extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-08-09 08:35:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added encryption support between server and frontend

Browse Source
This commit is contained in:
Alexey Pustovalov
2025-06-26 17:08:19 +09:00
parent dc7086ede0
commit 39b04c8215
70 changed files with 890 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -280,54 +299,13 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp"
fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {