" - PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}" - if [ "$(id -u)" == '0' ]; then echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE" @@ -258,39 +169,34 @@ prepare_zbx_web_config() { echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" fi - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_SERVER_TYPE="POSTGRESQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} + + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-nginx-pgsql/centos/Dockerfile b/web-nginx-pgsql/centos/Dockerfile index 39b654366..b6c7af13c 100644 --- a/web-nginx-pgsql/centos/Dockerfile +++ b/web-nginx-pgsql/centos/Dockerfile @@ -17,6 +17,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ mkdir -p /var/lib/php/session && \ dnf --quiet makecache && \ dnf -y install epel-release && \ diff --git a/web-nginx-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf b/web-nginx-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf index a4926f4ae..1d19fd099 100644 --- a/web-nginx-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf +++ b/web-nginx-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf @@ -2,6 +2,8 @@ listen = /tmp/php-fpm.sock +clear_env = no + pm = dynamic pm.max_children = 50 pm.start_servers = 5 @@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session -php_value[max_execution_time]= 300 -php_value[memory_limit]= 128M -php_value[post_max_size]= 16M -php_value[upload_max_filesize]= 2M -php_value[max_input_time]= 300 -php_value[max_input_vars]= 10000 -; php_value[date.timezone]= Europe/Riga +php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME} +php_value[memory_limit] = ${ZBX_MEMORYLIMIT} +php_value[post_max_size] = ${ZBX_POSTMAXSIZE} +php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE} +php_value[max_input_time] = ${ZBX_MAXINPUTTIME} +php_value[max_input_vars] = 10000 +php_value[date.timezone] = ${PHP_TZ} diff --git a/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index a964548fa..920b8ab1c 100644 --- a/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'POSTGRESQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-nginx-pgsql/centos/docker-entrypoint.sh b/web-nginx-pgsql/centos/docker-entrypoint.sh index 28a7bd845..88e2b01ca 100755 --- a/web-nginx-pgsql/centos/docker-entrypoint.sh +++ b/web-nginx-pgsql/centos/docker-entrypoint.sh @@ -62,83 +62,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - -update_config_multiple_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - - var_value="${var_value%\"}" - var_value="${var_value#\"}" - - local IFS=, - local OPT_LIST=($var_value) - - for value in "${OPT_LIST[@]}"; do - update_config_var $config_path $var_name $value true - done -} - # Check prerequisites for PostgreSQL database check_variables() { file_env POSTGRES_USER @@ -235,22 +158,10 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" - PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}" - if [ "$(id -u)" == '0' ]; then echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE" @@ -258,39 +169,34 @@ prepare_zbx_web_config() { echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" fi - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_SERVER_TYPE="POSTGRESQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} + + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/web-nginx-pgsql/ubuntu/Dockerfile b/web-nginx-pgsql/ubuntu/Dockerfile index c9836d027..70ea09d4c 100644 --- a/web-nginx-pgsql/ubuntu/Dockerfile +++ b/web-nginx-pgsql/ubuntu/Dockerfile @@ -19,6 +19,7 @@ RUN set -eux && \ zabbix && \ mkdir -p /etc/zabbix && \ mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ mkdir -p /var/lib/php/session && \ apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ diff --git a/web-nginx-pgsql/ubuntu/conf/etc/php/7.4/fpm/pool.d/zabbix.conf b/web-nginx-pgsql/ubuntu/conf/etc/php/7.4/fpm/pool.d/zabbix.conf index a4926f4ae..1d19fd099 100644 --- a/web-nginx-pgsql/ubuntu/conf/etc/php/7.4/fpm/pool.d/zabbix.conf +++ b/web-nginx-pgsql/ubuntu/conf/etc/php/7.4/fpm/pool.d/zabbix.conf @@ -2,6 +2,8 @@ listen = /tmp/php-fpm.sock +clear_env = no + pm = dynamic pm.max_children = 50 pm.start_servers = 5 @@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session -php_value[max_execution_time]= 300 -php_value[memory_limit]= 128M -php_value[post_max_size]= 16M -php_value[upload_max_filesize]= 2M -php_value[max_input_time]= 300 -php_value[max_input_vars]= 10000 -; php_value[date.timezone]= Europe/Riga +php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME} +php_value[memory_limit] = ${ZBX_MEMORYLIMIT} +php_value[post_max_size] = ${ZBX_POSTMAXSIZE} +php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE} +php_value[max_input_time] = ${ZBX_MAXINPUTTIME} +php_value[max_input_vars] = 10000 +php_value[date.timezone] = ${PHP_TZ} diff --git a/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index a964548fa..920b8ab1c 100644 --- a/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -2,37 +2,49 @@ // Zabbix GUI configuration file. global $DB, $HISTORY; -$DB['TYPE'] = 'POSTGRESQL'; -$DB['SERVER'] = '{DB_SERVER_HOST}'; -$DB['PORT'] = '{DB_SERVER_PORT}'; -$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; -$DB['USER'] = '{DB_SERVER_USER}'; -$DB['PASSWORD'] = '{DB_SERVER_PASS}'; +$DB['TYPE'] = getenv('DB_SERVER_TYPE'); +$DB['SERVER'] = getenv('DB_SERVER_HOST'); +$DB['PORT'] = getenv('DB_SERVER_PORT'); +$DB['DATABASE'] = getenv('DB_SERVER_DBNAME'); +$DB['USER'] = getenv('DB_SERVER_USER'); +$DB['PASSWORD'] = getenv('DB_SERVER_PASS'); // Schema name. Used for IBM DB2 and PostgreSQL. -$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; +$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA'); -$ZBX_SERVER = '{ZBX_SERVER_HOST}'; -$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; -$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; +$ZBX_SERVER = getenv('ZBX_SERVER_HOST'); +$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT'); +$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; -$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; -$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; -$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; -$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; -$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). -$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; +$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); +$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url; // Value types stored in Elasticsearch. -$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; +$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES')); + +$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array(); + +// Used for SAML authentication. +// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings. +$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : ''; +$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : ''; +$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : ''; + +$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array(); diff --git a/web-nginx-pgsql/ubuntu/docker-entrypoint.sh b/web-nginx-pgsql/ubuntu/docker-entrypoint.sh index dad9542a5..697f464a5 100755 --- a/web-nginx-pgsql/ubuntu/docker-entrypoint.sh +++ b/web-nginx-pgsql/ubuntu/docker-entrypoint.sh @@ -62,83 +62,6 @@ file_env() { unset "$fileVar" } -escape_spec_char() { - local var_value=$1 - - var_value="${var_value//\\/\\\\}" - var_value="${var_value//[$'\n']/}" - var_value="${var_value//\//\\/}" - var_value="${var_value//./\\.