mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2024-11-22 07:43:47 +01:00
Use env variables in Zabbix web images
This commit is contained in:
Alexey Pustovalov
commit
448c247ae3
@ -1,5 +1,8 @@
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# What is Zabbix?
|
||||
|
||||
Zabbix is an enterprise-class open source distributed monitoring solution.
|
||||
|
||||
@ -190,6 +190,10 @@ The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/apache2``
|
||||
@ -198,6 +202,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
max_execution_time=300
|
||||
memory_limit=128M
|
||||
post_max_size=16M
|
||||
upload_max_filesize=2M
|
||||
max_input_time=300
|
||||
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
|
||||
memory_limit = ${ZBX_MEMORYLIMIT}
|
||||
post_max_size = ${ZBX_POSTMAXSIZE}
|
||||
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
|
||||
max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars=10000
|
||||
; date.timezone=Europe/Riga
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'MYSQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -57,67 +57,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# Check prerequisites for MySQL database
|
||||
check_variables() {
|
||||
: ${DB_SERVER_HOST:="mysql-server"}
|
||||
@ -229,54 +168,38 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini"
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}"
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -190,6 +190,10 @@ The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/apache2``
|
||||
@ -198,6 +202,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 50
|
||||
pm.start_servers = 5
|
||||
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time]= 300
|
||||
php_value[memory_limit]= 128M
|
||||
php_value[post_max_size]= 16M
|
||||
php_value[upload_max_filesize]= 2M
|
||||
php_value[max_input_time]= 300
|
||||
php_value[max_input_vars]= 10000
|
||||
; php_value[date.timezone]= Europe/Riga
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'MYSQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -57,67 +57,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# Check prerequisites for MySQL database
|
||||
check_variables() {
|
||||
: ${DB_SERVER_HOST:="mysql-server"}
|
||||
@ -229,21 +168,10 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
@ -251,39 +179,36 @@ prepare_zbx_web_config() {
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -190,6 +190,10 @@ The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/apache2``
|
||||
@ -198,6 +202,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -1,9 +1,8 @@
|
||||
max_execution_time=300
|
||||
memory_limit=128M
|
||||
post_max_size=16M
|
||||
upload_max_filesize=2M
|
||||
max_input_time=300
|
||||
always_populate_raw_post_date=-1
|
||||
max_input_vars=10000
|
||||
; date.timezone=Europe/Riga
|
||||
;session.save_path=/var/lib/php/session
|
||||
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
|
||||
memory_limit = ${ZBX_MEMORYLIMIT}
|
||||
post_max_size = ${ZBX_POSTMAXSIZE}
|
||||
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
|
||||
max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'MYSQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -57,67 +57,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# Check prerequisites for MySQL database
|
||||
check_variables() {
|
||||
: ${DB_SERVER_HOST:="mysql-server"}
|
||||
@ -229,55 +168,38 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php/7.4/apache2/conf.d/99-zabbix.ini"
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}"
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
|
||||
|
||||
The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/apache2``
|
||||
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
max_execution_time=300
|
||||
memory_limit=128M
|
||||
post_max_size=16M
|
||||
upload_max_filesize=2M
|
||||
max_input_time=300
|
||||
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
|
||||
memory_limit = ${ZBX_MEMORYLIMIT}
|
||||
post_max_size = ${ZBX_POSTMAXSIZE}
|
||||
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
|
||||
max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars=10000
|
||||
; date.timezone=Europe/Riga
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'POSTGRESQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -57,67 +57,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -213,54 +152,38 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini"
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}"
|
||||
export DB_SERVER_TYPE="POSTGRESQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
|
||||
|
||||
The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/apache2``
|
||||
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 50
|
||||
pm.start_servers = 5
|
||||
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time]= 300
|
||||
php_value[memory_limit]= 128M
|
||||
php_value[post_max_size]= 16M
|
||||
php_value[upload_max_filesize]= 2M
|
||||
php_value[max_input_time]= 300
|
||||
php_value[max_input_vars]= 10000
|
||||
; php_value[date.timezone]= Europe/Riga
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'POSTGRESQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -60,67 +60,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -216,21 +155,10 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
@ -238,39 +166,36 @@ prepare_zbx_web_config() {
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_SERVER_TYPE="POSTGRESQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
|
||||
|
||||
The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/apache2``
|
||||
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -1,9 +1,8 @@
|
||||
max_execution_time=300
|
||||
memory_limit=128M
|
||||
post_max_size=16M
|
||||
upload_max_filesize=2M
|
||||
max_input_time=300
|
||||
always_populate_raw_post_date=-1
|
||||
max_input_vars=10000
|
||||
; date.timezone=Europe/Riga
|
||||
session.save_path=/var/lib/php/sessions
|
||||
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
|
||||
memory_limit = ${ZBX_MEMORYLIMIT}
|
||||
post_max_size = ${ZBX_POSTMAXSIZE}
|
||||
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
|
||||
max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'POSTGRESQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -60,68 +60,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -221,55 +159,38 @@ clear_deploy() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php/7.4/apache2/conf.d/99-zabbix.ini"
|
||||
export DB_SERVER_TYPE="POSTGRESQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}"
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -191,6 +191,10 @@ The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/nginx``
|
||||
@ -199,6 +203,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 50
|
||||
pm.start_servers = 5
|
||||
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time]= 300
|
||||
php_value[memory_limit]= 128M
|
||||
php_value[post_max_size]= 16M
|
||||
php_value[upload_max_filesize]= 2M
|
||||
php_value[max_input_time]= 300
|
||||
php_value[max_input_vars]= 10000
|
||||
; php_value[date.timezone]= Europe/Riga
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'MYSQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -59,83 +59,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
update_config_multiple_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
|
||||
var_value="${var_value%\"}"
|
||||
var_value="${var_value#\"}"
|
||||
|
||||
local IFS=,
|
||||
local OPT_LIST=($var_value)
|
||||
|
||||
for value in "${OPT_LIST[@]}"; do
|
||||
update_config_var $config_path $var_name $value true
|
||||
done
|
||||
}
|
||||
|
||||
# Check prerequisites for MySQL database
|
||||
check_variables() {
|
||||
: ${DB_SERVER_HOST:="mysql-server"}
|
||||
@ -164,7 +87,7 @@ check_variables() {
|
||||
[ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true
|
||||
|
||||
# If root password is not specified use provided credentials
|
||||
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}....
|
||||
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}
|
||||
[ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}}
|
||||
DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"}
|
||||
DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"}
|
||||
@ -249,22 +172,10 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf"
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
@ -272,39 +183,36 @@ prepare_zbx_web_config() {
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -193,6 +193,10 @@ The variable allows to activate host verification. Available since 5.0.0.
|
||||
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
|
||||
>>>>>>> master
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/nginx``
|
||||
@ -201,6 +205,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 50
|
||||
pm.start_servers = 5
|
||||
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time]= 300
|
||||
php_value[memory_limit]= 128M
|
||||
php_value[post_max_size]= 16M
|
||||
php_value[upload_max_filesize]= 2M
|
||||
php_value[max_input_time]= 300
|
||||
php_value[max_input_vars]= 10000
|
||||
; php_value[date.timezone]= Europe/Riga
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'MYSQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -59,83 +59,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
update_config_multiple_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
|
||||
var_value="${var_value%\"}"
|
||||
var_value="${var_value#\"}"
|
||||
|
||||
local IFS=,
|
||||
local OPT_LIST=($var_value)
|
||||
|
||||
for value in "${OPT_LIST[@]}"; do
|
||||
update_config_var $config_path $var_name $value true
|
||||
done
|
||||
}
|
||||
|
||||
# Check prerequisites for MySQL database
|
||||
check_variables() {
|
||||
: ${DB_SERVER_HOST:="mysql-server"}
|
||||
@ -164,7 +87,7 @@ check_variables() {
|
||||
[ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true
|
||||
|
||||
# If root password is not specified use provided credentials
|
||||
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}....
|
||||
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}
|
||||
[ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}}
|
||||
DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"}
|
||||
DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"}
|
||||
@ -249,22 +172,10 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
@ -272,39 +183,36 @@ prepare_zbx_web_config() {
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -193,6 +193,10 @@ The variable allows to activate host verification. Available since 5.0.0.
|
||||
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
|
||||
>>>>>>> master
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/nginx``
|
||||
@ -201,6 +205,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 50
|
||||
pm.start_servers = 5
|
||||
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time]= 300
|
||||
php_value[memory_limit]= 128M
|
||||
php_value[post_max_size]= 16M
|
||||
php_value[upload_max_filesize]= 2M
|
||||
php_value[max_input_time]= 300
|
||||
php_value[max_input_vars]= 10000
|
||||
; php_value[date.timezone]= Europe/Riga
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'MYSQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -59,83 +59,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
update_config_multiple_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
|
||||
var_value="${var_value%\"}"
|
||||
var_value="${var_value#\"}"
|
||||
|
||||
local IFS=,
|
||||
local OPT_LIST=($var_value)
|
||||
|
||||
for value in "${OPT_LIST[@]}"; do
|
||||
update_config_var $config_path $var_name $value true
|
||||
done
|
||||
}
|
||||
|
||||
# Check prerequisites for MySQL database
|
||||
check_variables() {
|
||||
: ${DB_SERVER_HOST:="mysql-server"}
|
||||
@ -164,7 +87,7 @@ check_variables() {
|
||||
[ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true
|
||||
|
||||
# If root password is not specified use provided credentials
|
||||
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}....
|
||||
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}
|
||||
[ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}}
|
||||
DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"}
|
||||
DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"}
|
||||
@ -249,22 +172,10 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf"
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
@ -272,39 +183,36 @@ prepare_zbx_web_config() {
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
|
||||
|
||||
The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/nginx``
|
||||
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 50
|
||||
pm.start_servers = 5
|
||||
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time]= 300
|
||||
php_value[memory_limit]= 128M
|
||||
php_value[post_max_size]= 16M
|
||||
php_value[upload_max_filesize]= 2M
|
||||
php_value[max_input_time]= 300
|
||||
php_value[max_input_vars]= 10000
|
||||
; php_value[date.timezone]= Europe/Riga
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'POSTGRESQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -62,83 +62,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
update_config_multiple_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
|
||||
var_value="${var_value%\"}"
|
||||
var_value="${var_value#\"}"
|
||||
|
||||
local IFS=,
|
||||
local OPT_LIST=($var_value)
|
||||
|
||||
for value in "${OPT_LIST[@]}"; do
|
||||
update_config_var $config_path $var_name $value true
|
||||
done
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -235,22 +158,10 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf"
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
@ -258,39 +169,34 @@ prepare_zbx_web_config() {
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_SERVER_TYPE="POSTGRESQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
|
||||
|
||||
The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/nginx``
|
||||
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 50
|
||||
pm.start_servers = 5
|
||||
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time]= 300
|
||||
php_value[memory_limit]= 128M
|
||||
php_value[post_max_size]= 16M
|
||||
php_value[upload_max_filesize]= 2M
|
||||
php_value[max_input_time]= 300
|
||||
php_value[max_input_vars]= 10000
|
||||
; php_value[date.timezone]= Europe/Riga
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'POSTGRESQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -62,83 +62,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
update_config_multiple_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
|
||||
var_value="${var_value%\"}"
|
||||
var_value="${var_value#\"}"
|
||||
|
||||
local IFS=,
|
||||
local OPT_LIST=($var_value)
|
||||
|
||||
for value in "${OPT_LIST[@]}"; do
|
||||
update_config_var $config_path $var_name $value true
|
||||
done
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -235,22 +158,10 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
@ -258,39 +169,34 @@ prepare_zbx_web_config() {
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_SERVER_TYPE="POSTGRESQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -59,7 +59,7 @@ RUN set -eux && \
|
||||
rm -rf /var/cache/nginx/ && \
|
||||
rm -f /etc/php/7.4/fpm/pool.d/www.conf && \
|
||||
ln -sf /dev/fd/2 /var/log/nginx/error.log && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y purge curl gpg dirmngr gpg-agent && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y purge gpg dirmngr gpg-agent && \
|
||||
apt-get -y autoremove && \
|
||||
apt-get -y clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
|
||||
|
||||
The variable allows to activate host verification. Available since 5.0.0.
|
||||
|
||||
## `ZBX_SSO_SETTINGS`
|
||||
|
||||
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
|
||||
|
||||
## Allowed volumes for the Zabbix web interface container
|
||||
|
||||
### ``/etc/ssl/nginx``
|
||||
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
|
||||
|
||||
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
|
||||
|
||||
### ``/etc/zabbix/web/certs``
|
||||
|
||||
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
|
||||
|
||||
# The image variants
|
||||
|
||||
The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case.
