mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2024-11-07 16:34:20 +01:00
Added EXPOSE_WEB_SERVER_INFO variable to control web server / php versions expose
This commit is contained in:
parent
562976f010
commit
2910cfd3f6
@ -134,12 +134,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
|
||||
|
||||
### `ENABLE_WEB_ACCESS_LOG`
|
||||
|
||||
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output.
|
||||
The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
|
||||
|
||||
### `HTTP_INDEX_FILE`
|
||||
|
||||
The variable controls default index page. By default, `index.php`.
|
||||
|
||||
### `EXPOSE_WEB_SERVER_INFO`
|
||||
|
||||
The variable allows to hide Web server and PHP versions. By default, `on`.
|
||||
|
||||
### `ZBX_MAXEXECUTIONTIME`
|
||||
|
||||
The varable is PHP ``max_execution_time`` option. By default, value is `300`.
|
||||
|
@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
expose_php = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -226,8 +228,22 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/apache2/httpd.conf"
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -242,8 +244,22 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/httpd/conf/httpd.conf"
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -242,8 +244,22 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/httpd/conf/httpd.conf"
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
expose_php = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -226,11 +228,25 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/apache2/apache2.conf"
|
||||
"$HTTPD_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/apache2/conf-available/other-vhosts-access-log.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -138,12 +138,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
|
||||
|
||||
### `ENABLE_WEB_ACCESS_LOG`
|
||||
|
||||
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output.
|
||||
The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
|
||||
|
||||
### `HTTP_INDEX_FILE`
|
||||
|
||||
The variable controls default index page. By default, `index.php`.
|
||||
|
||||
### `EXPOSE_WEB_SERVER_INFO`
|
||||
|
||||
The variable allows to hide Web server and PHP versions. By default, `on`.
|
||||
|
||||
### `ZBX_MAXEXECUTIONTIME`
|
||||
|
||||
The varable is PHP ``max_execution_time`` option. By default, value is `300`.
|
||||
|
@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
expose_php = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -213,8 +215,22 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/apache2/httpd.conf"
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -229,8 +231,22 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/httpd/conf/httpd.conf"
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -229,8 +231,22 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/httpd/conf/httpd.conf"
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
expose_php = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -217,11 +219,25 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/apache2/apache2.conf"
|
||||
"$HTTPD_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/apache2/conf-available/other-vhosts-access-log.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -135,12 +135,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
|
||||
|
||||
### `ENABLE_WEB_ACCESS_LOG`
|
||||
|
||||
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output.
|
||||
The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
|
||||
|
||||
### `HTTP_INDEX_FILE`
|
||||
|
||||
The variable controls default index page. By default, `index.php`.
|
||||
|
||||
### `EXPOSE_WEB_SERVER_INFO`
|
||||
|
||||
The variable allows to hide Web server and PHP versions. By default, `on`.
|
||||
|
||||
### `ZBX_MAXEXECUTIONTIME`
|
||||
|
||||
The varable is PHP ``max_execution_time`` option. By default, value is `300`.
