extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2024-11-22 07:43:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added EXPOSE_WEB_SERVER_INFO variable to control web server / php versions expose

Browse Source
This commit is contained in:
Alexey Pustovalov 2024-02-06 17:54:37 +09:00
parent 562976f010
commit 2910cfd3f6
45 changed files with 298 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfiles/web-apache-mysql/README.md
View File

@ -134,12 +134,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
### `ENABLE_WEB_ACCESS_LOG` ### `ENABLE_WEB_ACCESS_LOG`
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output. The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
### `HTTP_INDEX_FILE` ### `HTTP_INDEX_FILE`
The variable controls default index page. By default, `index.php`. The variable controls default index page. By default, `index.php`.
### `EXPOSE_WEB_SERVER_INFO`
The variable allows to hide Web server and PHP versions. By default, `on`.
### `ZBX_MAXEXECUTIONTIME` ### `ZBX_MAXEXECUTIONTIME`
The varable is PHP ``max_execution_time`` option. By default, value is `300`. The varable is PHP ``max_execution_time`` option. By default, value is `300`.

2
Dockerfiles/web-apache-mysql/alpine/conf/etc/php81/conf.d/99-zabbix.ini
View File

@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1 ; always_populate_raw_post_data=-1
max_input_vars = 10000 max_input_vars = 10000
date.timezone = ${PHP_TZ} date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

18
Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -226,8 +228,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/httpd.conf" "$HTTPD_CONF_FILE"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################

3
Dockerfiles/web-apache-mysql/centos/conf/etc/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

18
Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -242,8 +244,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/httpd/conf/httpd.conf" "$HTTPD_CONF_FILE"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################

3
Dockerfiles/web-apache-mysql/ol/conf/etc/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

18
Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -242,8 +244,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/httpd/conf/httpd.conf" "$HTTPD_CONF_FILE"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################

2
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini
View File

@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1 ; always_populate_raw_post_data=-1
max_input_vars = 10000 max_input_vars = 10000
date.timezone = ${PHP_TZ} date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

18
Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -226,11 +228,25 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/apache2.conf" "$HTTPD_CONF_FILE"
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/conf-available/other-vhosts-access-log.conf" "/etc/apache2/conf-available/other-vhosts-access-log.conf"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################

6
Dockerfiles/web-apache-pgsql/README.md
View File

@ -138,12 +138,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
### `ENABLE_WEB_ACCESS_LOG` ### `ENABLE_WEB_ACCESS_LOG`
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output. The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
### `HTTP_INDEX_FILE` ### `HTTP_INDEX_FILE`
The variable controls default index page. By default, `index.php`. The variable controls default index page. By default, `index.php`.
### `EXPOSE_WEB_SERVER_INFO`
The variable allows to hide Web server and PHP versions. By default, `on`.
### `ZBX_MAXEXECUTIONTIME` ### `ZBX_MAXEXECUTIONTIME`
The varable is PHP ``max_execution_time`` option. By default, value is `300`. The varable is PHP ``max_execution_time`` option. By default, value is `300`.

2
Dockerfiles/web-apache-pgsql/alpine/conf/etc/php81/conf.d/99-zabbix.ini
View File

@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1 ; always_populate_raw_post_data=-1
max_input_vars = 10000 max_input_vars = 10000
date.timezone = ${PHP_TZ} date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

18
Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -213,8 +215,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/httpd.conf" "$HTTPD_CONF_FILE"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################

3
Dockerfiles/web-apache-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

18
Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -229,8 +231,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/httpd/conf/httpd.conf" "$HTTPD_CONF_FILE"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################

3
Dockerfiles/web-apache-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

18
Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -229,8 +231,22 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/httpd/conf/httpd.conf" "$HTTPD_CONF_FILE"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################

2
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini
View File

@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1 ; always_populate_raw_post_data=-1
max_input_vars = 10000 max_input_vars = 10000
date.timezone = ${PHP_TZ} date.timezone = ${PHP_TZ}
; https://www.php.net/manual/en/security.hiding.php
expose_php = ${EXPOSE_WEB_SERVER_INFO}

18
Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -217,11 +219,25 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/apache2.conf" "$HTTPD_CONF_FILE"
sed -ri \ sed -ri \
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
"/etc/apache2/conf-available/other-vhosts-access-log.conf" "/etc/apache2/conf-available/other-vhosts-access-log.conf"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
sed -i \
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
"$HTTPD_CONF_FILE"
else
EXPOSE_WEB_SERVER_INFO="on"
fi
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
"$HTTPD_CONF_FILE"
} }
################################################# #################################################

6
Dockerfiles/web-nginx-mysql/README.md
View File

@ -135,12 +135,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
### `ENABLE_WEB_ACCESS_LOG` ### `ENABLE_WEB_ACCESS_LOG`
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output. The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
### `HTTP_INDEX_FILE` ### `HTTP_INDEX_FILE`
The variable controls default index page. By default, `index.php`. The variable controls default index page. By default, `index.php`.
### `EXPOSE_WEB_SERVER_INFO`
The variable allows to hide Web server and PHP versions. By default, `on`.
### `ZBX_MAXEXECUTIONTIME` ### `ZBX_MAXEXECUTIONTIME`
The varable is PHP ``max_execution_time`` option. By default, value is `300`. The varable is PHP ``max_execution_time`` option. By default, value is `300`.

