extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-08-09 08:35:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added encryption support between server and frontend

Browse Source
This commit is contained in:
Alexey Pustovalov
2025-06-26 17:08:19 +09:00
parent dc7086ede0
commit 39b04c8215
70 changed files with 890 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfiles/proxy-mysql/README.md
View File

@ -219,6 +219,7 @@ ZBX_UNREACHABLEPERIOD=45
ZBX_UNAVAILABLEDELAY=60
ZBX_UNREACHABLEDELAY=15
ZBX_LOGSLOWQUERIES=3000
ZBX_TLSLISTEN= # Available since 7.4.0
ZBX_TLSCONNECT=unencrypted
ZBX_TLSACCEPT=unencrypted
ZBX_TLSCAFILE=

2
Dockerfiles/proxy-sqlite3/README.md
View File

@ -172,6 +172,7 @@ ZBX_UNREACHABLEPERIOD=45
ZBX_UNAVAILABLEDELAY=60
ZBX_UNREACHABLEDELAY=15
ZBX_LOGSLOWQUERIES=3000
ZBX_TLSLISTEN= # Available since 7.4.0
ZBX_TLSCONNECT=unencrypted
ZBX_TLSACCEPT=unencrypted
ZBX_TLSCAFILE=
@ -196,7 +197,6 @@ ZBX_TLSCIPHERPSK13= # Available since 4.4.7
ZBX_WEBDRIVERURL= # Available since 7.0.0
ZBX_STARTBROWSERPOLLERS=1 # Available since 7.0.0
ZBX_STARTSNMPPOLLERS=1 # Available since 7.0.0
```
Default values of these variables are specified after equal sign.

5
Dockerfiles/server-mysql/README.md
View File

@ -208,6 +208,7 @@ ZBX_LOGSLOWQUERIES=3000
ZBX_STARTPROXYPOLLERS=1
ZBX_PROXYCONFIGFREQUENCY=10
ZBX_PROXYDATAFREQUENCY=1
ZBX_TLSLISTEN= # Available since 7.4.0
ZBX_TLSCAFILE=
ZBX_TLSCA=
ZBX_TLSCRLFILE=
@ -222,6 +223,10 @@ ZBX_TLSCIPHERCERT= # Available since 4.4.7
ZBX_TLSCIPHERCERT13= # Available since 4.4.7
ZBX_TLSCIPHERPSK= # Available since 4.4.7
ZBX_TLSCIPHERPSK13= # Available since 4.4.7
ZBX_TLS_FRONTENDACCEPT= # Available since 7.4.0
ZBX_FRONTENDALLOWEDIP= # Available since 7.4.0
ZBX_TLSFRONTENDCERTISSUER= # Available since 7.4.0
ZBX_TLSFRONTENDCERTSUBJECT= # Available since 7.4.0
ZBX_WEBDRIVERURL= # Available since 7.0.0
ZBX_STARTBROWSERPOLLERS=1 # Available since 7.0.0
ZBX_STARTSNMPPOLLERS=1 # Available since 7.0.0

5
Dockerfiles/server-pgsql/README.md
View File

@ -209,6 +209,7 @@ ZBX_LOGSLOWQUERIES=3000
ZBX_STARTPROXYPOLLERS=1
ZBX_PROXYCONFIGFREQUENCY=10
ZBX_PROXYDATAFREQUENCY=1
ZBX_TLSLISTEN= # Available since 7.4.0
ZBX_TLSCAFILE=
ZBX_TLSCA=
ZBX_TLSCRLFILE=
@ -223,6 +224,10 @@ ZBX_TLSCIPHERCERT= # Available since 4.4.7
ZBX_TLSCIPHERCERT13= # Available since 4.4.7
ZBX_TLSCIPHERPSK= # Available since 4.4.7
ZBX_TLSCIPHERPSK13= # Available since 4.4.7
ZBX_TLS_FRONTENDACCEPT= # Available since 7.4.0
ZBX_FRONTENDALLOWEDIP= # Available since 7.4.0
ZBX_TLSFRONTENDCERTISSUER= # Available since 7.4.0
ZBX_TLSFRONTENDCERTSUBJECT= # Available since 7.4.0
ZBX_WEBDRIVERURL= # Available since 7.0.0
ZBX_STARTBROWSERPOLLERS=1 # Available since 7.0.0
ZBX_STARTSNMPPOLLERS=1 # Available since 7.0.0

14
Dockerfiles/web-apache-mysql/README.md
View File

@ -241,6 +241,16 @@ ZBX_VAULTDBPATH= # Available since 5.2.0
ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
VAULT_TOKEN= # Available since 5.2.0
ZBX_SERVER_TLS_ACTIVE=false # Available since 7.4.0
ZBX_SERVER_TLS_CAFILE= # Available since 7.4.0
ZBX_SERVER_TLS_CA= # Available since 7.4.0
ZBX_SERVER_TLS_KEYFILE= # Available since 7.4.0
ZBX_SERVER_TLS_KEY= # Available since 7.4.0
ZBX_SERVER_TLS_CERTFILE= # Available since 7.4.0
ZBX_SERVER_TLS_CERT= # Available since 7.4.0
ZBX_SERVER_TLS_CERT_ISSUER= # Available since 7.4.0
ZBX_SERVER_TLS_CERT_SUBJECT= # Available since 7.4.0
Allowed PHP-FPM configuration options:
PHP_FPM_PM=dynamic
PHP_FPM_PM_MAX_CHILDREN=50
@ -262,6 +272,10 @@ Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
### ``/var/lib/zabbix/enc``
The volume is used to store TLS related files. These file names are specified using ``ZBX_SERVER_TLS_CAFILE``, ``ZBX_SERVER_TLS_KEYFILE`` and ``ZBX_SERVER_TLS_CERTFILE`` variables. Additionally it is possible to use environment variables ``ZBX_SERVER_TLS_CA``, ``ZBX_SERVER_TLS_KEY`` and ``ZBX_SERVER_TLS_CERT`` with plaintext values. Available since 7.4.0.
# The image variants
The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case.

11
Dockerfiles/web-apache-mysql/alpine/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -77,11 +78,13 @@ RUN set -eux && \
--uid 1997 \
--ingroup zabbix \
--shell /sbin/nologin \
--home /var/lib/zabbix/ \
--home ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
rm -f "/etc/apache2/conf.d/default.conf" && \
rm -f "/etc/apache2/conf.d/ssl.conf" && \
rm -f "/etc/apache2/conf.d/info.conf" && \
@ -103,9 +106,9 @@ RUN set -eux && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chgrp -R 0 /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chmod -R g=u /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR} /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR} /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR} /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/

7
Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -66,6 +69,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
check_variables() {
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
@ -254,6 +273,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-apache-mysql/centos/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -88,11 +89,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
rm -f "/etc/httpd/conf.d/default.conf" && \
rm -f "/etc/httpd/conf.d/ssl.conf" && \
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
@ -115,9 +118,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chown --quiet -R zabbix:root /run/httpd/ /var/lib/php/session/ && \
chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \
chmod -R g=u /run/httpd/ /var/lib/php/session/ && \

7
Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -66,6 +69,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
check_variables() {
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
@ -254,6 +273,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-apache-mysql/ol/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -80,11 +81,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
rm -f "/etc/httpd/conf.d/default.conf" && \
rm -f "/etc/httpd/conf.d/ssl.conf" && \
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
@ -107,9 +110,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chown --quiet -R zabbix:root /run/httpd/ /var/lib/php/session/ && \
chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \
chmod -R g=u /run/httpd/ /var/lib/php/session/ && \

7
Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -66,6 +69,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
check_variables() {
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
@ -254,6 +273,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-apache-mysql/ubuntu/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -70,11 +71,13 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR}/ \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
find /etc/ -name '*.dpkg-dist' | xargs rm -f && \
rm -f /etc/apache2/sites-available/* && \
@ -98,9 +101,9 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/fpm/ && \
chgrp -R 0 /etc/apache2/ /etc/php/8.3/fpm/ && \
chmod -R g=u /etc/apache2/ /etc/php/8.3/fpm/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/apache2/ /etc/php/8.3/fpm/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/apache2/ /etc/php/8.3/fpm/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/apache2/ /etc/php/8.3/fpm/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/

7
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -66,6 +69,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
check_variables() {
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
@ -254,6 +273,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

14
Dockerfiles/web-apache-pgsql/README.md
View File

@ -241,6 +241,16 @@ ZBX_VAULTDBPATH= # Available since 5.2.0
ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
VAULT_TOKEN= # Available since 5.2.0
ZBX_SERVER_TLS_ACTIVE=false # Available since 7.4.0
ZBX_SERVER_TLS_CAFILE= # Available since 7.4.0
ZBX_SERVER_TLS_CA= # Available since 7.4.0
ZBX_SERVER_TLS_KEYFILE= # Available since 7.4.0
ZBX_SERVER_TLS_KEY= # Available since 7.4.0
ZBX_SERVER_TLS_CERTFILE= # Available since 7.4.0
ZBX_SERVER_TLS_CERT= # Available since 7.4.0
ZBX_SERVER_TLS_CERT_ISSUER= # Available since 7.4.0
ZBX_SERVER_TLS_CERT_SUBJECT= # Available since 7.4.0
Allowed PHP-FPM configuration options:
PHP_FPM_PM=dynamic
PHP_FPM_PM_MAX_CHILDREN=50
@ -262,6 +272,10 @@ Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
### ``/var/lib/zabbix/enc``
The volume is used to store TLS related files. These file names are specified using ``ZBX_SERVER_TLS_CAFILE``, ``ZBX_SERVER_TLS_KEYFILE`` and ``ZBX_SERVER_TLS_CERTFILE`` variables. Additionally it is possible to use environment variables ``ZBX_SERVER_TLS_CA``, ``ZBX_SERVER_TLS_KEY`` and ``ZBX_SERVER_TLS_CERT`` with plaintext values. Available since 7.4.0.
# The image variants
The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case.

11
Dockerfiles/web-apache-pgsql/alpine/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -76,11 +77,13 @@ RUN set -eux && \
--uid 1997 \
--ingroup zabbix \
--shell /sbin/nologin \
--home /var/lib/zabbix/ \
--home ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
rm -f "/etc/apache2/conf.d/default.conf" && \
rm -f "/etc/apache2/conf.d/ssl.conf" && \
rm -f "/etc/apache2/conf.d/info.conf" && \
@ -102,9 +105,9 @@ RUN set -eux && \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chgrp -R 0 /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chmod -R g=u /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR} /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR} /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR} /etc/apache2/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/

7
Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

29
Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -24,7 +27,7 @@ fi
# DefaultRuntimeDir configuration option value
export APACHE_RUN_DIR="/tmp/apache2"
# Default directories
# Apache main configuration file
HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
@ -66,6 +69,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -253,6 +272,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-apache-pgsql/centos/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -88,11 +89,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
rm -f "/etc/httpd/conf.d/default.conf" && \
rm -f "/etc/httpd/conf.d/ssl.conf" && \
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
@ -115,9 +118,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chown --quiet -R zabbix:root /run/httpd/ /var/lib/php/session/ && \
chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \
chmod -R g=u /run/httpd/ /var/lib/php/session/ && \

7
Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

29
Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -24,7 +27,7 @@ fi
# DefaultRuntimeDir configuration option value
export APACHE_RUN_DIR="/tmp/httpd"
# Default directories
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
@ -66,6 +69,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -253,6 +272,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-apache-pgsql/ol/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -81,11 +82,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
rm -f "/etc/httpd/conf.d/default.conf" && \
rm -f "/etc/httpd/conf.d/ssl.conf" && \
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
@ -108,9 +111,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
chown --quiet -R zabbix:root /run/httpd/ /var/lib/php/session/ && \
chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \
chmod -R g=u /run/httpd/ /var/lib/php/session/ && \

7
Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

51
Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -24,7 +27,7 @@ fi
# DefaultRuntimeDir configuration option value
export APACHE_RUN_DIR="/tmp/httpd"
# Default directories
# Apache main configuration file
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
@ -66,6 +69,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -140,28 +159,6 @@ check_db_connect() {
unset PGSSLKEY
}
prepare_web_server() {
APACHE_SITES_DIR=/etc/httpd/conf.d
echo "** Adding Zabbix virtual host (HTTP)"
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache.conf" "$APACHE_SITES_DIR/zabbix.conf"
else
echo "**** Impossible to enable HTTP virtual host"
fi
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
echo "** Adding Zabbix virtual host (HTTPS)"
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
else
echo "**** Impossible to enable HTTPS virtual host"
fi
else
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
fi
}
prepare_web_server() {
if [ "$(id -u)" == '0' ]; then
export APACHE_RUN_USER=${DAEMON_USER}
@ -275,6 +272,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -69,11 +70,13 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR}/ \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
find /etc/ -name '*.dpkg-dist' | xargs rm -f && \
rm -f /etc/apache2/sites-available/* && \
@ -97,9 +100,9 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/fpm/ && \
chgrp -R 0 /etc/apache2/ /etc/php/8.3/fpm/ && \
chmod -R g=u /etc/apache2/ /etc/php/8.3/fpm/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/apache2/ /etc/php/8.3/fpm/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/apache2/ /etc/php/8.3/fpm/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/apache2/ /etc/php/8.3/fpm/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/

7
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -66,6 +69,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -253,6 +272,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

14
Dockerfiles/web-nginx-mysql/README.md
View File

@ -242,6 +242,16 @@ ZBX_VAULTDBPATH= # Available since 5.2.0
ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
VAULT_TOKEN= # Available since 5.2.0
ZBX_SERVER_TLS_ACTIVE=false # Available since 7.4.0
ZBX_SERVER_TLS_CAFILE= # Available since 7.4.0
ZBX_SERVER_TLS_CA= # Available since 7.4.0
ZBX_SERVER_TLS_KEYFILE= # Available since 7.4.0
ZBX_SERVER_TLS_KEY= # Available since 7.4.0
ZBX_SERVER_TLS_CERTFILE= # Available since 7.4.0
ZBX_SERVER_TLS_CERT= # Available since 7.4.0
ZBX_SERVER_TLS_CERT_ISSUER= # Available since 7.4.0
ZBX_SERVER_TLS_CERT_SUBJECT= # Available since 7.4.0
Allowed PHP-FPM configuration options:
PHP_FPM_PM=dynamic
PHP_FPM_PM_MAX_CHILDREN=50
@ -263,6 +273,10 @@ Please follow official Nginx [documentation](http://nginx.org/en/docs/http/confi
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
### ``/var/lib/zabbix/enc``
The volume is used to store TLS related files. These file names are specified using ``ZBX_SERVER_TLS_CAFILE``, ``ZBX_SERVER_TLS_KEYFILE`` and ``ZBX_SERVER_TLS_CERTFILE`` variables. Additionally it is possible to use environment variables ``ZBX_SERVER_TLS_CA``, ``ZBX_SERVER_TLS_KEY`` and ``ZBX_SERVER_TLS_CERT`` with plaintext values. Available since 7.4.0.
# The image variants
The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case.

11
Dockerfiles/web-nginx-mysql/alpine/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -77,11 +78,13 @@ RUN set -eux && \
--uid 1997 \
--ingroup zabbix \
--shell /sbin/nologin \
--home /var/lib/zabbix/ \
--home ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -rf /etc/php84/php-fpm.d/www.conf && \
rm -f /etc/nginx/http.d/*.conf && \
@ -101,9 +104,9 @@ RUN set -eux && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chgrp -R 0 /etc/nginx/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chmod -R g=u /etc/nginx/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chown --quiet -R zabbix:root /var/lib/php/session/ /var/lib/nginx/ && \
chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \
chmod -R g=u /var/lib/php/session/ /var/lib/nginx/
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /var/lib/php/session/ /var/lib/nginx/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /var/lib/php/session/ /var/lib/nginx/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /var/lib/php/session/ /var/lib/nginx/
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1

7
Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
check_variables() {
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
@ -280,6 +299,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-nginx-mysql/centos/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -86,11 +87,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -f /etc/nginx/conf.d/*.conf && \
rm -f /etc/php-fpm.d/www.conf && \
@ -110,9 +113,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/ && \

7
Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
check_variables() {
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