|
||||
|
@ -65,7 +65,7 @@ http {
|
||||
ignore_invalid_headers on;
|
||||
|
||||
index index.php;
|
||||
server_tokens off;
|
||||
server_tokens {EXPOSE_WEB_SERVER_INFO};
|
||||
|
||||
include /etc/nginx/http.d/*.conf;
|
||||
}
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Nginx main configuration file
|
||||
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -214,7 +216,7 @@ prepare_zbx_web_config() {
|
||||
export VAULT_TOKEN=${VAULT_TOKEN}
|
||||
export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
|
||||
export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
|
||||
|
||||
|
||||
: ${DB_DOUBLE_IEEE754:="true"}
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
|
||||
|
||||
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/nginx/nginx.conf"
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx.conf"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx_ssl.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
|
||||
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
|
||||
"$NGINX_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -65,7 +65,7 @@ http {
|
||||
ignore_invalid_headers on;
|
||||
|
||||
index index.php;
|
||||
server_tokens off;
|
||||
server_tokens {EXPOSE_WEB_SERVER_INFO};
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Nginx main configuration file
|
||||
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/nginx/nginx.conf"
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx.conf"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx_ssl.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
|
||||
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
|
||||
"$NGINX_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -65,7 +65,7 @@ http {
|
||||
ignore_invalid_headers on;
|
||||
|
||||
index index.php;
|
||||
server_tokens off;
|
||||
server_tokens {EXPOSE_WEB_SERVER_INFO};
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Nginx main configuration file
|
||||
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/nginx/nginx.conf"
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx.conf"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx_ssl.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
|
||||
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
|
||||
"$NGINX_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -65,7 +65,7 @@ http {
|
||||
ignore_invalid_headers on;
|
||||
|
||||
index index.php;
|
||||
server_tokens off;
|
||||
server_tokens {EXPOSE_WEB_SERVER_INFO};
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Nginx main configuration file
|
||||
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/nginx/nginx.conf"
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx.conf"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx_ssl.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
|
||||
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
|
||||
"$NGINX_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -65,7 +65,7 @@ http {
|
||||
ignore_invalid_headers on;
|
||||
|
||||
index index.php;
|
||||
server_tokens off;
|
||||
server_tokens {EXPOSE_WEB_SERVER_INFO};
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Nginx main configuration file
|
||||
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/nginx/nginx.conf"
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx.conf"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx_ssl.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
|
||||
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
|
||||
"$NGINX_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -138,12 +138,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
|
||||
|
||||
### `ENABLE_WEB_ACCESS_LOG`
|
||||
|
||||
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output.
|
||||
The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
|
||||
|
||||
### `HTTP_INDEX_FILE`
|
||||
|
||||
The variable controls default index page. By default, `index.php`.
|
||||
|
||||
### `EXPOSE_WEB_SERVER_INFO`
|
||||
|
||||
The variable allows to hide Web server and PHP versions. By default, `on`.
|
||||
|
||||
### `ZBX_MAXEXECUTIONTIME`
|
||||
|
||||
The varable is PHP ``max_execution_time`` option. By default, value is `300`.
|
||||
|
@ -65,7 +65,7 @@ http {
|
||||
ignore_invalid_headers on;
|
||||
|
||||
index index.php;
|
||||
server_tokens off;
|
||||
server_tokens {EXPOSE_WEB_SERVER_INFO};
|
||||
|
||||
include /etc/nginx/http.d/*.conf;
|
||||
}
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -23,6 +23,8 @@ fi
|
||||
ZABBIX_ETC_DIR="/etc/zabbix"
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Nginx main configuration file
|
||||
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -244,14 +246,23 @@ prepare_zbx_web_config() {
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/nginx/nginx.conf"
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx.conf"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"/etc/zabbix/nginx_ssl.conf"
|
||||
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
|
||||
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
|
||||
"$NGINX_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
@ -65,7 +65,7 @@ http {
|
||||
ignore_invalid_headers on;
|
||||
|
||||
index index.php;
|
||||
server_tokens off;
|
||||
server_tokens {EXPOSE_WEB_SERVER_INFO};
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -65,7 +65,7 @@ http {
|
||||
ignore_invalid_headers on;
|
||||
|
||||
index index.php;
|
||||
server_tokens off;
|
||||
server_tokens {EXPOSE_WEB_SERVER_INFO};
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -65,7 +65,7 @@ http {
|
||||
ignore_invalid_headers on;
|
||||
|
||||
index index.php;
|
||||
server_tokens off;
|
||||
server_tokens {EXPOSE_WEB_SERVER_INFO};
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
@ -1,5 +1,8 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
@ -30,6 +30,7 @@ ZBX_SERVER_NAME=Composed installation
|
||||
# ZBX_GUI_ACCESS_IP_RANGE=['127.0.0.1']
|
||||
# ZBX_GUI_WARNING_MSG=Zabbix is under maintenance.
|
||||
# HTTP_INDEX_FILE=index.php
|
||||
# EXPOSE_WEB_SERVER_INFO=on
|
||||
|
||||
# PHP_FPM_PM=dynamic
|
||||
# PHP_FPM_PM_MAX_CHILDREN=50
|
||||
|
Loading…
Reference in New Issue
Block a user