2
Dockerfiles/web-nginx-mysql/alpine/conf/etc/nginx/nginx.conf
View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on; ignore_invalid_headers on;
index index.php; index index.php;
server_tokens off; server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/http.d/*.conf; include /etc/nginx/http.d/*.conf;
} }

3
Dockerfiles/web-nginx-mysql/alpine/conf/etc/php81/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

19
Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -214,7 +216,7 @@ prepare_zbx_web_config() {
export VAULT_TOKEN=${VAULT_TOKEN} export VAULT_TOKEN=${VAULT_TOKEN}
export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE} export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE} export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
: ${DB_DOUBLE_IEEE754:="true"} : ${DB_DOUBLE_IEEE754:="true"}
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,} export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf" "$NGINX_CONF_FILE"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf" "$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf" "$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
################################################# #################################################

2
Dockerfiles/web-nginx-mysql/centos/conf/etc/nginx/nginx.conf
View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on; ignore_invalid_headers on;
index index.php; index index.php;
server_tokens off; server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
} }

3
Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

17
Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf" "$NGINX_CONF_FILE"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf" "$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf" "$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
################################################# #################################################

2
Dockerfiles/web-nginx-mysql/ol/conf/etc/nginx/nginx.conf
View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on; ignore_invalid_headers on;
index index.php; index index.php;
server_tokens off; server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
} }

3
Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

17
Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf" "$NGINX_CONF_FILE"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf" "$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf" "$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
################################################# #################################################

2
Dockerfiles/web-nginx-mysql/rhel/conf/etc/nginx/nginx.conf
View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on; ignore_invalid_headers on;
index index.php; index index.php;
server_tokens off; server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
} }

3
Dockerfiles/web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

17
Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf" "$NGINX_CONF_FILE"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf" "$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf" "$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
################################################# #################################################

2
Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/nginx/nginx.conf
View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on; ignore_invalid_headers on;
index index.php; index index.php;
server_tokens off; server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
} }

3
Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

17
Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf" "$NGINX_CONF_FILE"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf" "$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf" "$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
################################################# #################################################

6
Dockerfiles/web-nginx-pgsql/README.md
View File

@ -138,12 +138,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
### `ENABLE_WEB_ACCESS_LOG` ### `ENABLE_WEB_ACCESS_LOG`
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output. The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
### `HTTP_INDEX_FILE` ### `HTTP_INDEX_FILE`
The variable controls default index page. By default, `index.php`. The variable controls default index page. By default, `index.php`.
### `EXPOSE_WEB_SERVER_INFO`
The variable allows to hide Web server and PHP versions. By default, `on`.
### `ZBX_MAXEXECUTIONTIME` ### `ZBX_MAXEXECUTIONTIME`
The varable is PHP ``max_execution_time`` option. By default, value is `300`. The varable is PHP ``max_execution_time`` option. By default, value is `300`.

2
Dockerfiles/web-nginx-pgsql/alpine/conf/etc/nginx/nginx.conf
View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on; ignore_invalid_headers on;
index index.php; index index.php;
server_tokens off; server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/http.d/*.conf; include /etc/nginx/http.d/*.conf;
} }

3
Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php81/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

17
Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh
View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix" ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory # Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix" ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT] # usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix' # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -244,14 +246,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf" "$NGINX_CONF_FILE"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf" "$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \ sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf" "$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
} }
################################################# #################################################

2
Dockerfiles/web-nginx-pgsql/centos/conf/etc/nginx/nginx.conf
View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on; ignore_invalid_headers on;
index index.php; index index.php;
server_tokens off; server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
} }

3
Dockerfiles/web-nginx-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

2
Dockerfiles/web-nginx-pgsql/ol/conf/etc/nginx/nginx.conf
View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on; ignore_invalid_headers on;
index index.php; index index.php;
server_tokens off; server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
} }

3
Dockerfiles/web-nginx-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

2
Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/nginx/nginx.conf
View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on; ignore_invalid_headers on;
index index.php; index index.php;
server_tokens off; server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
} }

3
Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf
View File

@ -1,5 +1,8 @@
[zabbix] [zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no clear_env = no

1
env_vars/.env_web
View File

@ -30,6 +30,7 @@ ZBX_SERVER_NAME=Composed installation
# ZBX_GUI_ACCESS_IP_RANGE=['127.0.0.1'] # ZBX_GUI_ACCESS_IP_RANGE=['127.0.0.1']
# ZBX_GUI_WARNING_MSG=Zabbix is under maintenance. # ZBX_GUI_WARNING_MSG=Zabbix is under maintenance.
# HTTP_INDEX_FILE=index.php # HTTP_INDEX_FILE=index.php
# EXPOSE_WEB_SERVER_INFO=on
# PHP_FPM_PM=dynamic # PHP_FPM_PM=dynamic
# PHP_FPM_PM_MAX_CHILDREN=50 # PHP_FPM_PM_MAX_CHILDREN=50