mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2025-08-19 12:54:15 +02:00
Optimized structure for Dockerfiles
This commit is contained in:
@@ -0,0 +1,74 @@
|
||||
server {
|
||||
listen 8080;
|
||||
listen [::]:8080;
|
||||
|
||||
server_name zabbix;
|
||||
index index.php;
|
||||
|
||||
access_log /dev/fd/1 main;
|
||||
error_log /dev/fd/2 notice;
|
||||
|
||||
set $webroot '/usr/share/zabbix';
|
||||
|
||||
root $webroot;
|
||||
|
||||
large_client_header_buffers 8 8k;
|
||||
client_max_body_size 10M;
|
||||
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
# caching of files
|
||||
location ~* \.ico$ {
|
||||
expires 1y;
|
||||
}
|
||||
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
|
||||
expires 14d;
|
||||
}
|
||||
|
||||
location ~ /(app\/|conf[^\.]|include\/|local\/|locale\/) {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location ~ .php$ {
|
||||
fastcgi_pass unix:/tmp/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_ignore_client_abort off;
|
||||
fastcgi_connect_timeout 60;
|
||||
fastcgi_send_timeout 180;
|
||||
fastcgi_read_timeout {FCGI_READ_TIMEOUT};
|
||||
fastcgi_buffer_size 128k;
|
||||
fastcgi_buffers 4 256k;
|
||||
fastcgi_busy_buffers_size 256k;
|
||||
fastcgi_temp_file_write_size 256k;
|
||||
}
|
||||
}
|
@@ -0,0 +1,101 @@
|
||||
server {
|
||||
listen 8443 ssl http2;
|
||||
listen [::]:8443 ssl http2;
|
||||
|
||||
server_name zabbix;
|
||||
server_name_in_redirect off;
|
||||
|
||||
index index.php;
|
||||
access_log /dev/fd/1 main;
|
||||
error_log /dev/fd/2 error;
|
||||
|
||||
set $webroot '/usr/share/zabbix';
|
||||
|
||||
root $webroot;
|
||||
|
||||
large_client_header_buffers 8 8k;
|
||||
|
||||
client_max_body_size 10M;
|
||||
|
||||
ssl_certificate /etc/ssl/nginx/ssl.crt;
|
||||
ssl_certificate_key /etc/ssl/nginx/ssl.key;
|
||||
ssl_dhparam /etc/ssl/nginx/dhparam.pem;
|
||||
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
# intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
|
||||
|
||||
location =/nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location = /favicon.ico {
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
# caching of files
|
||||
location ~* \.ico$ {
|
||||
expires 1y;
|
||||
}
|
||||
|
||||
location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
|
||||
expires 14d;
|
||||
}
|
||||
|
||||
location ~ /(app\/|conf[^\.]|include\/|local\/|locale\/) {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location ~ .php$ {
|
||||
fastcgi_pass unix:/tmp/php-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_ignore_client_abort off;
|
||||
fastcgi_connect_timeout 60;
|
||||
fastcgi_send_timeout 180;
|
||||
fastcgi_read_timeout {FCGI_READ_TIMEOUT};
|
||||
fastcgi_buffer_size 128k;
|
||||
fastcgi_buffers 4 256k;
|
||||
fastcgi_busy_buffers_size 256k;
|
||||
fastcgi_temp_file_write_size 256k;
|
||||
}
|
||||
}
|
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
/*
|
||||
** Zabbix
|
||||
** Copyright (C) 2001-2016 Zabbix SIA
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU General Public License as published by
|
||||
** the Free Software Foundation; either version 2 of the License, or
|
||||
** (at your option) any later version.
|
||||
**
|
||||
** This program is distributed in the hope that it will be useful,
|
||||
** but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
** GNU General Public License for more details.
|
||||
**
|
||||
** You should have received a copy of the GNU General Public License
|
||||
** along with this program; if not, write to the Free Software
|
||||
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
**/
|
||||
|
||||
|
||||
// Maintenance mode
|
||||
if (getenv('ZBX_DENY_GUI_ACCESS') == 'true') {
|
||||
define('ZBX_DENY_GUI_ACCESS', 1);
|
||||
|
||||
// IP range, who are allowed to connect to FrontEnd
|
||||
$ip_range = str_replace("'","\"",getenv('ZBX_GUI_ACCESS_IP_RANGE'));
|
||||
$ZBX_GUI_ACCESS_IP_RANGE = (json_decode($ip_range)) ? json_decode($ip_range, true) : array();
|
||||
|
||||
// MSG shown on Warning screen!
|
||||
$_REQUEST['warning_msg'] = getenv('ZBX_GUI_WARNING_MSG');
|
||||
}
|
@@ -0,0 +1,50 @@
|
||||
<?php
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url, true) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
Reference in New Issue
Block a user