Use env variables in Zabbix web images

This commit is contained in:
Alexey Pustovalov 2020-09-11 03:39:21 -04:00
commit 448c247ae3
54 changed files with 956 additions and 1719 deletions

View File

@ -1,5 +1,8 @@
![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png) ![logo](https://assets.zabbix.com/img/logo/zabbix_logo_500x131.png)
![CI](https://github.com/zabbix/zabbix-docker/workflows/CI/badge.svg?branch=trunk&event=release)
![CI](https://github.com/zabbix/zabbix-docker/workflows/CI/badge.svg?branch=trunk&event=push)
# What is Zabbix? # What is Zabbix?
Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is an enterprise-class open source distributed monitoring solution.

View File

@ -190,6 +190,10 @@ The variable allows to activate host verification. Available since 5.0.0.
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/apache2`` ### ``/etc/ssl/apache2``
@ -198,6 +202,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files. Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case. The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case.

View File

@ -1,8 +1,8 @@
max_execution_time=300 max_execution_time = ${ZBX_MAXEXECUTIONTIME}
memory_limit=128M memory_limit = ${ZBX_MEMORYLIMIT}
post_max_size=16M post_max_size = ${ZBX_POSTMAXSIZE}
upload_max_filesize=2M upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
max_input_time=300 max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1 ; always_populate_raw_post_data=-1
max_input_vars=10000 max_input_vars = 10000
; date.timezone=Europe/Riga date.timezone = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'MYSQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -57,67 +57,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
# Check prerequisites for MySQL database # Check prerequisites for MySQL database
check_variables() { check_variables() {
: ${DB_SERVER_HOST:="mysql-server"} : ${DB_SERVER_HOST:="mysql-server"}
@ -229,54 +168,38 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix" export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini" export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" export DB_SERVER_TYPE="MYSQL"
update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" export DB_SERVER_HOST=${DB_SERVER_HOST}
update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" export DB_SERVER_PORT=${DB_SERVER_PORT}
update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
# Escaping characters in parameter value export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \ export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -190,6 +190,10 @@ The variable allows to activate host verification. Available since 5.0.0.
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/apache2`` ### ``/etc/ssl/apache2``
@ -198,6 +202,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files. Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case. The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case.

View File

@ -2,6 +2,8 @@
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no
pm = dynamic pm = dynamic
pm.max_children = 50 pm.max_children = 50
pm.start_servers = 5 pm.start_servers = 5
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
php_value[session.save_handler] = files php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time]= 300 php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit]= 128M php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size]= 16M php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize]= 2M php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time]= 300 php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars]= 10000 php_value[max_input_vars] = 10000
; php_value[date.timezone]= Europe/Riga php_value[date.timezone] = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'MYSQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -57,67 +57,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
# Check prerequisites for MySQL database # Check prerequisites for MySQL database
check_variables() { check_variables() {
: ${DB_SERVER_HOST:="mysql-server"} : ${DB_SERVER_HOST:="mysql-server"}
@ -229,21 +168,10 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix"
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = zabbix" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE"
@ -251,39 +179,36 @@ prepare_zbx_web_config() {
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
fi fi
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
# Escaping characters in parameter value export DB_SERVER_TYPE="MYSQL"
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export DB_SERVER_HOST=${DB_SERVER_HOST}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") export DB_SERVER_PORT=${DB_SERVER_PORT}
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
sed -i \ export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \ export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -190,6 +190,10 @@ The variable allows to activate host verification. Available since 5.0.0.
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/apache2`` ### ``/etc/ssl/apache2``
@ -198,6 +202,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files. Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case. The `zabbix-web-apache-mysql` images come in many flavors, each designed for a specific use case.

View File

@ -1,9 +1,8 @@
max_execution_time=300 max_execution_time = ${ZBX_MAXEXECUTIONTIME}
memory_limit=128M memory_limit = ${ZBX_MEMORYLIMIT}
post_max_size=16M post_max_size = ${ZBX_POSTMAXSIZE}
upload_max_filesize=2M upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
max_input_time=300 max_input_time = ${ZBX_MAXINPUTTIME}
always_populate_raw_post_date=-1 ; always_populate_raw_post_data=-1
max_input_vars=10000 max_input_vars = 10000
; date.timezone=Europe/Riga date.timezone = ${PHP_TZ}
;session.save_path=/var/lib/php/session

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'MYSQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -57,67 +57,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
# Check prerequisites for MySQL database # Check prerequisites for MySQL database
check_variables() { check_variables() {
: ${DB_SERVER_HOST:="mysql-server"} : ${DB_SERVER_HOST:="mysql-server"}
@ -229,55 +168,38 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix" export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
PHP_CONFIG_FILE="/etc/php/7.4/apache2/conf.d/99-zabbix.ini" export DB_SERVER_TYPE="MYSQL"
export DB_SERVER_HOST=${DB_SERVER_HOST}
export DB_SERVER_PORT=${DB_SERVER_PORT}
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}"
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
# Escaping characters in parameter value export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
The variable allows to activate host verification. Available since 5.0.0. The variable allows to activate host verification. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/apache2`` ### ``/etc/ssl/apache2``
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files. Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case. The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case.

View File

@ -1,8 +1,8 @@
max_execution_time=300 max_execution_time = ${ZBX_MAXEXECUTIONTIME}
memory_limit=128M memory_limit = ${ZBX_MEMORYLIMIT}
post_max_size=16M post_max_size = ${ZBX_POSTMAXSIZE}
upload_max_filesize=2M upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
max_input_time=300 max_input_time = ${ZBX_MAXINPUTTIME}
; always_populate_raw_post_data=-1 ; always_populate_raw_post_data=-1
max_input_vars=10000 max_input_vars = 10000
; date.timezone=Europe/Riga date.timezone = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'POSTGRESQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -57,67 +57,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
# Check prerequisites for PostgreSQL database # Check prerequisites for PostgreSQL database
check_variables() { check_variables() {
file_env POSTGRES_USER file_env POSTGRES_USER
@ -213,54 +152,38 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix" export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
PHP_CONFIG_FILE="/etc/php7/conf.d/99-zabbix.ini" export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" export DB_SERVER_TYPE="POSTGRESQL"
update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" export DB_SERVER_HOST=${DB_SERVER_HOST}
update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" export DB_SERVER_PORT=${DB_SERVER_PORT}
update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}" export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
# Escaping characters in parameter value export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}")
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \ export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
The variable allows to activate host verification. Available since 5.0.0. The variable allows to activate host verification. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/apache2`` ### ``/etc/ssl/apache2``
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files. Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case. The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case.

View File

@ -2,6 +2,8 @@
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no
pm = dynamic pm = dynamic
pm.max_children = 50 pm.max_children = 50
pm.start_servers = 5 pm.start_servers = 5
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
php_value[session.save_handler] = files php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time]= 300 php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit]= 128M php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size]= 16M php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize]= 2M php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time]= 300 php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars]= 10000 php_value[max_input_vars] = 10000
; php_value[date.timezone]= Europe/Riga php_value[date.timezone] = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'POSTGRESQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -60,67 +60,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
# Check prerequisites for PostgreSQL database # Check prerequisites for PostgreSQL database
check_variables() { check_variables() {
file_env POSTGRES_USER file_env POSTGRES_USER
@ -216,21 +155,10 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix"
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = zabbix" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE"
@ -238,39 +166,36 @@ prepare_zbx_web_config() {
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
fi fi
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
# Escaping characters in parameter value export DB_SERVER_TYPE="POSTGRESQL"
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export DB_SERVER_HOST=${DB_SERVER_HOST}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") export DB_SERVER_PORT=${DB_SERVER_PORT}
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
sed -i \ export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \ export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
The variable allows to activate host verification. Available since 5.0.0. The variable allows to activate host verification. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/apache2`` ### ``/etc/ssl/apache2``
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files. Please follow official Apache2 [documentation](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case. The `zabbix-web-apache-pgsql` images come in many flavors, each designed for a specific use case.

View File

@ -1,9 +1,8 @@
max_execution_time=300 max_execution_time = ${ZBX_MAXEXECUTIONTIME}
memory_limit=128M memory_limit = ${ZBX_MEMORYLIMIT}
post_max_size=16M post_max_size = ${ZBX_POSTMAXSIZE}
upload_max_filesize=2M upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
max_input_time=300 max_input_time = ${ZBX_MAXINPUTTIME}
always_populate_raw_post_date=-1 ; always_populate_raw_post_data=-1
max_input_vars=10000 max_input_vars = 10000
; date.timezone=Europe/Riga date.timezone = ${PHP_TZ}
session.save_path=/var/lib/php/sessions

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'POSTGRESQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -60,68 +60,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
# Check prerequisites for PostgreSQL database # Check prerequisites for PostgreSQL database
check_variables() { check_variables() {
file_env POSTGRES_USER file_env POSTGRES_USER
@ -221,55 +159,38 @@ clear_deploy() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix" export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php" export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
PHP_CONFIG_FILE="/etc/php/7.4/apache2/conf.d/99-zabbix.ini" export DB_SERVER_TYPE="POSTGRESQL"
export DB_SERVER_HOST=${DB_SERVER_HOST}
export DB_SERVER_PORT=${DB_SERVER_PORT}
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
update_config_var "$PHP_CONFIG_FILE" "max_execution_time" "${ZBX_MAXEXECUTIONTIME:-"600"}" export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
update_config_var "$PHP_CONFIG_FILE" "memory_limit" "${ZBX_MEMORYLIMIT:-"128M"}" export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
update_config_var "$PHP_CONFIG_FILE" "post_max_size" "${ZBX_POSTMAXSIZE:-"16M"}" export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
update_config_var "$PHP_CONFIG_FILE" "upload_max_filesize" "${ZBX_UPLOADMAXFILESIZE:-"2M"}" export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
update_config_var "$PHP_CONFIG_FILE" "max_input_time" "${ZBX_MAXINPUTTIME:-"300"}" export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
update_config_var "$PHP_CONFIG_FILE" "date.timezone" "${PHP_TZ}"
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
# Escaping characters in parameter value export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}")
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}")
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}")
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}")
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
sed -i \
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -191,6 +191,10 @@ The variable allows to activate host verification. Available since 5.0.0.
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/nginx`` ### ``/etc/ssl/nginx``
@ -199,6 +203,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case. The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case.

View File

@ -2,6 +2,8 @@
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no
pm = dynamic pm = dynamic
pm.max_children = 50 pm.max_children = 50
pm.start_servers = 5 pm.start_servers = 5
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
php_value[session.save_handler] = files php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time]= 300 php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit]= 128M php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size]= 16M php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize]= 2M php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time]= 300 php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars]= 10000 php_value[max_input_vars] = 10000
; php_value[date.timezone]= Europe/Riga php_value[date.timezone] = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'MYSQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -59,83 +59,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
update_config_multiple_var() {
local config_path=$1
local var_name=$2
local var_value=$3
var_value="${var_value%\"}"
var_value="${var_value#\"}"
local IFS=,
local OPT_LIST=($var_value)
for value in "${OPT_LIST[@]}"; do
update_config_var $config_path $var_name $value true
done
}
# Check prerequisites for MySQL database # Check prerequisites for MySQL database
check_variables() { check_variables() {
: ${DB_SERVER_HOST:="mysql-server"} : ${DB_SERVER_HOST:="mysql-server"}
@ -164,7 +87,7 @@ check_variables() {
[ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true [ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true
# If root password is not specified use provided credentials # If root password is not specified use provided credentials
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}.... : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}
[ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}}
DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"}
DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"}
@ -249,22 +172,10 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix"
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf" PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = zabbix" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE"
@ -272,39 +183,36 @@ prepare_zbx_web_config() {
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
fi fi
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
# Escaping characters in parameter value export DB_SERVER_TYPE="MYSQL"
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export DB_SERVER_HOST=${DB_SERVER_HOST}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") export DB_SERVER_PORT=${DB_SERVER_PORT}
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
sed -i \ export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \ export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -193,6 +193,10 @@ The variable allows to activate host verification. Available since 5.0.0.
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
>>>>>>> master >>>>>>> master
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/nginx`` ### ``/etc/ssl/nginx``
@ -201,6 +205,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case. The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case.

View File

@ -2,6 +2,8 @@
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no
pm = dynamic pm = dynamic
pm.max_children = 50 pm.max_children = 50
pm.start_servers = 5 pm.start_servers = 5
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
php_value[session.save_handler] = files php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time]= 300 php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit]= 128M php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size]= 16M php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize]= 2M php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time]= 300 php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars]= 10000 php_value[max_input_vars] = 10000
; php_value[date.timezone]= Europe/Riga php_value[date.timezone] = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'MYSQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -59,83 +59,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
update_config_multiple_var() {
local config_path=$1
local var_name=$2
local var_value=$3
var_value="${var_value%\"}"
var_value="${var_value#\"}"
local IFS=,
local OPT_LIST=($var_value)
for value in "${OPT_LIST[@]}"; do
update_config_var $config_path $var_name $value true
done
}
# Check prerequisites for MySQL database # Check prerequisites for MySQL database
check_variables() { check_variables() {
: ${DB_SERVER_HOST:="mysql-server"} : ${DB_SERVER_HOST:="mysql-server"}
@ -164,7 +87,7 @@ check_variables() {
[ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true [ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true
# If root password is not specified use provided credentials # If root password is not specified use provided credentials
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}.... : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}
[ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}}
DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"}
DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"}
@ -249,22 +172,10 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix"
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = zabbix" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE"
@ -272,39 +183,36 @@ prepare_zbx_web_config() {
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
fi fi
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
# Escaping characters in parameter value export DB_SERVER_TYPE="MYSQL"
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export DB_SERVER_HOST=${DB_SERVER_HOST}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") export DB_SERVER_PORT=${DB_SERVER_PORT}
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
sed -i \ export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \ export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -193,6 +193,10 @@ The variable allows to activate host verification. Available since 5.0.0.
The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
>>>>>>> master >>>>>>> master
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/nginx`` ### ``/etc/ssl/nginx``
@ -201,6 +205,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case. The `zabbix-web-nginx-mysql` images come in many flavors, each designed for a specific use case.

View File

@ -2,6 +2,8 @@
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no
pm = dynamic pm = dynamic
pm.max_children = 50 pm.max_children = 50
pm.start_servers = 5 pm.start_servers = 5
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
php_value[session.save_handler] = files php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time]= 300 php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit]= 128M php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size]= 16M php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize]= 2M php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time]= 300 php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars]= 10000 php_value[max_input_vars] = 10000
; php_value[date.timezone]= Europe/Riga php_value[date.timezone] = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'MYSQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -59,83 +59,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
update_config_multiple_var() {
local config_path=$1
local var_name=$2
local var_value=$3
var_value="${var_value%\"}"
var_value="${var_value#\"}"
local IFS=,
local OPT_LIST=($var_value)
for value in "${OPT_LIST[@]}"; do
update_config_var $config_path $var_name $value true
done
}
# Check prerequisites for MySQL database # Check prerequisites for MySQL database
check_variables() { check_variables() {
: ${DB_SERVER_HOST:="mysql-server"} : ${DB_SERVER_HOST:="mysql-server"}
@ -164,7 +87,7 @@ check_variables() {
[ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true [ -n "${MYSQL_USER}" ] && CREATE_ZBX_DB_USER=true
# If root password is not specified use provided credentials # If root password is not specified use provided credentials
: ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}.... : ${DB_SERVER_ROOT_USER:=${MYSQL_USER}}
[ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}} [ "${MYSQL_ALLOW_EMPTY_PASSWORD}" == "true" ] || DB_SERVER_ROOT_PASS=${DB_SERVER_ROOT_PASS:-${MYSQL_PASSWORD}}
DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"} DB_SERVER_ZBX_USER=${MYSQL_USER:-"zabbix"}
DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"} DB_SERVER_ZBX_PASS=${MYSQL_PASSWORD:-"zabbix"}
@ -249,22 +172,10 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix"
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf" PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = zabbix" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE"
@ -272,39 +183,36 @@ prepare_zbx_web_config() {
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
fi fi
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
# Escaping characters in parameter value export DB_SERVER_TYPE="MYSQL"
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export DB_SERVER_HOST=${DB_SERVER_HOST}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") export DB_SERVER_PORT=${DB_SERVER_PORT}
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
sed -i \ export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \ export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
The variable allows to activate host verification. Available since 5.0.0. The variable allows to activate host verification. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/nginx`` ### ``/etc/ssl/nginx``
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case. The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case.

View File

@ -2,6 +2,8 @@
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no
pm = dynamic pm = dynamic
pm.max_children = 50 pm.max_children = 50
pm.start_servers = 5 pm.start_servers = 5
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
php_value[session.save_handler] = files php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time]= 300 php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit]= 128M php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size]= 16M php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize]= 2M php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time]= 300 php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars]= 10000 php_value[max_input_vars] = 10000
; php_value[date.timezone]= Europe/Riga php_value[date.timezone] = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'POSTGRESQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -62,83 +62,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
update_config_multiple_var() {
local config_path=$1
local var_name=$2
local var_value=$3
var_value="${var_value%\"}"
var_value="${var_value#\"}"
local IFS=,
local OPT_LIST=($var_value)
for value in "${OPT_LIST[@]}"; do
update_config_var $config_path $var_name $value true
done
}
# Check prerequisites for PostgreSQL database # Check prerequisites for PostgreSQL database
check_variables() { check_variables() {
file_env POSTGRES_USER file_env POSTGRES_USER
@ -235,22 +158,10 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix"
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf" PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = zabbix" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE"
@ -258,39 +169,34 @@ prepare_zbx_web_config() {
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
fi fi
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
# Escaping characters in parameter value export DB_SERVER_TYPE="POSTGRESQL"
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export DB_SERVER_HOST=${DB_SERVER_HOST}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") export DB_SERVER_PORT=${DB_SERVER_PORT}
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
sed -i \ export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
The variable allows to activate host verification. Available since 5.0.0. The variable allows to activate host verification. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/nginx`` ### ``/etc/ssl/nginx``
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case. The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case.

View File

@ -2,6 +2,8 @@
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no
pm = dynamic pm = dynamic
pm.max_children = 50 pm.max_children = 50
pm.start_servers = 5 pm.start_servers = 5
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
php_value[session.save_handler] = files php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time]= 300 php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit]= 128M php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size]= 16M php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize]= 2M php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time]= 300 php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars]= 10000 php_value[max_input_vars] = 10000
; php_value[date.timezone]= Europe/Riga php_value[date.timezone] = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'POSTGRESQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -62,83 +62,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
update_config_multiple_var() {
local config_path=$1
local var_name=$2
local var_value=$3
var_value="${var_value%\"}"
var_value="${var_value#\"}"
local IFS=,
local OPT_LIST=($var_value)
for value in "${OPT_LIST[@]}"; do
update_config_var $config_path $var_name $value true
done
}
# Check prerequisites for PostgreSQL database # Check prerequisites for PostgreSQL database
check_variables() { check_variables() {
file_env POSTGRES_USER file_env POSTGRES_USER
@ -235,22 +158,10 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix"
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = zabbix" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE"
@ -258,39 +169,34 @@ prepare_zbx_web_config() {
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
fi fi
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
# Escaping characters in parameter value export DB_SERVER_TYPE="POSTGRESQL"
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export DB_SERVER_HOST=${DB_SERVER_HOST}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") export DB_SERVER_PORT=${DB_SERVER_PORT}
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
sed -i \ export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -59,7 +59,7 @@ RUN set -eux && \
rm -rf /var/cache/nginx/ && \ rm -rf /var/cache/nginx/ && \
rm -f /etc/php/7.4/fpm/pool.d/www.conf && \ rm -f /etc/php/7.4/fpm/pool.d/www.conf && \
ln -sf /dev/fd/2 /var/log/nginx/error.log && \ ln -sf /dev/fd/2 /var/log/nginx/error.log && \
DEBIAN_FRONTEND=noninteractive apt-get -y purge curl gpg dirmngr gpg-agent && \ DEBIAN_FRONTEND=noninteractive apt-get -y purge gpg dirmngr gpg-agent && \
apt-get -y autoremove && \ apt-get -y autoremove && \
apt-get -y clean && \ apt-get -y clean && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*

View File

@ -184,6 +184,10 @@ The variable allows to specify the full path to a valid TLS certificate authorit
The variable allows to activate host verification. Available since 5.0.0. The variable allows to activate host verification. Available since 5.0.0.
## `ZBX_SSO_SETTINGS`
The variable allows to specify custom SSO settings in JSON format. Available since 5.0.0.
## Allowed volumes for the Zabbix web interface container ## Allowed volumes for the Zabbix web interface container
### ``/etc/ssl/nginx`` ### ``/etc/ssl/nginx``
@ -192,6 +196,10 @@ The volume allows to enable HTTPS for the Zabbix web interface. The volume must
Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
### ``/etc/zabbix/web/certs``
The volume allows to use custom certificates for SAML authentification. The volume must contains three files ``sp.key``, ``sp.crt`` and ``idp.crt``. Available since 5.0.0.
# The image variants # The image variants
The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case. The `zabbix-web-nginx-pgsql` images come in many flavors, each designed for a specific use case.

View File

@ -2,6 +2,8 @@
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no
pm = dynamic pm = dynamic
pm.max_children = 50 pm.max_children = 50
pm.start_servers = 5 pm.start_servers = 5
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
php_value[session.save_handler] = files php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time]= 300 php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit]= 128M php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size]= 16M php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize]= 2M php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time]= 300 php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars]= 10000 php_value[max_input_vars] = 10000
; php_value[date.timezone]= Europe/Riga php_value[date.timezone] = ${PHP_TZ}

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'POSTGRESQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -62,83 +62,6 @@ file_env() {
unset "$fileVar" unset "$fileVar"
} }
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'... "
# Remove configuration parameter definition in case of unset parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of double quoted parameter value
if [ "$var_value" == '""' ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
echo "undefined"
return
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
update_config_multiple_var() {
local config_path=$1
local var_name=$2
local var_value=$3
var_value="${var_value%\"}"
var_value="${var_value#\"}"
local IFS=,
local OPT_LIST=($var_value)
for value in "${OPT_LIST[@]}"; do
update_config_var $config_path $var_name $value true
done
}
# Check prerequisites for PostgreSQL database # Check prerequisites for PostgreSQL database
check_variables() { check_variables() {
file_env POSTGRES_USER file_env POSTGRES_USER
@ -235,22 +158,10 @@ prepare_web_server() {
} }
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix"
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf" PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = zabbix" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE"
@ -258,39 +169,34 @@ prepare_zbx_web_config() {
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
fi fi
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
# Escaping characters in parameter value export DB_SERVER_TYPE="POSTGRESQL"
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export DB_SERVER_HOST=${DB_SERVER_HOST}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") export DB_SERVER_PORT=${DB_SERVER_PORT}
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT:-"10051"}
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
sed -i \ export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \
-e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"

View File

@ -2,6 +2,8 @@
listen = /tmp/php-fpm.sock listen = /tmp/php-fpm.sock
clear_env = no
pm = dynamic pm = dynamic
pm.max_children = 50 pm.max_children = 50
pm.start_servers = 5 pm.start_servers = 5
@ -16,10 +18,10 @@ php_admin_flag[log_errors] = on
php_value[session.save_handler] = files php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session php_value[session.save_path] = /var/lib/php/session
php_value[max_execution_time]= 300 php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
php_value[memory_limit]= 128M php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
php_value[post_max_size]= 16M php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
php_value[upload_max_filesize]= 2M php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
php_value[max_input_time]= 300 php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
php_value[max_input_vars]= 10000 php_value[max_input_vars] = 10000
; php_value[date.timezone]= Europe/Riga php_value[date.timezone] = ${PHP_TZ}

View File

@ -2,7 +2,7 @@
nodaemon = true nodaemon = true
[program:nginx] [program:nginx]
command = /usr/sbin/%(program_name)s -g "daemon off;" -c /etc/nginx/%(program_name)s.conf command = /usr/sbin/%(program_name)s -g "daemon off;error_log /dev/stdout info;" -c /etc/nginx/%(program_name)s.conf
auto_start = true auto_start = true
autorestart = true autorestart = true

View File

@ -2,37 +2,49 @@
// Zabbix GUI configuration file. // Zabbix GUI configuration file.
global $DB, $HISTORY; global $DB, $HISTORY;
$DB['TYPE'] = 'MYSQL'; $DB['TYPE'] = getenv('DB_SERVER_TYPE');
$DB['SERVER'] = '{DB_SERVER_HOST}'; $DB['SERVER'] = getenv('DB_SERVER_HOST');
$DB['PORT'] = '{DB_SERVER_PORT}'; $DB['PORT'] = getenv('DB_SERVER_PORT');
$DB['DATABASE'] = '{DB_SERVER_DBNAME}'; $DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
$DB['USER'] = '{DB_SERVER_USER}'; $DB['USER'] = getenv('DB_SERVER_USER');
$DB['PASSWORD'] = '{DB_SERVER_PASS}'; $DB['PASSWORD'] = getenv('DB_SERVER_PASS');
// Schema name. Used for IBM DB2 and PostgreSQL. // Schema name. Used for IBM DB2 and PostgreSQL.
$DB['SCHEMA'] = '{DB_SERVER_SCHEMA}'; $DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
$ZBX_SERVER = '{ZBX_SERVER_HOST}'; $ZBX_SERVER = getenv('ZBX_SERVER_HOST');
$ZBX_SERVER_PORT = '{ZBX_SERVER_PORT}'; $ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
$ZBX_SERVER_NAME = '{ZBX_SERVER_NAME}'; $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection. // Used for TLS connection.
$DB['ENCRYPTION'] = {ZBX_DB_ENCRYPTION}; $DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = '{ZBX_DB_KEY_FILE}'; $DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = '{ZBX_DB_CERT_FILE}'; $DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = '{ZBX_DB_CA_FILE}'; $DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = {ZBX_DB_VERIFY_HOST}; $DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = '{ZBX_DB_CIPHER_LIST}'; $DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations. // This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option. // For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = {DB_DOUBLE_IEEE754}; $DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types). // Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = '{ZBX_HISTORYSTORAGEURL}'; $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
$HISTORY['url'] = (json_decode($history_url)) ? json_decode($history_url) : $history_url;
// Value types stored in Elasticsearch. // Value types stored in Elasticsearch.
$HISTORY['types'] = {ZBX_HISTORYSTORAGETYPES}; $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types) : array();
// Used for SAML authentication.
// Uncomment to override the default paths to SP private key, SP and IdP X.509 certificates, and to set extra settings.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : '';
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : '';
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : '';
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings) : array();

View File

@ -527,22 +527,10 @@ update_zbx_config() {
prepare_zbx_web_config() { prepare_zbx_web_config() {
local server_name=""
echo "** Preparing Zabbix frontend configuration file" echo "** Preparing Zabbix frontend configuration file"
ZBX_WWW_ROOT="/usr/share/zabbix"
ZBX_WEB_CONFIG="$ZABBIX_ETC_DIR/web/zabbix.conf.php"
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_execution_time]" "${ZBX_MAXEXECUTIONTIME:-"600"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[memory_limit]" "${ZBX_MEMORYLIMIT:-"128M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[post_max_size]" "${ZBX_POSTMAXSIZE:-"16M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[upload_max_filesize]" "${ZBX_UPLOADMAXFILESIZE:-"2M"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[max_input_time]" "${ZBX_MAXINPUTTIME:-"300"}"
update_config_var "$PHP_CONFIG_FILE" "php_value[date.timezone]" "${PHP_TZ}"
if [ "$(id -u)" == '0' ]; then if [ "$(id -u)" == '0' ]; then
echo "user = zabbix" >> "$PHP_CONFIG_FILE" echo "user = zabbix" >> "$PHP_CONFIG_FILE"
echo "group = zabbix" >> "$PHP_CONFIG_FILE" echo "group = zabbix" >> "$PHP_CONFIG_FILE"
@ -550,39 +538,36 @@ prepare_zbx_web_config() {
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE" echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
fi fi
ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
export PHP_TZ=${PHP_TZ:-"Europe/Riga"}
# Escaping characters in parameter value export DB_SERVER_TYPE="MYSQL"
server_name=$(escape_spec_char "${ZBX_SERVER_NAME}") export DB_SERVER_HOST=${DB_SERVER_HOST}
server_user=$(escape_spec_char "${DB_SERVER_ZBX_USER}") export DB_SERVER_PORT=${DB_SERVER_PORT}
server_pass=$(escape_spec_char "${DB_SERVER_ZBX_PASS}") export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
export ZBX_SERVER_HOST="localhost"
export ZBX_SERVER_PORT="10051"
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION:-"false"}
ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST-"false"}
sed -i \ export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754:-"true"}
-e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
-e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
-e "s/{DB_SERVER_DBNAME}/${DB_SERVER_DBNAME}/g" \ export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
-e "s/{DB_SERVER_SCHEMA}/${DB_SERVER_SCHEMA}/g" \
-e "s/{DB_SERVER_USER}/$server_user/g" \ export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
-e "s/{DB_SERVER_PASS}/$server_pass/g" \
-e "s/{ZBX_SERVER_HOST}/localhost/g" \
-e "s/{ZBX_SERVER_PORT}/10051/g" \
-e "s/{ZBX_SERVER_NAME}/$server_name/g" \
-e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \
-e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \
-e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \
-e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \
-e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \
-e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \
-e "s/{DB_DOUBLE_IEEE754}/${DB_DOUBLE_IEEE754:-"true"}/g" \
-e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \
-e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \
"$ZBX_WEB_CONFIG"
if [ -n "${ZBX_SESSION_NAME}" ]; then if [ -n "${ZBX_SESSION_NAME}" ]; then
cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" cp "$ZBX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"