extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-08-18 12:29:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized structure for Dockerfiles

Browse Source
This commit is contained in:
Alexey Pustovalov
2021-10-05 18:59:11 +02:00
parent 2876d5e30f cbce7bfc21
commit 2b75a2a3a5
565 changed files with 550 additions and 602 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfiles/web-apache-mysql/alpine/conf/etc/php7/conf.d/99-zabbix.ini Normal file
View File

@@ -0,0 +1,8 @@
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
memory_limit = ${ZBX_MEMORYLIMIT}
post_max_size = ${ZBX_POSTMAXSIZE}
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1
max_input_vars = 10000
date.timezone = ${PHP_TZ}

61
Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf Normal file
View File

@@ -0,0 +1,61 @@
<VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/
ServerName zabbix
DirectoryIndex index.php
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
<Directory "/usr/share/zabbix">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "/usr/share/zabbix/conf">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/app">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/include">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/local">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/locale">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/vendor">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
</VirtualHost>

88
Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf Normal file
View File

@@ -0,0 +1,88 @@
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Listen 8443
<IfModule mod_ssl.c>
<VirtualHost *:8443>
DocumentRoot /usr/share/zabbix/
ServerName zabbix
DirectoryIndex index.php
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
# Enable/Disable SSL for this virtual host.
SSLEngine on
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLCertificateFile /etc/ssl/apache2/ssl.crt
SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
# SSLCACertificatePath /etc/ssl/apache2/chain/
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
Header always set Strict-Transport-Security "max-age=63072000"
<Directory "/usr/share/zabbix">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "/usr/share/zabbix/conf">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/app">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/include">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/local">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/locale">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/vendor">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
</VirtualHost>
</IfModule>

32
Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/maintenance.inc.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
/*
** Zabbix
** Copyright (C) 2001-2016 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
// Maintenance mode
if (getenv('ZBX_DENY_GUI_ACCESS') == 'true') {
define('ZBX_DENY_GUI_ACCESS', 1);
// IP range, who are allowed to connect to FrontEnd
$ip_range = str_replace("'","\"",getenv('ZBX_GUI_ACCESS_IP_RANGE'));
$ZBX_GUI_ACCESS_IP_RANGE = (json_decode($ip_range)) ? json_decode($ip_range, true) : array();
// MSG shown on Warning screen!
$_REQUEST['warning_msg'] = getenv('ZBX_GUI_WARNING_MSG');
}

50
Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php Normal file
View File

@@ -0,0 +1,50 @@
<?php
// Zabbix GUI configuration file.
global $DB, $HISTORY;
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url, true) : $history_url;
// Value types stored in Elasticsearch.
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();