mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2025-08-09 08:35:05 +02:00
Added encryption support between server and frontend
This commit is contained in:
Alexey Pustovalov
@ -241,6 +241,16 @@ ZBX_VAULTDBPATH= # Available since 5.2.0
|
||||
ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
|
||||
VAULT_TOKEN= # Available since 5.2.0
|
||||
|
||||
ZBX_SERVER_TLS_ACTIVE=false # Available since 7.4.0
|
||||
ZBX_SERVER_TLS_CAFILE= # Available since 7.4.0
|
||||
ZBX_SERVER_TLS_CA= # Available since 7.4.0
|
||||
ZBX_SERVER_TLS_KEYFILE= # Available since 7.4.0
|
||||
ZBX_SERVER_TLS_KEY= # Available since 7.4.0
|
||||
ZBX_SERVER_TLS_CERTFILE= # Available since 7.4.0
|
||||
ZBX_SERVER_TLS_CERT= # Available since 7.4.0
|
||||
ZBX_SERVER_TLS_CERT_ISSUER= # Available since 7.4.0
|
||||
ZBX_SERVER_TLS_CERT_SUBJECT= # Available since 7.4.0
|
||||
|
||||
Allowed PHP-FPM configuration options:
|
||||
PHP_FPM_PM=dynamic
|
||||
PHP_FPM_PM_MAX_CHILDREN=50
|
||||
@ -262,6 +272,10 @@ Please follow official Nginx [documentation](http://nginx.org/en/docs/http/confi
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
### ``/var/lib/zabbix/enc``
|
||||
|
||||
The volume is used to store TLS related files. These file names are specified using ``ZBX_SERVER_TLS_CAFILE``, ``ZBX_SERVER_TLS_KEYFILE`` and ``ZBX_SERVER_TLS_CERTFILE`` variables. Additionally it is possible to use environment variables ``ZBX_SERVER_TLS_CA``, ``ZBX_SERVER_TLS_KEY`` and ``ZBX_SERVER_TLS_CERT`` with plaintext values. Available since 7.4.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
@ -76,11 +77,13 @@ RUN set -eux && \
|
||||
--uid 1997 \
|
||||
--ingroup zabbix \
|
||||
--shell /sbin/nologin \
|
||||
--home /var/lib/zabbix/ \
|
||||
--home ${ZABBIX_USER_HOME_DIR} \
|
||||
zabbix && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR} && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
|
||||
mkdir -p /var/lib/php/session && \
|
||||
rm -rf /etc/php84/php-fpm.d/www.conf && \
|
||||
rm -f /etc/nginx/http.d/*.conf && \
|
||||
@ -100,9 +103,9 @@ RUN set -eux && \
|
||||
chown --quiet -R zabbix:root /etc/nginx/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
|
||||
chgrp -R 0 /etc/nginx/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
|
||||
chmod -R g=u /etc/nginx/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
|
||||
chown --quiet -R zabbix:root /var/lib/php/session/ /var/lib/nginx/ && \
|
||||
chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \
|
||||
chmod -R g=u /var/lib/php/session/ /var/lib/nginx/
|
||||
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /var/lib/php/session/ /var/lib/nginx/ && \
|
||||
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /var/lib/php/session/ /var/lib/nginx/ && \
|
||||
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /var/lib/php/session/ /var/lib/nginx/
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
||||
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
|
||||
|
||||
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
|
||||
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
|
||||
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');
|
||||
|
||||
@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
|
||||
set -o xtrace
|
||||
fi
|
||||
|
||||
# Internal directory for TLS related files, used when TLS*File specified as plain text values
|
||||
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
|
||||
|
||||
# Default Zabbix installation name
|
||||
# Used only by Zabbix web-interface
|
||||
: ${ZBX_SERVER_NAME:="Zabbix docker"}
|
||||
@ -63,6 +66,22 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_process_from_env() {
|
||||
local var_name=$1
|
||||
local file_name=$2
|
||||
local var_value=$3
|
||||
|
||||
if [ ! -z "$var_value" ]; then
|
||||
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
|
||||
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
|
||||
fi
|
||||
|
||||
export "$var_name"="$file_name"
|
||||
|
||||
# Remove variable with plain text data
|
||||
unset "${var_name%%FILE}"
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -279,6 +298,14 @@ prepare_zbx_php_config() {
|
||||
|
||||
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
|
||||
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
|
||||
|
||||
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
|
||||
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
|
||||
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
|
||||
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
|
||||
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
|
||||
@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
@ -86,11 +87,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
-g zabbix \
|
||||
--uid 1997 \
|
||||
--shell /sbin/nologin \
|
||||
--home-dir /var/lib/zabbix/ \
|
||||
--home-dir ${ZABBIX_USER_HOME_DIR} \
|
||||
zabbix && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR} && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
|
||||
mkdir -p /var/lib/php/session && \
|
||||
rm -f /etc/nginx/conf.d/*.conf && \
|
||||
rm -f /etc/php-fpm.d/www.conf && \
|
||||
@ -110,9 +113,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chown --quiet -R zabbix:root /var/lib/php/session/ && \
|
||||
chgrp -R 0 /var/lib/php/session/ && \
|
||||
chmod -R g=u /var/lib/php/session/ && \
|
||||
|
||||
@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
||||
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
|
||||
|
||||
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
|
||||
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
|
||||
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');
|
||||
|
||||
@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
|
||||
set -o xtrace
|
||||
fi
|
||||
|
||||
# Internal directory for TLS related files, used when TLS*File specified as plain text values
|
||||
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
|
||||
|
||||
# Default Zabbix installation name
|
||||
# Used only by Zabbix web-interface
|
||||
: ${ZBX_SERVER_NAME:="Zabbix docker"}
|
||||
@ -63,6 +66,22 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_process_from_env() {
|
||||
local var_name=$1
|
||||
local file_name=$2
|
||||
local var_value=$3
|
||||
|
||||
if [ ! -z "$var_value" ]; then
|
||||
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
|
||||
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
|
||||
fi
|
||||
|
||||
export "$var_name"="$file_name"
|
||||
|
||||
# Remove variable with plain text data
|
||||
unset "${var_name%%FILE}"
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -280,54 +299,13 @@ prepare_zbx_php_config() {
|
||||
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
|
||||
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
|
||||
sed -i \
|
||||
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx.conf"
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
|
||||
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
|
||||
"$NGINX_CONF_FILE"
|
||||
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
|
||||
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
|
||||
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
|
||||
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
|
||||
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
|
||||
@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
@ -80,11 +81,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
-g zabbix \
|
||||
--uid 1997 \
|
||||
--shell /sbin/nologin \
|
||||
--home-dir /var/lib/zabbix/ \
|
||||
--home-dir ${ZABBIX_USER_HOME_DIR} \
|
||||
zabbix && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR} && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
|
||||
mkdir -p /var/lib/php/session && \
|
||||
rm -f /etc/nginx/conf.d/*.conf && \
|
||||
rm -f /etc/php-fpm.d/www.conf && \
|
||||
@ -104,9 +107,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chown --quiet -R zabbix:root /var/lib/php/session/ && \
|
||||
chgrp -R 0 /var/lib/php/session/ && \
|
||||
chmod -R g=u /var/lib/php/session/ && \
|
||||
|
||||
@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
||||
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
|
||||
|
||||
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
|
||||
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
|
||||
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');
|
||||
|
||||
@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
|
||||
set -o xtrace
|
||||
fi
|
||||
|
||||
# Internal directory for TLS related files, used when TLS*File specified as plain text values
|
||||
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
|
||||
|
||||
# Default Zabbix installation name
|
||||
# Used only by Zabbix web-interface
|
||||
: ${ZBX_SERVER_NAME:="Zabbix docker"}
|
||||
@ -63,6 +66,22 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_process_from_env() {
|
||||
local var_name=$1
|
||||
local file_name=$2
|
||||
local var_value=$3
|
||||
|
||||
if [ ! -z "$var_value" ]; then
|
||||
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
|
||||
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
|
||||
fi
|
||||
|
||||
export "$var_name"="$file_name"
|
||||
|
||||
# Remove variable with plain text data
|
||||
unset "${var_name%%FILE}"
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -280,54 +299,13 @@ prepare_zbx_php_config() {
|
||||
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
|
||||
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
|
||||
sed -i \
|
||||
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx.conf"
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
|
||||
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
|
||||
"$NGINX_CONF_FILE"
|
||||
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
|
||||
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
|
||||
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
|
||||
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
|
||||
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
|
||||
@ -18,6 +18,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL description="Zabbix web-interface based on Nginx web server with PostgreSQL database support" \
|
||||
@ -117,11 +118,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
-g zabbix \
|
||||
--uid 1997 \
|
||||
--shell /sbin/nologin \
|
||||
--home-dir /var/lib/zabbix/ \
|
||||
--home-dir ${ZABBIX_USER_HOME_DIR} \
|
||||
zabbix && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR} && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
|
||||
mkdir -p /var/lib/php/session && \
|
||||
rm -f /etc/nginx/conf.d/*.conf && \
|
||||
rm -f /etc/php-fpm.conf.rpmnew && \
|
||||
@ -142,9 +145,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chown --quiet -R zabbix:root /var/lib/php/session/ && \
|
||||
chgrp -R 0 /var/lib/php/session/ && \
|
||||
chmod -R g=u /var/lib/php/session/ && \
|
||||
|
||||
@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
||||
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
|
||||
|
||||
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
|
||||
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
|
||||
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');
|
||||
|
||||
@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
|
||||
set -o xtrace
|
||||
fi
|
||||
|
||||
# Internal directory for TLS related files, used when TLS*File specified as plain text values
|
||||
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
|
||||
|
||||
# Default Zabbix installation name
|
||||
# Used only by Zabbix web-interface
|
||||
: ${ZBX_SERVER_NAME:="Zabbix docker"}
|
||||
@ -63,6 +66,22 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_process_from_env() {
|
||||
local var_name=$1
|
||||
local file_name=$2
|
||||
local var_value=$3
|
||||
|
||||
if [ ! -z "$var_value" ]; then
|
||||
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
|
||||
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
|
||||
fi
|
||||
|
||||
export "$var_name"="$file_name"
|
||||
|
||||
# Remove variable with plain text data
|
||||
unset "${var_name%%FILE}"
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -279,6 +298,14 @@ prepare_zbx_php_config() {
|
||||
|
||||
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
|
||||
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
|
||||
|
||||
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
|
||||
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
|
||||
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
|
||||
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
|
||||
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
|
||||
@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
@ -69,11 +70,13 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
-g zabbix \
|
||||
--uid 1997 \
|
||||
--shell /sbin/nologin \
|
||||
--home-dir /var/lib/zabbix/ \
|
||||
--home-dir ${ZABBIX_USER_HOME_DIR} \
|
||||
zabbix && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR} && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
|
||||
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
|
||||
mkdir -p /var/lib/php/session && \
|
||||
rm -f /etc/nginx/conf.d/*.conf && \
|
||||
rm -rf /var/cache/nginx/ && \
|
||||
@ -98,9 +101,9 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
|
||||
chgrp -R 0 /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
|
||||
chmod -R g=u /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
|
||||
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
|
||||
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
|
||||
chown --quiet -R zabbix:root /var/lib/php/session/ && \
|
||||
chgrp -R 0 /var/lib/php/session/ && \
|
||||
chmod -R g=u /var/lib/php/session/
|
||||
|
||||
@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
|
||||
|
||||
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
|
||||
|
||||
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
|
||||
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
|
||||
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
|
||||
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');
|
||||
|
||||
@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
|
||||
set -o xtrace
|
||||
fi
|
||||
|
||||
# Internal directory for TLS related files, used when TLS*File specified as plain text values
|
||||
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
|
||||
|
||||
# Default Zabbix installation name
|
||||
# Used only by Zabbix web-interface
|
||||
: ${ZBX_SERVER_NAME:="Zabbix docker"}
|
||||
@ -63,6 +66,22 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_process_from_env() {
|
||||
local var_name=$1
|
||||
local file_name=$2
|
||||
local var_value=$3
|
||||
|
||||
if [ ! -z "$var_value" ]; then
|
||||
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
|
||||
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
|
||||
fi
|
||||
|
||||
export "$var_name"="$file_name"
|
||||
|
||||
# Remove variable with plain text data
|
||||
unset "${var_name%%FILE}"
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -280,54 +299,13 @@ prepare_zbx_php_config() {
|
||||
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
|
||||
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
|
||||
sed -i \
|
||||
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx.conf"
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"$NGINX_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
|
||||
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
|
||||
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
|
||||
"$NGINX_CONF_FILE"
|
||||
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
|
||||
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
|
||||
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
|
||||
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
|
||||
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
|
||||
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
|
||||
Reference in New Issue
Block a user