Added EXPOSE_WEB_SERVER_INFO variable to control web server / php versions expose

This commit is contained in:
Alexey Pustovalov 2024-02-06 17:54:37 +09:00
parent 562976f010
commit 2910cfd3f6
45 changed files with 298 additions and 40 deletions

View File

@ -134,12 +134,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
### `ENABLE_WEB_ACCESS_LOG`
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output.
The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
### `HTTP_INDEX_FILE`
The variable controls default index page. By default, `index.php`.
### `EXPOSE_WEB_SERVER_INFO`
The variable allows to hide Web server and PHP versions. By default, `on`.
### `ZBX_MAXEXECUTIONTIME`
The varable is PHP ``max_execution_time`` option. By default, value is `300`.

View File

@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1
max_input_vars = 10000
date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -226,8 +228,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/httpd.conf"
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
}
#################################################

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -242,8 +244,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/httpd/conf/httpd.conf"
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
}
#################################################

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -242,8 +244,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/httpd/conf/httpd.conf"
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
}
#################################################

View File

@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1
max_input_vars = 10000
date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -226,11 +228,25 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/apache2.conf"
"$HTTPD_CONF_FILE"
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/conf-available/other-vhosts-access-log.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
}
#################################################

View File

@ -138,12 +138,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
### `ENABLE_WEB_ACCESS_LOG`
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output.
The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
### `HTTP_INDEX_FILE`
The variable controls default index page. By default, `index.php`.
### `EXPOSE_WEB_SERVER_INFO`
The variable allows to hide Web server and PHP versions. By default, `on`.
### `ZBX_MAXEXECUTIONTIME`
The varable is PHP ``max_execution_time`` option. By default, value is `300`.

View File

@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1
max_input_vars = 10000
date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -213,8 +215,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/httpd.conf"
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
}
#################################################

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -229,8 +231,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/httpd/conf/httpd.conf"
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
}
#################################################

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -229,8 +231,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/httpd/conf/httpd.conf"
"$HTTPD_CONF_FILE"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
}
#################################################

View File

@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1
max_input_vars = 10000
date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -217,11 +219,25 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/apache2.conf"
"$HTTPD_CONF_FILE"
sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/conf-available/other-vhosts-access-log.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
}
#################################################

View File

@ -135,12 +135,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
### `ENABLE_WEB_ACCESS_LOG`
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output.
The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
### `HTTP_INDEX_FILE`
The variable controls default index page. By default, `index.php`.
### `EXPOSE_WEB_SERVER_INFO`
The variable allows to hide Web server and PHP versions. By default, `on`.
### `ZBX_MAXEXECUTIONTIME`
The varable is PHP ``max_execution_time`` option. By default, value is `300`.

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/http.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -214,7 +216,7 @@ prepare_zbx_web_config() {
export VAULT_TOKEN=${VAULT_TOKEN}
export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
: ${DB_DOUBLE_IEEE754:="true"}
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -138,12 +138,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
### `ENABLE_WEB_ACCESS_LOG`
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output.
The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
### `HTTP_INDEX_FILE`
The variable controls default index page. By default, `index.php`.
### `EXPOSE_WEB_SERVER_INFO`
The variable allows to hide Web server and PHP versions. By default, `on`.
### `ZBX_MAXEXECUTIONTIME`
The varable is PHP ``max_execution_time`` option. By default, value is `300`.

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/http.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -244,14 +246,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -30,6 +30,7 @@ ZBX_SERVER_NAME=Composed installation
# ZBX_GUI_ACCESS_IP_RANGE=['127.0.0.1']
# ZBX_GUI_WARNING_MSG=Zabbix is under maintenance.
# HTTP_INDEX_FILE=index.php
# EXPOSE_WEB_SERVER_INFO=on
# PHP_FPM_PM=dynamic
# PHP_FPM_PM_MAX_CHILDREN=50