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 50
|
||||
pm.start_servers = 5
|
||||
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time]= 300
|
||||
php_value[memory_limit]= 128M
|
||||
php_value[post_max_size]= 16M
|
||||
php_value[upload_max_filesize]= 2M
|
||||
php_value[max_input_time]= 300
|
||||
php_value[max_input_vars]= 10000
|
||||
; php_value[date.timezone]= Europe/Riga
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'POSTGRESQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -62,83 +62,6 @@ file_env() {
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
escape_spec_char() {
|
||||
local var_value=$1
|
||||
|
||||
var_value="${var_value//\\/\\\\}"
|
||||
var_value="${var_value//[$'\n']/}"
|
||||
var_value="${var_value//\//\\/}"
|
||||
var_value="${var_value//./\\.}"
|
||||
var_value="${var_value//\*/\\*}"
|
||||
var_value="${var_value//^/\\^}"
|
||||
var_value="${var_value//\$/\\\$}"
|
||||
var_value="${var_value//\&/\\\&}"
|
||||
var_value="${var_value//\[/\\[}"
|
||||
var_value="${var_value//\]/\\]}"
|
||||
|
||||
echo "$var_value"
|
||||
}
|
||||
|
||||
update_config_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
local is_multiple=$4
|
||||
|
||||
if [ ! -f "$config_path" ]; then
|
||||
echo "**** Configuration file '$config_path' does not exist"
|
||||
return
|
||||
fi
|
||||
|
||||
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
|
||||
|
||||
# Remove configuration parameter definition in case of unset parameter value
|
||||
if [ -z "$var_value" ]; then
|
||||
sed -i -e "/^$var_name=/d" "$config_path"
|
||||
echo "removed"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove value from configuration parameter in case of double quoted parameter value
|
||||
if [ "$var_value" == '""' ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
|
||||
echo "undefined"
|
||||
return
|
||||
fi
|
||||
|
||||
# Escaping characters in parameter value and name
|
||||
var_value=$(escape_spec_char "$var_value")
|
||||
var_name=$(escape_spec_char "$var_name")
|
||||
|
||||
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
|
||||
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
|
||||
echo "updated"
|
||||
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
|
||||
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
|
||||
echo "added first occurrence"
|
||||
else
|
||||
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
|
||||
echo "added"
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
update_config_multiple_var() {
|
||||
local config_path=$1
|
||||
local var_name=$2
|
||||
local var_value=$3
|
||||
|
||||
var_value="${var_value%\"}"
|
||||
var_value="${var_value#\"}"
|
||||
|
||||
local IFS=,
|
||||
local OPT_LIST=($var_value)
|
||||
|
||||
for value in "${OPT_LIST[@]}"; do
|
||||
update_config_var $config_path $var_name $value true
|
||||
done
|
||||
}
|
||||
|
||||
# Check prerequisites for PostgreSQL database
|
||||
check_variables() {
|
||||
file_env POSTGRES_USER
|
||||
@ -235,22 +158,10 @@ prepare_web_server() {
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf"
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
@ -258,39 +169,34 @@ prepare_zbx_web_config() {
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_SERVER_TYPE="POSTGRESQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = dynamic
|
||||
pm.max_children = 50
|
||||
pm.start_servers = 5
|
||||
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time]= 300
|
||||
php_value[memory_limit]= 128M
|
||||
php_value[post_max_size]= 16M
|
||||
php_value[upload_max_filesize]= 2M
|
||||
php_value[max_input_time]= 300
|
||||
php_value[max_input_vars]= 10000
|
||||
; php_value[date.timezone]= Europe/Riga
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
nodaemon = true
|
||||
|
||||
[program:nginx]
|
||||
command = /usr/sbin/%(program_name)s -g "daemon off;" -c /etc/nginx/%(program_name)s.conf
|
||||
command = /usr/sbin/%(program_name)s -g "daemon off;error_log /dev/stdout info;" -c /etc/nginx/%(program_name)s.conf
|
||||
auto_start = true
|
||||
autorestart = true
|
||||
|
||||
|
||||
@ -2,37 +2,49 @@
|
||||
// Zabbix GUI configuration file.
|
||||
global $DB, $HISTORY;
|
||||
|
||||
$DB['TYPE'] = 'MYSQL';
|
||||
$DB['SERVER'] = '{DB_SERVER_HOST}';
|
||||
$DB['PORT'] = '{DB_SERVER_PORT}';
|
||||
$DB['DATABASE'] = '{DB_SERVER_DBNAME}';
|
||||
$DB['USER'] = '{DB_SERVER_USER}';
|
||||
$DB['PASSWORD'] = '{DB_SERVER_PASS}';
|
||||
$DB['TYPE'] = getenv('DB_SERVER_TYPE');
|
||||
$DB['SERVER'] = getenv('DB_SERVER_HOST');
|
||||
$DB['PORT'] = getenv('DB_SERVER_PORT');
|
||||
$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
|
||||
$DB['USER'] = getenv('DB_SERVER_USER');
|
||||
$DB['PASSWORD'] = getenv('DB_SERVER_PASS');
|
||||
|
||||
// Schema name. Used for IBM DB2 and PostgreSQL.
|
||||
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}';
|
||||
$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
|
||||
|
||||
$ZBX_SERVER = '{ZBX_SERVER_HOST}';
|
||||
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}';
|
||||
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}';
|
||||
$ZBX_SERVER = getenv('ZBX_SERVER_HOST');
|
||||
$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
|
||||
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
|
||||
|
||||
// Used for TLS connection.
|
||||
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION};
|
||||
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}';
|
||||
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}';
|
||||
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}';
|
||||
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST};
|
||||
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}';
|
||||
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
|
||||
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
|
||||
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
|
||||
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
|
||||
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
|
||||
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
|
||||
|
||||
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
|
||||
// This option is enabled by default for new Zabbix installations.
|
||||
// For upgraded installations, please read database upgrade notes before enabling this option.
|
||||
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754};
|
||||
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
|
||||
|
||||
|
||||
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
|
||||
|
||||
// Elasticsearch url (can be string if same url is used for all types).
|
||||
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}';
|
||||
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
|
||||
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
|
||||
// Value types stored in Elasticsearch.
|
||||
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES};
|
||||
$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
|
||||
|
||||
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
|
||||
|
||||
// Used for SAML authentication.
|
||||
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
|
||||
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
|
||||
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
|
||||
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
|
||||
|
||||
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
|
||||
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();
|
||||
|
||||
@ -527,22 +527,10 @@ update_zbx_config() {
|
||||
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
local server_name=""
|
||||
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
ZBX_WWW_ROOT="/usr/share/zabbix"
|
||||
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
|
||||
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
@ -550,40 +538,37 @@ prepare_zbx_web_config() {
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
|
||||
|
||||
# Escaping characters in parameter value
|
||||
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
|
||||
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
|
||||
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
|
||||
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
|
||||
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST="localhost"
|
||||
export ZBX_SERVER_PORT="10051"
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
|
||||
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
|
||||
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
|
||||
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
sed -i \
|
||||
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
|
||||
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
|
||||
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
|
||||
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
|
||||
-e "s/{DB_SERVER_USER}/$server_user/g" \
|
||||
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
|
||||
-e "s/{ZBX_SERVER_HOST}/localhost/g" \
|
||||
-e "s/{ZBX_SERVER_PORT}/10051/g" \
|
||||
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
|
||||
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
|
||||
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
|
||||
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
|
||||
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
|
||||
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
|
||||
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
|
||||
"$ZBX_WEB_CONFIG"
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZBX_WWW_ROOT/include/defines.inc.php"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user