@ -280,6 +299,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-nginx-mysql/ol/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -79,11 +80,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -f /etc/nginx/conf.d/*.conf && \
rm -f /etc/php-fpm.d/www.conf && \
@ -103,9 +106,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/ && \

7
Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
check_variables() {
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
@ -280,6 +299,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-nginx-mysql/rhel/Dockerfile
View File

@ -17,6 +17,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL description="Zabbix web-interface based on Nginx web server with MySQL database support" \
@ -116,11 +117,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -f /etc/nginx/conf.d/*.conf && \
rm -f /etc/php-fpm.conf.rpmnew && \
@ -141,9 +144,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/ && \

7
Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
check_variables() {
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
@ -280,6 +299,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -69,11 +70,13 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -f /etc/nginx/conf.d/*.conf && \
rm -rf /var/cache/nginx/ && \
@ -98,9 +101,9 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chgrp -R 0 /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chmod -R g=u /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/

7
Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for MySQL database
check_variables() {
if [ ! -n "${DB_SERVER_SOCKET}" ]; then
@ -280,6 +299,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

14
Dockerfiles/web-nginx-pgsql/README.md
View File

@ -241,6 +241,16 @@ ZBX_VAULTDBPATH= # Available since 5.2.0
ZBX_VAULTURL=https://127.0.0.1:8200 # Available since 5.2.0
VAULT_TOKEN= # Available since 5.2.0
ZBX_SERVER_TLS_ACTIVE=false # Available since 7.4.0
ZBX_SERVER_TLS_CAFILE= # Available since 7.4.0
ZBX_SERVER_TLS_CA= # Available since 7.4.0
ZBX_SERVER_TLS_KEYFILE= # Available since 7.4.0
ZBX_SERVER_TLS_KEY= # Available since 7.4.0
ZBX_SERVER_TLS_CERTFILE= # Available since 7.4.0
ZBX_SERVER_TLS_CERT= # Available since 7.4.0
ZBX_SERVER_TLS_CERT_ISSUER= # Available since 7.4.0
ZBX_SERVER_TLS_CERT_SUBJECT= # Available since 7.4.0
Allowed PHP-FPM configuration options:
PHP_FPM_PM=dynamic
PHP_FPM_PM_MAX_CHILDREN=50
@ -262,6 +272,10 @@ Please follow official Nginx [documentation](http://nginx.org/en/docs/http/confi
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
### ``/var/lib/zabbix/enc``
The volume is used to store TLS related files. These file names are specified using ``ZBX_SERVER_TLS_CAFILE``, ``ZBX_SERVER_TLS_KEYFILE`` and ``ZBX_SERVER_TLS_CERTFILE`` variables. Additionally it is possible to use environment variables ``ZBX_SERVER_TLS_CA``, ``ZBX_SERVER_TLS_KEY`` and ``ZBX_SERVER_TLS_CERT`` with plaintext values. Available since 7.4.0.
# The image variants
The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case.

11
Dockerfiles/web-nginx-pgsql/alpine/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -76,11 +77,13 @@ RUN set -eux && \
--uid 1997 \
--ingroup zabbix \
--shell /sbin/nologin \
--home /var/lib/zabbix/ \
--home ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -rf /etc/php84/php-fpm.d/www.conf && \
rm -f /etc/nginx/http.d/*.conf && \
@ -100,9 +103,9 @@ RUN set -eux && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chgrp -R 0 /etc/nginx/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chmod -R g=u /etc/nginx/ /etc/php84/php-fpm.d/ /etc/php84/php-fpm.conf && \
chown --quiet -R zabbix:root /var/lib/php/session/ /var/lib/nginx/ && \
chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \
chmod -R g=u /var/lib/php/session/ /var/lib/nginx/
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /var/lib/php/session/ /var/lib/nginx/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /var/lib/php/session/ /var/lib/nginx/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /var/lib/php/session/ /var/lib/nginx/
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
CMD curl -f http://localhost:8080/ping || exit 1

7
Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -279,6 +298,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-nginx-pgsql/centos/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -86,11 +87,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -f /etc/nginx/conf.d/*.conf && \
rm -f /etc/php-fpm.d/www.conf && \
@ -110,9 +113,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/ && \

7
Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

74
Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -280,54 +299,13 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp"
fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-nginx-pgsql/ol/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -80,11 +81,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -f /etc/nginx/conf.d/*.conf && \
rm -f /etc/php-fpm.d/www.conf && \
@ -104,9 +107,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/ && \

7
Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

74
Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -280,54 +299,13 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp"
fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-nginx-pgsql/rhel/Dockerfile
View File

@ -18,6 +18,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL description="Zabbix web-interface based on Nginx web server with PostgreSQL database support" \
@ -117,11 +118,13 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -f /etc/nginx/conf.d/*.conf && \
rm -f /etc/php-fpm.conf.rpmnew && \
@ -142,9 +145,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/ && \

7
Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

27
Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -279,6 +298,14 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

11
Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
View File

@ -15,6 +15,7 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
ENV TERM=xterm \
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
ZABBIX_CONF_DIR="/etc/zabbix" \
ZABBIX_USER_HOME_DIR="/var/lib/zabbix" \
ZABBIX_WWW_ROOT="/usr/share/zabbix"
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
@ -69,11 +70,13 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
-g zabbix \
--uid 1997 \
--shell /sbin/nologin \
--home-dir /var/lib/zabbix/ \
--home-dir ${ZABBIX_USER_HOME_DIR} \
zabbix && \
mkdir -p ${ZABBIX_CONF_DIR} && \
mkdir -p ${ZABBIX_CONF_DIR}/web && \
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc && \
mkdir -p ${ZABBIX_USER_HOME_DIR}/enc_internal && \
mkdir -p /var/lib/php/session && \
rm -f /etc/nginx/conf.d/*.conf && \
rm -rf /var/cache/nginx/ && \
@ -98,9 +101,9 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
chown --quiet -R zabbix:root /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chgrp -R 0 /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chmod -R g=u /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chown --quiet -R zabbix:root ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chgrp -R 0 ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chmod -R g=u ${ZABBIX_USER_HOME_DIR}/ /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
chown --quiet -R zabbix:root /var/lib/php/session/ && \
chgrp -R 0 /var/lib/php/session/ && \
chmod -R g=u /var/lib/php/session/

7
Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -105,3 +105,10 @@ $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$ALLOW_HTTP_AUTH = getenv('ZBX_ALLOW_HTTP_AUTH') == 'true' ? true: false;
$ZBX_SERVER_TLS['ACTIVE'] = getenv('ZBX_SERVER_TLS_ACTIVE') == 'true' ? '1': '0';
$ZBX_SERVER_TLS['CA_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CAFILE')) ? getenv('ZBX_SERVER_TLS_CAFILE') : '';
$ZBX_SERVER_TLS['KEY_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_KEYFILE')) ? getenv('ZBX_SERVER_TLS_KEYFILE') : '';
$ZBX_SERVER_TLS['CERT_FILE'] = file_exists(getenv('ZBX_SERVER_TLS_CERTFILE')) ? getenv('ZBX_SERVER_TLS_CERTFILE') : '';
$ZBX_SERVER_TLS['CERTIFICATE_ISSUER'] = getenv('ZBX_SERVER_TLS_CERT_ISSUER');
$ZBX_SERVER_TLS['CERTIFICATE_SUBJECT'] = getenv('ZBX_SERVER_TLS_CERT_SUBJECT');

74
Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh
View File

@ -9,6 +9,9 @@ if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# Default Zabbix installation name
# Used only by Zabbix web-interface
: ${ZBX_SERVER_NAME:="Zabbix docker"}
@ -63,6 +66,22 @@ file_env() {
unset "$fileVar"
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
export "$var_name"="$file_name"
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables() {
file_env POSTGRES_USER
@ -280,54 +299,13 @@ prepare_zbx_php_config() {
: ${ZBX_ALLOW_HTTP_AUTH:="true"}
export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
rm -f "/tmp/defines.inc.php_tmp"
fi
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
: ${HTTP_INDEX_FILE:="index.php"}
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx.conf"
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
sed -i \
-e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
sed -i \
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${ENABLE_WEB_ACCESS_LOG:="true"}
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"$ZABBIX_CONF_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
: ${ZBX_SERVER_TLS_ACTIVE:="0"}
export ZBX_SERVER_TLS_ACTIVE=${ZBX_SERVER_TLS_ACTIVE}
file_process_from_env "ZBX_SERVER_TLS_CAFILE" "${ZBX_SERVER_TLS_CAFILE}" "${ZBX_SERVER_TLS_CA}"
file_process_from_env "ZBX_SERVER_TLS_KEYFILE" "${ZBX_SERVER_TLS_KEYFILE}" "${ZBX_SERVER_TLS_KEY}"
file_process_from_env "ZBX_SERVER_TLS_CERTFILE" "${ZBX_SERVER_TLS_CERTFILE}" "${ZBX_SERVER_TLS_CERT}"
export ZBX_SERVER_TLS_CERT_ISSUER=${ZBX_SERVER_TLS_CERT_ISSUER}
export ZBX_SERVER_TLS_CERT_SUBJECT=${ZBX_SERVER_TLS_CERT_SUBJECT}
}
prepare_zbx_config() {

2
compose_zabbix_components.yaml
View File

@ -316,6 +316,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- ${DATA_DIRECTORY}/etc/ssl/apache2:/etc/ssl/apache2:ro
- ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
- ${DATA_DIRECTORY}/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
tmpfs:
- /tmp
- /var/lib/php/session:mode=770,uid=1997,gid=1995
@ -409,6 +410,7 @@ services:
- /etc/localtime:/etc/localtime:ro
- ${DATA_DIRECTORY}/etc/ssl/nginx:/etc/ssl/nginx:ro
- ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
- ${DATA_DIRECTORY}/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
tmpfs:
- /tmp
- /var/lib/php/session:mode=770,uid=1997,gid=1995

10
config_templates/proxy/zabbix_proxy_tls.conf
View File

@ -99,6 +99,16 @@ TLSPSKIdentity=${ZBX_TLSPSKIDENTITY}
TLSPSKFile=${ZBX_TLSPSKFILE}
### Option: TLSListen
# Setting this option enforces that only encrypted connections are accepted by trappers.
# Supported values:
# required - accept only TLS connections
# Mandatory: no
# Default:
# TLSListen=
TLSListen=${ZBX_TLSLISTEN}
####### For advanced users - TLS ciphersuite selection criteria #######
### Option: TLSCipherCert13

1
config_templates/server/zabbix_server.conf
View File

@ -34,6 +34,7 @@ Include=/etc/zabbix/zabbix_server_snmp_traps.conf
Include=/etc/zabbix/zabbix_server_ssl.conf
Include=/etc/zabbix/zabbix_server_timeouts.conf
Include=/etc/zabbix/zabbix_server_tls.conf
Include=/etc/zabbix/zabbix_server_frontend.conf
Include=/etc/zabbix/zabbix_server_vault.conf
Include=/etc/zabbix/zabbix_server_vmware.conf
Include=/etc/zabbix/zabbix_server_webdriver.conf

45
config_templates/server/zabbix_server_frontend.conf Normal file
View File

@ -0,0 +1,45 @@
### Option: TLSFrontendAccept
# What incoming connections to accept from frontend.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: no
# Default:
# TLSFrontendAccept=unencrypted
TLSFrontendAccept=${ZBX_TLS_FRONTENDACCEPT}
### Option: FrontendAllowedIP
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
# Frontend connection will be accepted only from the addresses listed here if this parameter is set.
# By default all connections are accepted for frontend requests
#
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: FrontendAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# Mandatory: no
# Default:
# FrontendAllowedIP=
FrontendAllowedIP=${ZBX_FRONTENDALLOWEDIP}
### Option: TLSFrontendCertIssuer
# Allowed frontend certificate issuer.
#
# Mandatory: no
# Default:
# TLSFrontendCertIssuer=
TLSFrontendCertIssuer=${ZBX_TLSFRONTENDCERTISSUER}
### Option: TLSFrontendCertSubject
# Allowed frontend certificate subject.
#
# Mandatory: no
# Default:
# TLSFrontendCertSubject=
TLSFrontendCertSubject=${ZBX_TLSFRONTENDCERTSUBJECT}

10
config_templates/server/zabbix_server_tls.conf
View File

@ -37,6 +37,16 @@ TLSCertFile=${ZBX_TLSCERTFILE}
TLSKeyFile=${ZBX_TLSKEYFILE}
### Option: TLSListen
# Setting this option enforces that only encrypted connections are accepted by trappers.
# Supported values:
# required - accept only TLS connections
# Mandatory: no
# Default:
# TLSListen=
TLSListen=${ZBX_TLSLISTEN}
####### For advanced users - TLS ciphersuite selection criteria #######
### Option: TLSCipherCert13

1
env_vars/.env_prx
View File

@ -54,6 +54,7 @@
# ZBX_UNREACHABLEDELAY=15
# ZBX_LOGSLOWQUERIES=3000
# ZBX_LOADMODULE="dummy1.so,dummy2.so,dummy10.so"
# ZBX_TLSLISTEN= # Available since 7.4.0
# ZBX_TLSCONNECT=unencrypted
# ZBX_TLSACCEPT=unencrypted
# ZBX_TLSCAFILE=

7
env_vars/.env_srv
View File

@ -15,7 +15,7 @@
# ZBX_HANODENAME= # Available since 6.0.0
# ZBX_AUTONODEADDRESS=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
# ZBX_NODEADDRESSPORT=10051 # Allowed to use with ZBX_AUTONODEADDRESS variable only. Available since 6.0.0
# ZBX_NODEADDRESS=localhost:10051 # Available since 6.0.0
ZBX_NODEADDRESS=zabbix-server:10051 # Available since 6.0.0
# ZBX_DEBUGLEVEL=3
# ZBX_ENABLEGLOBALSCRIPTS=0 # Available since 7.0.0
# ZBX_STARTAGENTPOLLERS=1 # Available since 7.0.0
@ -70,6 +70,7 @@ ZBX_ENABLE_SNMP_TRAPS=true
# ZBX_PROXYCONFIGFREQUENCY=10
# ZBX_PROXYDATAFREQUENCY=1
# ZBX_LOADMODULE="dummy1.so,dummy2.so,dummy10.so"
# ZBX_TLSLISTEN= # Available since 7.4.0
# ZBX_TLSCAFILE=
# ZBX_TLSCA=
# ZBX_TLSCRLFILE=
@ -78,6 +79,10 @@ ZBX_ENABLE_SNMP_TRAPS=true
# ZBX_TLSCERT=
# ZBX_TLSKEYFILE=
# ZBX_TLSKEY=
# ZBX_TLS_FRONTENDACCEPT=cert # Available since 7.4.0
# ZBX_FRONTENDALLOWEDIP= # Available since 7.4.0
# ZBX_TLSFRONTENDCERTISSUER= # Available since 7.4.0
# ZBX_TLSFRONTENDCERTSUBJECT= # Available since 7.4.0
# ZBX_VAULT=HashiCorp # Available since 6.2.0
# ZBX_VAULTDBPATH=
# ZBX_VAULTTLSCERTFILE= # Available since 6.2.0

9
env_vars/.env_web
View File

@ -18,6 +18,15 @@ ZBX_SERVER_NAME=Composed installation
# ZBX_HISTORYSTORAGETYPES=['uint', 'dbl', 'str', 'text', 'log'] # Available since 3.4.5
# ZBX_SSO_SETTINGS={} # Available since 5.0.0. Then will be converted from JSON to PHP array.
# ZBX_ALLOW_HTTP_AUTH=true # Available since 7.0.0
# ZBX_SERVER_TLS_ACTIVE=false # Available since 7.4.0
# ZBX_SERVER_TLS_CAFILE= # Available since 7.4.0
# ZBX_SERVER_TLS_CA= # Available since 7.4.0
# ZBX_SERVER_TLS_KEYFILE= # Available since 7.4.0
# ZBX_SERVER_TLS_KEY= # Available since 7.4.0
# ZBX_SERVER_TLS_CERTFILE= # Available since 7.4.0
# ZBX_SERVER_TLS_CERT= # Available since 7.4.0
# ZBX_SERVER_TLS_CERT_ISSUER= # Available since 7.4.0
# ZBX_SERVER_TLS_CERT_SUBJECT= # Available since 7.4.0
# ENABLE_WEB_ACCESS_LOG=true
# ZBX_MAXEXECUTIONTIME=600
# ZBX_MEMORYLIMIT=128M