}" - var_value="${var_value//\*/\\*}" - var_value="${var_value//^/\\^}" - var_value="${var_value//\$/\\\$}" - var_value="${var_value//\&/\\\&}" - var_value="${var_value//\[/\\[}" - var_value="${var_value//\]/\\]}" - - echo "$var_value" -} - -update_config_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - local is_multiple=$4 - - if [ ! -f "$config_path" ]; then - echo "**** Configuration file '$config_path' does not exist" - return - fi - - echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... " - - # Remove configuration parameter definition in case of unset parameter value - if [ -z "$var_value" ]; then - sed -i -e "/^$var_name=/d" "$config_path" - echo "removed" - return - fi - - # Remove value from configuration parameter in case of double quoted parameter value - if [ "$var_value" == '""' ]; then - sed -i -e "/^$var_name=/s/=.*/=/" "$config_path" - echo "undefined" - return - fi - - # Escaping characters in parameter value and name - var_value=$(escape_spec_char "$var_value") - var_name=$(escape_spec_char "$var_name") - - if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then - sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path" - echo "updated" - elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then - sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path" - echo "added first occurrence" - else - sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path" - echo "added" - fi - -} - -update_config_multiple_var() { - local config_path=$1 - local var_name=$2 - local var_value=$3 - - var_value="${var_value%\"}" - var_value="${var_value#\"}" - - local IFS=, - local OPT_LIST=($var_value) - - for value in "${OPT_LIST[@]}"; do - update_config_var $config_path $var_name $value true - done -} - # Check prerequisites for PostgreSQL database check_variables() { file_env POSTGRES_USER @@ -235,22 +158,10 @@ prepare_web_server() { } prepare_zbx_web_config() { - local server_name="" - echo "** Preparing Zabbix frontend configuration file" - ZBX_WWW_ROOT="/usr/share/zabbix" - ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" - PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}" - update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}" - if [ "$(id -u)" == '0' ]; then echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE" @@ -258,39 +169,34 @@ prepare_zbx_web_config() { echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" fi - ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} + export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} + export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} + export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} + export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} + export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} + export PHP_TZ=${PHP_TZ:-"Europe/Riga"} - # Escaping characters in parameter value - server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") - server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") - server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") - history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") - history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + export DB_SERVER_TYPE="POSTGRESQL" + export DB_SERVER_HOST=${DB_SERVER_HOST} + export DB_SERVER_PORT=${DB_SERVER_PORT} + export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} + export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} + export DB_SERVER_USER=${DB_SERVER_ZBX_USER} + export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} + export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} + export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"} + export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} - ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") - ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") - ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"} + export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} + export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} + export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} + export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"} - sed -i \ - -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ - -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ - -e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ - -e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \ - -e "s/{DB_SERVER_USER}/$server_user/g" \ - -e "s/{DB_SERVER_PASS}/$server_pass/g" \ - -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ - -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ - -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ - -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ - -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ - -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ - -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ - -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ - -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ - -e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \ - -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ - -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ - "$ZBX_WEB_CONFIG" + export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"} + + export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} + export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" diff --git a/zabbix-appliance/rhel/Dockerfile b/zabbix-appliance/rhel/Dockerfile index be9a48ed1..fcef8f943 100644 --- a/zabbix-appliance/rhel/Dockerfile +++ b/zabbix-appliance/rhel/Dockerfile @@ -82,6 +82,8 @@ RUN set -o xtrace && INSTALL_PKGS="OpenIPMI-libs \ -d /var/lib/zabbix/ -u 1997 \ zabbix && \ mkdir -p /etc/zabbix && \ + mkdir -p /etc/zabbix/web && \ + mkdir -p /etc/zabbix/web/certs && \ mkdir -p /var/lib/zabbix && \ mkdir -p /usr/lib/zabbix/alertscripts && \ mkdir -p /var/lib/zabbix/enc && \