From a349fc645ae9f06c524e2b67c02307fc75efa899 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 5 Aug 2020 17:44:48 -0400 Subject: [PATCH] Added information about Web and DB encryption --- web-apache-mysql/alpine/README.md | 24 ++++++++++++++++++++++++ web-apache-mysql/centos/README.md | 24 ++++++++++++++++++++++++ web-apache-mysql/ubuntu/README.md | 24 ++++++++++++++++++++++++ web-apache-pgsql/alpine/README.md | 20 ++++++++++++++++++++ web-apache-pgsql/centos/README.md | 20 ++++++++++++++++++++ web-apache-pgsql/ubuntu/README.md | 20 ++++++++++++++++++++ web-nginx-mysql/alpine/README.md | 24 ++++++++++++++++++++++++ web-nginx-mysql/centos/README.md | 24 ++++++++++++++++++++++++ web-nginx-mysql/ubuntu/README.md | 24 ++++++++++++++++++++++++ web-nginx-pgsql/alpine/README.md | 20 ++++++++++++++++++++ web-nginx-pgsql/centos/README.md | 20 ++++++++++++++++++++ web-nginx-pgsql/ubuntu/README.md | 20 ++++++++++++++++++++ 12 files changed, 264 insertions(+) diff --git a/web-apache-mysql/alpine/README.md b/web-apache-mysql/alpine/README.md index be2cefbf0..6429bd35a 100644 --- a/web-apache-mysql/alpine/README.md +++ b/web-apache-mysql/alpine/README.md @@ -162,6 +162,30 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-mysql/centos/README.md b/web-apache-mysql/centos/README.md index be2cefbf0..6429bd35a 100644 --- a/web-apache-mysql/centos/README.md +++ b/web-apache-mysql/centos/README.md @@ -162,6 +162,30 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-mysql/ubuntu/README.md b/web-apache-mysql/ubuntu/README.md index be2cefbf0..6429bd35a 100644 --- a/web-apache-mysql/ubuntu/README.md +++ b/web-apache-mysql/ubuntu/README.md @@ -162,6 +162,30 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-pgsql/alpine/README.md b/web-apache-pgsql/alpine/README.md index 3764be4c2..9e37927f4 100644 --- a/web-apache-pgsql/alpine/README.md +++ b/web-apache-pgsql/alpine/README.md @@ -160,6 +160,26 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-pgsql/centos/README.md b/web-apache-pgsql/centos/README.md index 3764be4c2..9e37927f4 100644 --- a/web-apache-pgsql/centos/README.md +++ b/web-apache-pgsql/centos/README.md @@ -160,6 +160,26 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-pgsql/ubuntu/README.md b/web-apache-pgsql/ubuntu/README.md index 3764be4c2..9e37927f4 100644 --- a/web-apache-pgsql/ubuntu/README.md +++ b/web-apache-pgsql/ubuntu/README.md @@ -160,6 +160,26 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-nginx-mysql/alpine/README.md b/web-nginx-mysql/alpine/README.md index 49c265481..39ce53247 100644 --- a/web-nginx-mysql/alpine/README.md +++ b/web-nginx-mysql/alpine/README.md @@ -163,6 +163,30 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` diff --git a/web-nginx-mysql/centos/README.md b/web-nginx-mysql/centos/README.md index 49c265481..39ce53247 100644 --- a/web-nginx-mysql/centos/README.md +++ b/web-nginx-mysql/centos/README.md @@ -163,6 +163,30 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` diff --git a/web-nginx-mysql/ubuntu/README.md b/web-nginx-mysql/ubuntu/README.md index 49c265481..39ce53247 100644 --- a/web-nginx-mysql/ubuntu/README.md +++ b/web-nginx-mysql/ubuntu/README.md @@ -163,6 +163,30 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` diff --git a/web-nginx-pgsql/alpine/README.md b/web-nginx-pgsql/alpine/README.md index 10cedbdd3..ca22afa7c 100644 --- a/web-nginx-pgsql/alpine/README.md +++ b/web-nginx-pgsql/alpine/README.md @@ -160,6 +160,26 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` diff --git a/web-nginx-pgsql/centos/README.md b/web-nginx-pgsql/centos/README.md index 10cedbdd3..ca22afa7c 100644 --- a/web-nginx-pgsql/centos/README.md +++ b/web-nginx-pgsql/centos/README.md @@ -160,6 +160,26 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` diff --git a/web-nginx-pgsql/ubuntu/README.md b/web-nginx-pgsql/ubuntu/README.md index 10cedbdd3..ca22afa7c 100644 --- a/web-nginx-pgsql/ubuntu/README.md +++ b/web-nginx-pgsql/ubuntu/README.md @@ -160,6 +160,26 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx``