extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-08-09 08:35:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added encryption support between server and frontend

Browse Source
This commit is contained in:
Alexey Pustovalov
2025-06-26 17:08:19 +09:00
parent dc7086ede0
commit 39b04c8215
70 changed files with 890 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -69,11 +70,13 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR}/ \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
find /etc/ -name '*.dpkg-dist' | xargs rm -f && \
rm -f /etc/apache2/sites-available/* && \
@ -97,9 +100,9 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/fpm/ && \
chgrp -R 0 /etc/apache2/ /etc/php/8.3/fpm/ && \
chmod -R g=u /etc/apache2/ /etc/php/8.3/fpm/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/apache2/ /etc/php/8.3/fpm/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/apache2/ /etc/php/8.3/fpm/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/apache2/ /etc/php/8.3/fpm/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/

7
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -66,6 +69,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -253,6 +272,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {