mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2025-02-07 21:40:24 +01:00
Migrate to PHP-FPM for all Web images
This commit is contained in:
Alexey Pustovalov
parent
0851b529b4
commit
822d832760
@ -130,8 +130,8 @@ function File-Process-From-Env {
|
||||
)
|
||||
|
||||
if (![string]::IsNullOrEmpty($VarValue)) {
|
||||
$VarValue | Set-Content "$ZabbixInternalEncDir\$VarName"
|
||||
$FileName="$ZabbixInternalEncDir\$VarName"
|
||||
$VarValue | Set-Content "$ZabbixInternalEncDir\VarName"
|
||||
$FileName="$ZabbixInternalEncDir\VarName"
|
||||
}
|
||||
|
||||
Update-Config-Var $ZbxAgentConfig "$VarName" "$FileName"
|
||||
|
||||
@ -130,8 +130,8 @@ function File-Process-From-Env {
|
||||
)
|
||||
|
||||
if (![string]::IsNullOrEmpty($VarValue)) {
|
||||
$VarValue | Set-Content "$ZabbixInternalEncDir\$VarName"
|
||||
$FileName="$ZabbixInternalEncDir\$VarName"
|
||||
$VarValue | Set-Content "$ZabbixInternalEncDir\VarName"
|
||||
$FileName="$ZabbixInternalEncDir\VarName"
|
||||
}
|
||||
|
||||
Update-Config-Var $ZbxAgentConfig "$VarName" "$FileName"
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
|
||||
RUN set -eux && \
|
||||
@ -36,9 +37,10 @@ RUN set -eux && \
|
||||
curl \
|
||||
mariadb-client \
|
||||
mariadb-connector-c \
|
||||
php7-apache2 \
|
||||
apache2-proxy \
|
||||
php7-bcmath \
|
||||
php7-ctype \
|
||||
php7-fpm \
|
||||
php7-gd \
|
||||
php7-gettext \
|
||||
php7-json \
|
||||
@ -51,7 +53,8 @@ RUN set -eux && \
|
||||
php7-fileinfo \
|
||||
php7-xmlreader \
|
||||
php7-xmlwriter \
|
||||
php7-openssl" && \
|
||||
php7-openssl \
|
||||
supervisor" && \
|
||||
apk add \
|
||||
--no-cache \
|
||||
--clean-protected \
|
||||
@ -79,38 +82,40 @@ RUN set -eux && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
rm -f "/etc/apache2/conf.d/default.conf" && \
|
||||
rm -f "/etc/apache2/conf.d/ssl.conf" && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/apache2/httpd.conf" && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*PidFile)\s+\S+!\1 "/tmp/httpd.pid"!g' \
|
||||
"/etc/apache2/conf.d/mpm.conf" && \
|
||||
sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf && \
|
||||
rm -f "/etc/apache2/conf.d/info.conf" && \
|
||||
rm -f "/etc/apache2/conf.d/mpm.conf" && \
|
||||
rm -f "/etc/apache2/conf.d/proxy.conf" && \
|
||||
rm -f "/etc/apache2/conf.d/userdir.conf" && \
|
||||
mkdir -p /var/lib/php/session && \
|
||||
rm -rf /etc/php7/php-fpm.d/www.conf && \
|
||||
rm -rf "/var/run/apache2/" && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/ && \
|
||||
chgrp -R 0 /etc/apache2/ /etc/php7/ && \
|
||||
chmod -R g=u /etc/apache2/ /etc/php7/
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
|
||||
chgrp -R 0 /etc/apache2/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
|
||||
chmod -R g=u /etc/apache2/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
|
||||
chown --quiet -R zabbix:root /var/lib/php/session/ && \
|
||||
chgrp -R 0 /var/lib/php/session/ && \
|
||||
chmod -R g=u /var/lib/php/session/
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
USER 1997
|
||||
|
||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||
|
||||
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
|
||||
|
||||
@ -0,0 +1,8 @@
|
||||
<IfModule mime_module>
|
||||
TypesConfig /etc/apache2/mime.types
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
</IfModule>
|
||||
<IfModule mime_magic_module>
|
||||
MIMEMagicFile /etc/apache2/magic
|
||||
</IfModule>
|
||||
@ -0,0 +1,75 @@
|
||||
ServerRoot /etc/apache2/
|
||||
ServerRoot /var/www
|
||||
DefaultRuntimeDir /tmp/apache2/
|
||||
PidFile /tmp/apache2.pid
|
||||
|
||||
ServerName 127.0.0.1
|
||||
|
||||
IncludeOptional /etc/apache2/includes.conf
|
||||
|
||||
Timeout 300
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 5
|
||||
|
||||
<IfModule unixd_module>
|
||||
User ${APACHE_RUN_USER}
|
||||
Group ${APACHE_RUN_GROUP}
|
||||
</IfModule>
|
||||
|
||||
HostnameLookups Off
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
|
||||
</IfModule>
|
||||
|
||||
ErrorLog /proc/self/fd/2
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule mpm_event_module>
|
||||
StartServers 2
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
ServerTokens ${APACHE_SERVER_TOKENS}
|
||||
|
||||
ServerSignature ${APACHE_SERVER_SIGNATURE}
|
||||
|
||||
TraceEnable Off
|
||||
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
<IfModule status_module>
|
||||
<Location /apache-status>
|
||||
SetHandler server-status
|
||||
Require local
|
||||
</Location>
|
||||
|
||||
ExtendedStatus On
|
||||
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
@ -0,0 +1,3 @@
|
||||
IncludeOptional /etc/apache2/modules.conf
|
||||
|
||||
IncludeOptional /etc/apache2/conf.d/*.conf
|
||||
@ -0,0 +1,24 @@
|
||||
LoadModule logio_module modules/mod_logio.so
|
||||
LoadModule unixd_module modules/mod_unixd.so
|
||||
LoadModule log_config_module modules/mod_log_config.so
|
||||
LoadModule access_compat_module modules/mod_access_compat.so
|
||||
LoadModule auth_basic_module modules/mod_auth_basic.so
|
||||
LoadModule authn_core_module modules/mod_authn_core.so
|
||||
LoadModule authn_file_module modules/mod_authn_file.so
|
||||
LoadModule authz_core_module modules/mod_authz_core.so
|
||||
LoadModule authz_host_module modules/mod_authz_host.so
|
||||
LoadModule authz_user_module modules/mod_authz_user.so
|
||||
LoadModule dir_module modules/mod_dir.so
|
||||
LoadModule env_module modules/mod_env.so
|
||||
LoadModule filter_module modules/mod_filter.so
|
||||
LoadModule mime_module modules/mod_mime.so
|
||||
LoadModule mpm_event_module modules/mod_mpm_event.so
|
||||
LoadModule negotiation_module modules/mod_negotiation.so
|
||||
LoadModule reqtimeout_module modules/mod_reqtimeout.so
|
||||
LoadModule setenvif_module modules/mod_setenvif.so
|
||||
LoadModule status_module modules/mod_status.so
|
||||
|
||||
LoadModule proxy_module modules/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
|
||||
LoadModule expires_module modules/mod_expires.so
|
||||
LoadModule headers_module modules/mod_headers.so
|
||||
@ -1,10 +0,0 @@
|
||||
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
|
||||
memory_limit = ${ZBX_MEMORYLIMIT}
|
||||
post_max_size = ${ZBX_POSTMAXSIZE}
|
||||
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
|
||||
max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
expose_php = ${EXPOSE_WEB_SERVER_INFO}
|
||||
@ -0,0 +1,10 @@
|
||||
include=/etc/php7/php-fpm.d/*.conf
|
||||
|
||||
[global]
|
||||
|
||||
pid = /tmp/php-fpm.pid
|
||||
|
||||
error_log = /dev/fd/2
|
||||
log_level = notice
|
||||
|
||||
daemonize = no
|
||||
@ -0,0 +1,36 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = ${PHP_FPM_PM}
|
||||
pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
|
||||
pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
|
||||
pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
|
||||
pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
|
||||
pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
|
||||
|
||||
slowlog = /dev/fd/1
|
||||
|
||||
php_admin_value[error_log] = /dev/fd/2
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
; PHP-FPM monitoring
|
||||
pm.status_path = /status
|
||||
ping.path = /ping
|
||||
@ -0,0 +1,30 @@
|
||||
[supervisord]
|
||||
nodaemon = true
|
||||
|
||||
[program:httpd]
|
||||
command = /usr/sbin/%(program_name)s -D FOREGROUND
|
||||
auto_start = true
|
||||
autorestart = true
|
||||
|
||||
startsecs=2
|
||||
startretries=3
|
||||
stopsignal=TERM
|
||||
stopwaitsecs=2
|
||||
|
||||
redirect_stderr=true
|
||||
stdout_logfile = /dev/stdout
|
||||
stdout_logfile_maxbytes = 0
|
||||
|
||||
[program:php-fpm7]
|
||||
command = /usr/sbin/%(program_name)s -F -y /etc/php7/php-fpm.conf
|
||||
auto_start = true
|
||||
autorestart = true
|
||||
|
||||
startsecs=2
|
||||
startretries=3
|
||||
stopsignal=TERM
|
||||
stopwaitsecs=2
|
||||
|
||||
redirect_stderr=true
|
||||
stdout_logfile = /dev/stdout
|
||||
stdout_logfile_maxbytes = 0
|
||||
@ -0,0 +1,35 @@
|
||||
; supervisor config file
|
||||
|
||||
[unix_http_server]
|
||||
file = /tmp/supervisor.sock ; (the path to the socket file)
|
||||
chmod = 0700 ; sockef file mode (default 0700)
|
||||
username = zbx
|
||||
password = password
|
||||
|
||||
[supervisord]
|
||||
logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log)
|
||||
pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
|
||||
childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP)
|
||||
critical = critical
|
||||
;user = zabbix
|
||||
logfile_maxbytes = 0
|
||||
logfile_backupcount = 0
|
||||
loglevel = info
|
||||
|
||||
; the below section must remain in the config file for RPC
|
||||
; (supervisorctl/web interface) to work, additional interfaces may be
|
||||
; added by defining them in separate rpcinterface: sections
|
||||
[rpcinterface:supervisor]
|
||||
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
|
||||
|
||||
[supervisorctl]
|
||||
serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
|
||||
|
||||
; The [include] section can just contain the "files" setting. This
|
||||
; setting can list multiple files (separated by whitespace or
|
||||
; newlines). It can also contain wildcards. The filenames are
|
||||
; interpreted as relative to this file. Included files *cannot*
|
||||
; include files themselves.
|
||||
|
||||
[include]
|
||||
files = /etc/supervisor/conf.d/*.conf
|
||||
@ -1,14 +1,44 @@
|
||||
Listen 8080
|
||||
|
||||
<VirtualHost *:8080>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</LocationMatch>
|
||||
|
||||
<Directory "/usr/share/zabbix">
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -1,23 +1,26 @@
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
||||
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
|
||||
|
||||
Listen 8443
|
||||
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:8443>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# intermediate configuration
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProtocol -all +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
|
||||
@ -31,10 +34,33 @@ Listen 8443
|
||||
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
|
||||
Header always set Strict-Transport-Security "max-age=63072000"
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</LocationMatch>
|
||||
|
||||
<Directory "/usr/share/zabbix">
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
@ -85,4 +111,3 @@ Listen 8443
|
||||
</files>
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
</IfModule>
|
||||
|
||||
@ -20,11 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="apache"}
|
||||
: ${DAEMON_GROUP:="apache"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
|
||||
# Apache additional configuration files directory
|
||||
APACHE_SITES_DIR="/etc/apache2/conf.d"
|
||||
# Directory with SSL certificate files for Apache
|
||||
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -133,7 +141,12 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
APACHE_SITES_DIR=/etc/apache2/conf.d
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
export APACHE_RUN_USER=${DAEMON_USER}
|
||||
else
|
||||
export APACHE_RUN_USER=$(id -n -u)
|
||||
fi
|
||||
export APACHE_RUN_GROUP=${DAEMON_GROUP}
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
|
||||
@ -142,7 +155,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
|
||||
if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
|
||||
echo "** Adding Zabbix virtual host (HTTPS)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
|
||||
@ -152,10 +165,42 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
|
||||
fi
|
||||
|
||||
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
export APACHE_CUSTOM_LOG="/dev/null"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
export APACHE_SERVER_TOKENS="OS"
|
||||
export APACHE_SERVER_SIGNATURE="On"
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
|
||||
export APACHE_SERVER_TOKENS="Prod"
|
||||
export APACHE_SERVER_SIGNATURE="Off"
|
||||
fi
|
||||
|
||||
mkdir -p /tmp/apache2
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
@ -195,45 +240,14 @@ prepare_zbx_web_config() {
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
@ -242,17 +256,18 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
if [ "$1" != "" ]; then
|
||||
echo "** Executing '$@'"
|
||||
exec "$@"
|
||||
elif [ -f "/usr/sbin/httpd" ]; then
|
||||
echo "** Executing HTTPD"
|
||||
exec /usr/sbin/httpd -D FOREGROUND
|
||||
elif [ -f "/usr/bin/supervisord" ]; then
|
||||
echo "** Executing supervisord"
|
||||
exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
||||
else
|
||||
echo "Unknown instructions. Exiting..."
|
||||
exit 1
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
|
||||
RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
@ -78,26 +79,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
rm -f "/etc/httpd/conf.d/default.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/ssl.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/php.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/userdir.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/welcome.conf" && \
|
||||
rm -f /etc/php-fpm.d/www.conf && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/httpd/conf/httpd.conf" && \
|
||||
sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
find /etc/ -name '*.rpmnew' | xargs rm -f && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cut -d"'" -f 2 | sort | \
|
||||
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
@ -108,9 +109,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
findutils \
|
||||
glibc-locale-source
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
<IfModule !mpm_netware_module>
|
||||
PidFile "/tmp/httpd.pid"
|
||||
</IfModule>
|
||||
@ -0,0 +1,9 @@
|
||||
<IfModule mime_module>
|
||||
TypesConfig /etc/mime.types
|
||||
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
</IfModule>
|
||||
<IfModule mime_magic_module>
|
||||
MIMEMagicFile conf/magic
|
||||
</IfModule>
|
||||
@ -0,0 +1,75 @@
|
||||
ServerRoot /etc/httpd/
|
||||
ServerRoot /var/www
|
||||
DefaultRuntimeDir /tmp/httpd/
|
||||
PidFile /tmp/httpd.pid
|
||||
|
||||
ServerName 127.0.0.1
|
||||
|
||||
IncludeOptional /etc/httpd/includes.conf
|
||||
|
||||
Timeout 300
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 5
|
||||
|
||||
<IfModule unixd_module>
|
||||
User ${APACHE_RUN_USER}
|
||||
Group ${APACHE_RUN_GROUP}
|
||||
</IfModule>
|
||||
|
||||
HostnameLookups Off
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
|
||||
</IfModule>
|
||||
|
||||
ErrorLog /proc/self/fd/2
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule mpm_event_module>
|
||||
StartServers 2
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
ServerTokens ${APACHE_SERVER_TOKENS}
|
||||
|
||||
ServerSignature ${APACHE_SERVER_SIGNATURE}
|
||||
|
||||
TraceEnable Off
|
||||
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
<IfModule status_module>
|
||||
<Location /apache-status>
|
||||
SetHandler server-status
|
||||
Require local
|
||||
</Location>
|
||||
|
||||
ExtendedStatus On
|
||||
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
@ -0,0 +1,3 @@
|
||||
IncludeOptional /etc/httpd/modules.conf
|
||||
|
||||
IncludeOptional /etc/httpd/conf.d/*.conf
|
||||
@ -0,0 +1,24 @@
|
||||
LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
|
||||
LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
|
||||
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
|
||||
LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
|
||||
LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
|
||||
LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
|
||||
LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
|
||||
LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
|
||||
LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
|
||||
LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
|
||||
LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
|
||||
LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
|
||||
LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
|
||||
LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
|
||||
LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
|
||||
LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
|
||||
LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
|
||||
LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
|
||||
LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
|
||||
|
||||
LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
|
||||
LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
|
||||
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
|
||||
@ -1,10 +1,17 @@
|
||||
Listen 8080
|
||||
|
||||
<VirtualHost *:8080>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
@ -20,6 +27,18 @@
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -1,22 +1,26 @@
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
||||
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
|
||||
|
||||
Listen 8443
|
||||
|
||||
<VirtualHost *:8443>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# intermediate configuration
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProtocol -all +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
|
||||
@ -45,6 +49,18 @@ Listen 8443
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -20,11 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="apache"}
|
||||
: ${DAEMON_GROUP:="apache"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
|
||||
# Apache additional configuration files directory
|
||||
APACHE_SITES_DIR="/etc/httpd/conf.d"
|
||||
# Directory with SSL certificate files for Apache
|
||||
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -133,7 +141,12 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
APACHE_SITES_DIR=/etc/httpd/conf.d
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
export APACHE_RUN_USER=${DAEMON_USER}
|
||||
else
|
||||
export APACHE_RUN_USER=$(id -n -u)
|
||||
fi
|
||||
export APACHE_RUN_GROUP=${DAEMON_GROUP}
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
|
||||
@ -142,7 +155,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
|
||||
if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
|
||||
echo "** Adding Zabbix virtual host (HTTPS)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
|
||||
@ -152,12 +165,28 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
|
||||
fi
|
||||
|
||||
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
export APACHE_CUSTOM_LOG="/dev/null"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
export APACHE_SERVER_TOKENS="OS"
|
||||
export APACHE_SERVER_SIGNATURE="On"
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
|
||||
export APACHE_SERVER_TOKENS="Prod"
|
||||
export APACHE_SERVER_SIGNATURE="Off"
|
||||
fi
|
||||
|
||||
mkdir -p /tmp/httpd
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
@ -167,10 +196,10 @@ prepare_zbx_web_config() {
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
@ -211,45 +240,14 @@ prepare_zbx_web_config() {
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
@ -258,8 +256,9 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
COPY ["conf/etc/yum.repos.d/oracle-epel-ol8.repo", "/etc/yum.repos.d/oracle-epel-ol8.repo"]
|
||||
|
||||
@ -80,26 +81,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
rm -f "/etc/httpd/conf.d/default.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/ssl.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/php.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/userdir.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/welcome.conf" && \
|
||||
rm -f /etc/php-fpm.d/www.conf && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/httpd/conf/httpd.conf" && \
|
||||
sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
find /etc/ -name '*.rpmnew' | xargs rm -f && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cut -d"'" -f 2 | sort | \
|
||||
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
@ -110,9 +111,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
findutils \
|
||||
glibc-locale-source
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
<IfModule !mpm_netware_module>
|
||||
PidFile "/tmp/httpd.pid"
|
||||
</IfModule>
|
||||
@ -0,0 +1,9 @@
|
||||
<IfModule mime_module>
|
||||
TypesConfig /etc/mime.types
|
||||
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
</IfModule>
|
||||
<IfModule mime_magic_module>
|
||||
MIMEMagicFile conf/magic
|
||||
</IfModule>
|
||||
@ -0,0 +1,75 @@
|
||||
ServerRoot /etc/httpd/
|
||||
ServerRoot /var/www
|
||||
DefaultRuntimeDir /tmp/httpd/
|
||||
PidFile /tmp/httpd.pid
|
||||
|
||||
ServerName 127.0.0.1
|
||||
|
||||
IncludeOptional /etc/httpd/includes.conf
|
||||
|
||||
Timeout 300
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 5
|
||||
|
||||
<IfModule unixd_module>
|
||||
User ${APACHE_RUN_USER}
|
||||
Group ${APACHE_RUN_GROUP}
|
||||
</IfModule>
|
||||
|
||||
HostnameLookups Off
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
|
||||
</IfModule>
|
||||
|
||||
ErrorLog /proc/self/fd/2
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule mpm_event_module>
|
||||
StartServers 2
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
ServerTokens ${APACHE_SERVER_TOKENS}
|
||||
|
||||
ServerSignature ${APACHE_SERVER_SIGNATURE}
|
||||
|
||||
TraceEnable Off
|
||||
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
<IfModule status_module>
|
||||
<Location /apache-status>
|
||||
SetHandler server-status
|
||||
Require local
|
||||
</Location>
|
||||
|
||||
ExtendedStatus On
|
||||
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
@ -0,0 +1,3 @@
|
||||
IncludeOptional /etc/httpd/modules.conf
|
||||
|
||||
IncludeOptional /etc/httpd/conf.d/*.conf
|
||||
24
Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf
Normal file
24
Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf
Normal file
@ -0,0 +1,24 @@
|
||||
LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
|
||||
LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
|
||||
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
|
||||
LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
|
||||
LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
|
||||
LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
|
||||
LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
|
||||
LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
|
||||
LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
|
||||
LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
|
||||
LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
|
||||
LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
|
||||
LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
|
||||
LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
|
||||
LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
|
||||
LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
|
||||
LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
|
||||
LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
|
||||
LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
|
||||
|
||||
LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
|
||||
LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
|
||||
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
|
||||
@ -1,10 +1,17 @@
|
||||
Listen 8080
|
||||
|
||||
<VirtualHost *:8080>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
@ -20,6 +27,18 @@
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -1,22 +1,26 @@
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
||||
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
|
||||
|
||||
Listen 8443
|
||||
|
||||
<VirtualHost *:8443>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# intermediate configuration
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProtocol -all +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
|
||||
@ -45,6 +49,18 @@ Listen 8443
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -20,11 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="apache"}
|
||||
: ${DAEMON_GROUP:="apache"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
|
||||
# Apache additional configuration files directory
|
||||
APACHE_SITES_DIR="/etc/httpd/conf.d"
|
||||
# Directory with SSL certificate files for Apache
|
||||
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -133,7 +141,12 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
APACHE_SITES_DIR=/etc/httpd/conf.d
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
export APACHE_RUN_USER=${DAEMON_USER}
|
||||
else
|
||||
export APACHE_RUN_USER=$(id -n -u)
|
||||
fi
|
||||
export APACHE_RUN_GROUP=${DAEMON_GROUP}
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
|
||||
@ -142,7 +155,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
|
||||
if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
|
||||
echo "** Adding Zabbix virtual host (HTTPS)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
|
||||
@ -152,12 +165,28 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
|
||||
fi
|
||||
|
||||
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
export APACHE_CUSTOM_LOG="/dev/null"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
export APACHE_SERVER_TOKENS="OS"
|
||||
export APACHE_SERVER_SIGNATURE="On"
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
|
||||
export APACHE_SERVER_TOKENS="Prod"
|
||||
export APACHE_SERVER_SIGNATURE="Off"
|
||||
fi
|
||||
|
||||
mkdir -p /tmp/httpd
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
@ -167,10 +196,10 @@ prepare_zbx_web_config() {
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
@ -211,45 +240,14 @@ prepare_zbx_web_config() {
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
@ -258,8 +256,9 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
|
||||
RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
@ -35,21 +36,26 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
set -eux && \
|
||||
echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \
|
||||
INSTALL_PKGS="bash \
|
||||
apache2 \
|
||||
tzdata \
|
||||
curl \
|
||||
libapache2-mod-php \
|
||||
ca-certificates \
|
||||
mysql-client \
|
||||
apache2 \
|
||||
locales \
|
||||
libldap-common \
|
||||
php7.4-bcmath \
|
||||
php7.4-fpm \
|
||||
php7.4-gd \
|
||||
php7.4-json \
|
||||
php7.4-ldap \
|
||||
php7.4-mbstring \
|
||||
php7.4-mysql \
|
||||
php7.4-xml" && \
|
||||
php7.4-xml \
|
||||
supervisor" && \
|
||||
apt-get -y update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y \
|
||||
-o Dpkg::Options::="--force-confdef" \
|
||||
-o Dpkg::Options::="--force-confold" \
|
||||
--no-install-recommends install \
|
||||
${INSTALL_PKGS} && \
|
||||
groupadd \
|
||||
@ -67,50 +73,45 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
mkdir -p ${ZABBIX_CONF_DIR} && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
mkdir -p /var/lib/php/session && \
|
||||
find /etc/ -name '*.dpkg-dist' | xargs rm -f && \
|
||||
rm -f /etc/apache2/sites-available/* && \
|
||||
rm -f /etc/apache2/sites-enabled/* && \
|
||||
/usr/sbin/a2enmod ssl && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/apache2/apache2.conf" && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/apache2/conf-available/other-vhosts-access-log.conf" && \
|
||||
sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf && \
|
||||
sed -i 's/Listen 443/Listen 8443/g' /etc/apache2/ports.conf && \
|
||||
sed -i 's|/var/run/apache2$SUFFIX|/tmp|g' /etc/apache2/envvars && \
|
||||
rm -f /var/run/apache2/apache2.pid && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
rm -f /etc/php/7.4/fpm/pool.d/www.conf && \
|
||||
rm -f /var/run/apache2/ && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
mkdir -p /var/lib/locales/supported.d/ && \
|
||||
rm -f /var/lib/locales/supported.d/local && \
|
||||
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cut -d"'" -f 2 | sort | \
|
||||
xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \
|
||||
dpkg-reconfigure locales && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/apache2/ /etc/php/7.4/ && \
|
||||
chgrp -R 0 /etc/apache2/ /etc/php/7.4/ && \
|
||||
chmod -R g=u /etc/apache2/ /etc/php/7.4/
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/apache2/ /etc/php/7.4/fpm/ && \
|
||||
chgrp -R 0 /etc/apache2/ /etc/php/7.4/fpm/ && \
|
||||
chmod -R g=u /etc/apache2/ /etc/php/7.4/fpm/ && \
|
||||
chown --quiet -R zabbix:root /var/lib/php/session/ && \
|
||||
chgrp -R 0 /var/lib/php/session/ && \
|
||||
chmod -R g=u /var/lib/php/session/
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
USER 1997
|
||||
|
||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||
|
||||
CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
|
||||
|
||||
@ -0,0 +1,75 @@
|
||||
ServerRoot /etc/apache2/
|
||||
ServerRoot /var/www
|
||||
DefaultRuntimeDir /tmp/apache2/
|
||||
PidFile /tmp/apache2.pid
|
||||
|
||||
ServerName 127.0.0.1
|
||||
|
||||
IncludeOptional /etc/apache2/includes.conf
|
||||
|
||||
Timeout 300
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 5
|
||||
|
||||
<IfModule unixd_module>
|
||||
User ${APACHE_RUN_USER}
|
||||
Group ${APACHE_RUN_GROUP}
|
||||
</IfModule>
|
||||
|
||||
HostnameLookups Off
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
|
||||
</IfModule>
|
||||
|
||||
ErrorLog /proc/self/fd/2
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule mpm_event_module>
|
||||
StartServers 2
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
ServerTokens ${APACHE_SERVER_TOKENS}
|
||||
|
||||
ServerSignature ${APACHE_SERVER_SIGNATURE}
|
||||
|
||||
TraceEnable Off
|
||||
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
<IfModule status_module>
|
||||
<Location /apache-status>
|
||||
SetHandler server-status
|
||||
Require local
|
||||
</Location>
|
||||
|
||||
ExtendedStatus On
|
||||
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
@ -0,0 +1,8 @@
|
||||
IncludeOptional /etc/apache2/modules.conf
|
||||
|
||||
IncludeOptional mods-enabled/mime.conf
|
||||
IncludeOptional mods-enabled/negotiation.conf
|
||||
IncludeOptional mods-enabled/reqtimeout.conf
|
||||
IncludeOptional mods-enabled/setenvif.conf
|
||||
|
||||
IncludeOptional sites-enabled/*.conf
|
||||
@ -0,0 +1,21 @@
|
||||
LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
|
||||
LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
|
||||
LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
|
||||
LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
|
||||
LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
|
||||
LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
|
||||
LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
|
||||
LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
|
||||
LoadModule env_module /usr/lib/apache2/modules/mod_env.so
|
||||
LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
|
||||
LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
|
||||
LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
|
||||
LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
|
||||
LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
|
||||
LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
|
||||
LoadModule status_module /usr/lib/apache2/modules/mod_status.so
|
||||
|
||||
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
|
||||
LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
|
||||
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
|
||||
@ -1,10 +0,0 @@
|
||||
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
|
||||
memory_limit = ${ZBX_MEMORYLIMIT}
|
||||
post_max_size = ${ZBX_POSTMAXSIZE}
|
||||
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
|
||||
max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
expose_php = ${EXPOSE_WEB_SERVER_INFO}
|
||||
@ -0,0 +1,10 @@
|
||||
include=/etc/php/7.4/fpm/pool.d/*.conf
|
||||
|
||||
[global]
|
||||
|
||||
pid = /tmp/php-fpm.pid
|
||||
|
||||
error_log = /dev/fd/2
|
||||
log_level = notice
|
||||
|
||||
daemonize = no
|
||||
@ -0,0 +1,36 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = ${PHP_FPM_PM}
|
||||
pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
|
||||
pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
|
||||
pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
|
||||
pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
|
||||
pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
|
||||
|
||||
slowlog = /dev/fd/1
|
||||
|
||||
php_admin_value[error_log] = /dev/fd/2
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
; PHP-FPM monitoring
|
||||
pm.status_path = /status
|
||||
ping.path = /ping
|
||||
@ -0,0 +1,30 @@
|
||||
[supervisord]
|
||||
nodaemon = true
|
||||
|
||||
[program:apache2]
|
||||
command = /usr/sbin/%(program_name)s -D FOREGROUND
|
||||
auto_start = true
|
||||
autorestart = true
|
||||
|
||||
startsecs=2
|
||||
startretries=3
|
||||
stopsignal=TERM
|
||||
stopwaitsecs=2
|
||||
|
||||
redirect_stderr=true
|
||||
stdout_logfile = /dev/stdout
|
||||
stdout_logfile_maxbytes = 0
|
||||
|
||||
[program:php-fpm7.4]
|
||||
command = /usr/sbin/%(program_name)s -F -y /etc/php/7.4/fpm/php-fpm.conf
|
||||
auto_start = true
|
||||
autorestart = true
|
||||
|
||||
startsecs=2
|
||||
startretries=3
|
||||
stopsignal=TERM
|
||||
stopwaitsecs=2
|
||||
|
||||
redirect_stderr=true
|
||||
stdout_logfile = /dev/stdout
|
||||
stdout_logfile_maxbytes = 0
|
||||
@ -0,0 +1,35 @@
|
||||
; supervisor config file
|
||||
|
||||
[unix_http_server]
|
||||
file = /tmp/supervisor.sock ; (the path to the socket file)
|
||||
chmod = 0700 ; sockef file mode (default 0700)
|
||||
username = zbx
|
||||
password = password
|
||||
|
||||
[supervisord]
|
||||
logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log)
|
||||
pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
|
||||
childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP)
|
||||
critical = critical
|
||||
;user = zabbix
|
||||
logfile_maxbytes = 0
|
||||
logfile_backupcount = 0
|
||||
loglevel = info
|
||||
|
||||
; the below section must remain in the config file for RPC
|
||||
; (supervisorctl/web interface) to work, additional interfaces may be
|
||||
; added by defining them in separate rpcinterface: sections
|
||||
[rpcinterface:supervisor]
|
||||
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
|
||||
|
||||
[supervisorctl]
|
||||
serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
|
||||
|
||||
; The [include] section can just contain the "files" setting. This
|
||||
; setting can list multiple files (separated by whitespace or
|
||||
; newlines). It can also contain wildcards. The filenames are
|
||||
; interpreted as relative to this file. Included files *cannot*
|
||||
; include files themselves.
|
||||
|
||||
[include]
|
||||
files = /etc/supervisor/conf.d/*.conf
|
||||
@ -1,14 +1,44 @@
|
||||
Listen 8080
|
||||
|
||||
<VirtualHost *:8080>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</LocationMatch>
|
||||
|
||||
<Directory "/usr/share/zabbix">
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -1,22 +1,26 @@
|
||||
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
|
||||
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
|
||||
|
||||
<IfModule mod_ssl.c>
|
||||
Listen 8443
|
||||
|
||||
<VirtualHost *:8443>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# intermediate configuration
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProtocol -all +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
|
||||
@ -30,10 +34,33 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
|
||||
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
|
||||
Header always set Strict-Transport-Security "max-age=63072000"
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</LocationMatch>
|
||||
|
||||
<Directory "/usr/share/zabbix">
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
@ -84,4 +111,3 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
|
||||
</files>
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
</IfModule>
|
||||
|
||||
@ -20,11 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="www-data"}
|
||||
: ${DAEMON_GROUP:="www-data"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
|
||||
# Apache additional configuration files directory
|
||||
APACHE_SITES_DIR="/etc/apache2/sites-enabled"
|
||||
# Directory with SSL certificate files for Apache
|
||||
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -133,7 +141,12 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
APACHE_SITES_DIR="/etc/apache2/sites-enabled"
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
export APACHE_RUN_USER=${DAEMON_USER}
|
||||
else
|
||||
export APACHE_RUN_USER=$(id -n -u)
|
||||
fi
|
||||
export APACHE_RUN_GROUP=${DAEMON_GROUP}
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
|
||||
@ -142,7 +155,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
|
||||
if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
|
||||
echo "** Adding Zabbix virtual host (HTTPS)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
|
||||
@ -152,10 +165,42 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
|
||||
fi
|
||||
|
||||
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
export APACHE_CUSTOM_LOG="/dev/null"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
export APACHE_SERVER_TOKENS="OS"
|
||||
export APACHE_SERVER_SIGNATURE="On"
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
|
||||
export APACHE_SERVER_TOKENS="Prod"
|
||||
export APACHE_SERVER_SIGNATURE="Off"
|
||||
fi
|
||||
|
||||
mkdir -p /tmp/apache2
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
@ -195,48 +240,14 @@ prepare_zbx_web_config() {
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"$HTTPD_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/apache2/conf-available/other-vhosts-access-log.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
@ -245,17 +256,18 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
if [ "$1" != "" ]; then
|
||||
echo "** Executing '$@'"
|
||||
exec "$@"
|
||||
elif [ -f "/usr/sbin/httpd" ]; then
|
||||
echo "** Executing HTTPD"
|
||||
exec /usr/sbin/httpd -D FOREGROUND
|
||||
elif [ -f "/usr/bin/supervisord" ]; then
|
||||
echo "** Executing supervisord"
|
||||
exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
||||
else
|
||||
echo "Unknown instructions. Exiting..."
|
||||
exit 1
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
|
||||
@ -27,16 +28,17 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
|
||||
RUN set -eux && \
|
||||
INSTALL_PKGS="bash \
|
||||
apache2 \
|
||||
tzdata \
|
||||
curl \
|
||||
php7-apache2 \
|
||||
apache2-proxy \
|
||||
php7-bcmath \
|
||||
php7-ctype \
|
||||
php7-fpm \
|
||||
php7-gd \
|
||||
php7-gettext \
|
||||
php7-json \
|
||||
@ -50,7 +52,8 @@ RUN set -eux && \
|
||||
php7-xmlreader \
|
||||
php7-xmlwriter \
|
||||
php7-openssl \
|
||||
postgresql-client" && \
|
||||
postgresql-client \
|
||||
supervisor" && \
|
||||
apk add \
|
||||
--no-cache \
|
||||
--clean-protected \
|
||||
@ -78,38 +81,40 @@ RUN set -eux && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
rm -f "/etc/apache2/conf.d/default.conf" && \
|
||||
rm -f "/etc/apache2/conf.d/ssl.conf" && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/apache2/httpd.conf" && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*PidFile)\s+\S+!\1 "/tmp/httpd.pid"!g' \
|
||||
"/etc/apache2/conf.d/mpm.conf" && \
|
||||
sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf && \
|
||||
rm -f "/etc/apache2/conf.d/info.conf" && \
|
||||
rm -f "/etc/apache2/conf.d/mpm.conf" && \
|
||||
rm -f "/etc/apache2/conf.d/proxy.conf" && \
|
||||
rm -f "/etc/apache2/conf.d/userdir.conf" && \
|
||||
mkdir -p /var/lib/php/session && \
|
||||
rm -rf /etc/php7/php-fpm.d/www.conf && \
|
||||
rm -rf "/var/run/apache2/" && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/ && \
|
||||
chgrp -R 0 /etc/apache2/ /etc/php7/ && \
|
||||
chmod -R g=u /etc/apache2/ /etc/php7/
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
|
||||
chgrp -R 0 /etc/apache2/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
|
||||
chmod -R g=u /etc/apache2/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
|
||||
chown --quiet -R zabbix:root /var/lib/php/session/ && \
|
||||
chgrp -R 0 /var/lib/php/session/ && \
|
||||
chmod -R g=u /var/lib/php/session/
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
USER 1997
|
||||
|
||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||
|
||||
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
|
||||
|
||||
@ -0,0 +1,8 @@
|
||||
<IfModule mime_module>
|
||||
TypesConfig /etc/apache2/mime.types
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
</IfModule>
|
||||
<IfModule mime_magic_module>
|
||||
MIMEMagicFile /etc/apache2/magic
|
||||
</IfModule>
|
||||
@ -0,0 +1,75 @@
|
||||
ServerRoot /etc/apache2/
|
||||
ServerRoot /var/www
|
||||
DefaultRuntimeDir /tmp/apache2/
|
||||
PidFile /tmp/apache2.pid
|
||||
|
||||
ServerName 127.0.0.1
|
||||
|
||||
IncludeOptional /etc/apache2/includes.conf
|
||||
|
||||
Timeout 300
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 5
|
||||
|
||||
<IfModule unixd_module>
|
||||
User ${APACHE_RUN_USER}
|
||||
Group ${APACHE_RUN_GROUP}
|
||||
</IfModule>
|
||||
|
||||
HostnameLookups Off
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
|
||||
</IfModule>
|
||||
|
||||
ErrorLog /proc/self/fd/2
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule mpm_event_module>
|
||||
StartServers 2
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
ServerTokens ${APACHE_SERVER_TOKENS}
|
||||
|
||||
ServerSignature ${APACHE_SERVER_SIGNATURE}
|
||||
|
||||
TraceEnable Off
|
||||
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
<IfModule status_module>
|
||||
<Location /apache-status>
|
||||
SetHandler server-status
|
||||
Require local
|
||||
</Location>
|
||||
|
||||
ExtendedStatus On
|
||||
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
@ -0,0 +1,3 @@
|
||||
IncludeOptional /etc/apache2/modules.conf
|
||||
|
||||
IncludeOptional /etc/apache2/conf.d/*.conf
|
||||
@ -0,0 +1,24 @@
|
||||
LoadModule logio_module modules/mod_logio.so
|
||||
LoadModule unixd_module modules/mod_unixd.so
|
||||
LoadModule log_config_module modules/mod_log_config.so
|
||||
LoadModule access_compat_module modules/mod_access_compat.so
|
||||
LoadModule auth_basic_module modules/mod_auth_basic.so
|
||||
LoadModule authn_core_module modules/mod_authn_core.so
|
||||
LoadModule authn_file_module modules/mod_authn_file.so
|
||||
LoadModule authz_core_module modules/mod_authz_core.so
|
||||
LoadModule authz_host_module modules/mod_authz_host.so
|
||||
LoadModule authz_user_module modules/mod_authz_user.so
|
||||
LoadModule dir_module modules/mod_dir.so
|
||||
LoadModule env_module modules/mod_env.so
|
||||
LoadModule filter_module modules/mod_filter.so
|
||||
LoadModule mime_module modules/mod_mime.so
|
||||
LoadModule mpm_event_module modules/mod_mpm_event.so
|
||||
LoadModule negotiation_module modules/mod_negotiation.so
|
||||
LoadModule reqtimeout_module modules/mod_reqtimeout.so
|
||||
LoadModule setenvif_module modules/mod_setenvif.so
|
||||
LoadModule status_module modules/mod_status.so
|
||||
|
||||
LoadModule proxy_module modules/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
|
||||
LoadModule expires_module modules/mod_expires.so
|
||||
LoadModule headers_module modules/mod_headers.so
|
||||
@ -1,10 +0,0 @@
|
||||
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
|
||||
memory_limit = ${ZBX_MEMORYLIMIT}
|
||||
post_max_size = ${ZBX_POSTMAXSIZE}
|
||||
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
|
||||
max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
expose_php = ${EXPOSE_WEB_SERVER_INFO}
|
||||
@ -0,0 +1,10 @@
|
||||
include=/etc/php7/php-fpm.d/*.conf
|
||||
|
||||
[global]
|
||||
|
||||
pid = /tmp/php-fpm.pid
|
||||
|
||||
error_log = /dev/fd/2
|
||||
log_level = notice
|
||||
|
||||
daemonize = no
|
||||
@ -0,0 +1,36 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = ${PHP_FPM_PM}
|
||||
pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
|
||||
pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
|
||||
pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
|
||||
pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
|
||||
pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
|
||||
|
||||
slowlog = /dev/fd/1
|
||||
|
||||
php_admin_value[error_log] = /dev/fd/2
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
; PHP-FPM monitoring
|
||||
pm.status_path = /status
|
||||
ping.path = /ping
|
||||
@ -0,0 +1,30 @@
|
||||
[supervisord]
|
||||
nodaemon = true
|
||||
|
||||
[program:httpd]
|
||||
command = /usr/sbin/%(program_name)s -D FOREGROUND
|
||||
auto_start = true
|
||||
autorestart = true
|
||||
|
||||
startsecs=2
|
||||
startretries=3
|
||||
stopsignal=TERM
|
||||
stopwaitsecs=2
|
||||
|
||||
redirect_stderr=true
|
||||
stdout_logfile = /dev/stdout
|
||||
stdout_logfile_maxbytes = 0
|
||||
|
||||
[program:php-fpm7]
|
||||
command = /usr/sbin/%(program_name)s -F -y /etc/php7/php-fpm.conf
|
||||
auto_start = true
|
||||
autorestart = true
|
||||
|
||||
startsecs=2
|
||||
startretries=3
|
||||
stopsignal=TERM
|
||||
stopwaitsecs=2
|
||||
|
||||
redirect_stderr=true
|
||||
stdout_logfile = /dev/stdout
|
||||
stdout_logfile_maxbytes = 0
|
||||
@ -0,0 +1,35 @@
|
||||
; supervisor config file
|
||||
|
||||
[unix_http_server]
|
||||
file = /tmp/supervisor.sock ; (the path to the socket file)
|
||||
chmod = 0700 ; sockef file mode (default 0700)
|
||||
username = zbx
|
||||
password = password
|
||||
|
||||
[supervisord]
|
||||
logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log)
|
||||
pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
|
||||
childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP)
|
||||
critical = critical
|
||||
;user = zabbix
|
||||
logfile_maxbytes = 0
|
||||
logfile_backupcount = 0
|
||||
loglevel = info
|
||||
|
||||
; the below section must remain in the config file for RPC
|
||||
; (supervisorctl/web interface) to work, additional interfaces may be
|
||||
; added by defining them in separate rpcinterface: sections
|
||||
[rpcinterface:supervisor]
|
||||
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
|
||||
|
||||
[supervisorctl]
|
||||
serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
|
||||
|
||||
; The [include] section can just contain the "files" setting. This
|
||||
; setting can list multiple files (separated by whitespace or
|
||||
; newlines). It can also contain wildcards. The filenames are
|
||||
; interpreted as relative to this file. Included files *cannot*
|
||||
; include files themselves.
|
||||
|
||||
[include]
|
||||
files = /etc/supervisor/conf.d/*.conf
|
||||
@ -1,14 +1,44 @@
|
||||
Listen 8080
|
||||
|
||||
<VirtualHost *:8080>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</LocationMatch>
|
||||
|
||||
<Directory "/usr/share/zabbix">
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -3,21 +3,24 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
||||
|
||||
Listen 8443
|
||||
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost *:8443>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# intermediate configuration
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProtocol -all +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
|
||||
@ -31,10 +34,33 @@ Listen 8443
|
||||
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
|
||||
Header always set Strict-Transport-Security "max-age=63072000"
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</LocationMatch>
|
||||
|
||||
<Directory "/usr/share/zabbix">
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
@ -85,4 +111,3 @@ Listen 8443
|
||||
</files>
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
</IfModule>
|
||||
|
||||
@ -20,11 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="apache"}
|
||||
: ${DAEMON_GROUP:="apache"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
|
||||
# Apache additional configuration files directory
|
||||
APACHE_SITES_DIR="/etc/apache2/conf.d"
|
||||
# Directory with SSL certificate files for Apache
|
||||
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -132,7 +140,12 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
APACHE_SITES_DIR=/etc/apache2/conf.d
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
export APACHE_RUN_USER=${DAEMON_USER}
|
||||
else
|
||||
export APACHE_RUN_USER=$(id -n -u)
|
||||
fi
|
||||
export APACHE_RUN_GROUP=${DAEMON_GROUP}
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
|
||||
@ -141,7 +154,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
|
||||
if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
|
||||
echo "** Adding Zabbix virtual host (HTTPS)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
|
||||
@ -151,10 +164,42 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
|
||||
fi
|
||||
|
||||
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
export APACHE_CUSTOM_LOG="/dev/null"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
export APACHE_SERVER_TOKENS="OS"
|
||||
export APACHE_SERVER_SIGNATURE="On"
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
|
||||
export APACHE_SERVER_TOKENS="Prod"
|
||||
export APACHE_SERVER_SIGNATURE="Off"
|
||||
fi
|
||||
|
||||
mkdir -p /tmp/apache2
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
@ -194,45 +239,14 @@ prepare_zbx_web_config() {
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
@ -241,17 +255,18 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
if [ "$1" != "" ]; then
|
||||
echo "** Executing '$@'"
|
||||
exec "$@"
|
||||
elif [ -f "/usr/sbin/httpd" ]; then
|
||||
echo "** Executing HTTPD"
|
||||
exec /usr/sbin/httpd -D FOREGROUND
|
||||
elif [ -f "/usr/bin/supervisord" ]; then
|
||||
echo "** Executing supervisord"
|
||||
exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
||||
else
|
||||
echo "Unknown instructions. Exiting..."
|
||||
exit 1
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
|
||||
RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
@ -78,26 +79,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
rm -f "/etc/httpd/conf.d/default.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/ssl.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/php.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/userdir.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/welcome.conf" && \
|
||||
rm -f /etc/php-fpm.d/www.conf && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/httpd/conf/httpd.conf" && \
|
||||
sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
find /etc/ -name '*.rpmnew' | xargs rm -f && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cut -d"'" -f 2 | sort | \
|
||||
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
@ -108,9 +109,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
findutils \
|
||||
glibc-locale-source
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit `
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
<IfModule !mpm_netware_module>
|
||||
PidFile "/tmp/httpd.pid"
|
||||
</IfModule>
|
||||
@ -0,0 +1,9 @@
|
||||
<IfModule mime_module>
|
||||
TypesConfig /etc/mime.types
|
||||
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
</IfModule>
|
||||
<IfModule mime_magic_module>
|
||||
MIMEMagicFile conf/magic
|
||||
</IfModule>
|
||||
@ -0,0 +1,75 @@
|
||||
ServerRoot /etc/httpd/
|
||||
ServerRoot /var/www
|
||||
DefaultRuntimeDir /tmp/httpd/
|
||||
PidFile /tmp/httpd.pid
|
||||
|
||||
ServerName 127.0.0.1
|
||||
|
||||
IncludeOptional /etc/httpd/includes.conf
|
||||
|
||||
Timeout 300
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 5
|
||||
|
||||
<IfModule unixd_module>
|
||||
User ${APACHE_RUN_USER}
|
||||
Group ${APACHE_RUN_GROUP}
|
||||
</IfModule>
|
||||
|
||||
HostnameLookups Off
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
|
||||
</IfModule>
|
||||
|
||||
ErrorLog /proc/self/fd/2
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule mpm_event_module>
|
||||
StartServers 2
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
ServerTokens ${APACHE_SERVER_TOKENS}
|
||||
|
||||
ServerSignature ${APACHE_SERVER_SIGNATURE}
|
||||
|
||||
TraceEnable Off
|
||||
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
<IfModule status_module>
|
||||
<Location /apache-status>
|
||||
SetHandler server-status
|
||||
Require local
|
||||
</Location>
|
||||
|
||||
ExtendedStatus On
|
||||
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
@ -0,0 +1,3 @@
|
||||
IncludeOptional /etc/httpd/modules.conf
|
||||
|
||||
IncludeOptional /etc/httpd/conf.d/*.conf
|
||||
@ -0,0 +1,24 @@
|
||||
LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
|
||||
LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
|
||||
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
|
||||
LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
|
||||
LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
|
||||
LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
|
||||
LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
|
||||
LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
|
||||
LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
|
||||
LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
|
||||
LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
|
||||
LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
|
||||
LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
|
||||
LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
|
||||
LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
|
||||
LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
|
||||
LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
|
||||
LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
|
||||
LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
|
||||
|
||||
LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
|
||||
LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
|
||||
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
|
||||
@ -1,10 +1,17 @@
|
||||
Listen 8080
|
||||
|
||||
<VirtualHost *:8080>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
@ -20,6 +27,18 @@
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -1,22 +1,26 @@
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
||||
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
|
||||
|
||||
Listen 8443
|
||||
|
||||
<VirtualHost *:8443>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# intermediate configuration
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProtocol -all +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
|
||||
@ -45,6 +49,18 @@ Listen 8443
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -20,11 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="apache"}
|
||||
: ${DAEMON_GROUP:="apache"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
|
||||
# Apache additional configuration files directory
|
||||
APACHE_SITES_DIR="/etc/httpd/conf.d"
|
||||
# Directory with SSL certificate files for Apache
|
||||
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -132,7 +140,12 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
APACHE_SITES_DIR=/etc/httpd/conf.d
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
export APACHE_RUN_USER=${DAEMON_USER}
|
||||
else
|
||||
export APACHE_RUN_USER=$(id -n -u)
|
||||
fi
|
||||
export APACHE_RUN_GROUP=${DAEMON_GROUP}
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
|
||||
@ -141,7 +154,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
|
||||
if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
|
||||
echo "** Adding Zabbix virtual host (HTTPS)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
|
||||
@ -151,12 +164,28 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
|
||||
fi
|
||||
|
||||
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
export APACHE_CUSTOM_LOG="/dev/null"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
export APACHE_SERVER_TOKENS="OS"
|
||||
export APACHE_SERVER_SIGNATURE="On"
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
|
||||
export APACHE_SERVER_TOKENS="Prod"
|
||||
export APACHE_SERVER_SIGNATURE="Off"
|
||||
fi
|
||||
|
||||
mkdir -p /tmp/httpd
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
@ -166,10 +195,10 @@ prepare_zbx_web_config() {
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
@ -210,45 +239,14 @@ prepare_zbx_web_config() {
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
@ -257,8 +255,9 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
COPY ["conf/etc/yum.repos.d/oracle-epel-ol8.repo", "/etc/yum.repos.d/oracle-epel-ol8.repo"]
|
||||
|
||||
@ -79,26 +80,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
rm -f "/etc/httpd/conf.d/default.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/ssl.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/autoindex.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/php.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/userdir.conf" && \
|
||||
rm -f "/etc/httpd/conf.d/welcome.conf" && \
|
||||
rm -f /etc/php-fpm.d/www.conf && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/httpd/conf/httpd.conf" && \
|
||||
sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
find /etc/ -name '*.rpmnew' | xargs rm -f && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cut -d"'" -f 2 | sort | \
|
||||
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
|
||||
@ -109,9 +110,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
findutils \
|
||||
glibc-locale-source
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
<IfModule !mpm_netware_module>
|
||||
PidFile "/tmp/httpd.pid"
|
||||
</IfModule>
|
||||
@ -0,0 +1,9 @@
|
||||
<IfModule mime_module>
|
||||
TypesConfig /etc/mime.types
|
||||
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
</IfModule>
|
||||
<IfModule mime_magic_module>
|
||||
MIMEMagicFile conf/magic
|
||||
</IfModule>
|
||||
@ -0,0 +1,75 @@
|
||||
ServerRoot /etc/httpd/
|
||||
ServerRoot /var/www
|
||||
DefaultRuntimeDir /tmp/httpd/
|
||||
PidFile /tmp/httpd.pid
|
||||
|
||||
ServerName 127.0.0.1
|
||||
|
||||
IncludeOptional /etc/httpd/includes.conf
|
||||
|
||||
Timeout 300
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 5
|
||||
|
||||
<IfModule unixd_module>
|
||||
User ${APACHE_RUN_USER}
|
||||
Group ${APACHE_RUN_GROUP}
|
||||
</IfModule>
|
||||
|
||||
HostnameLookups Off
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
|
||||
</IfModule>
|
||||
|
||||
ErrorLog /proc/self/fd/2
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule mpm_event_module>
|
||||
StartServers 2
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
ServerTokens ${APACHE_SERVER_TOKENS}
|
||||
|
||||
ServerSignature ${APACHE_SERVER_SIGNATURE}
|
||||
|
||||
TraceEnable Off
|
||||
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
<IfModule status_module>
|
||||
<Location /apache-status>
|
||||
SetHandler server-status
|
||||
Require local
|
||||
</Location>
|
||||
|
||||
ExtendedStatus On
|
||||
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
@ -0,0 +1,3 @@
|
||||
IncludeOptional /etc/httpd/modules.conf
|
||||
|
||||
IncludeOptional /etc/httpd/conf.d/*.conf
|
||||
24
Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf
Normal file
24
Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf
Normal file
@ -0,0 +1,24 @@
|
||||
LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
|
||||
LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
|
||||
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
|
||||
LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
|
||||
LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
|
||||
LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
|
||||
LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
|
||||
LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
|
||||
LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
|
||||
LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
|
||||
LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
|
||||
LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
|
||||
LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
|
||||
LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
|
||||
LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
|
||||
LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
|
||||
LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
|
||||
LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
|
||||
LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
|
||||
|
||||
LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
|
||||
LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
|
||||
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
|
||||
@ -1,10 +1,17 @@
|
||||
Listen 8080
|
||||
|
||||
<VirtualHost *:8080>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
@ -20,6 +27,18 @@
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -1,22 +1,26 @@
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
|
||||
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
|
||||
|
||||
Listen 8443
|
||||
|
||||
<VirtualHost *:8443>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# intermediate configuration
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProtocol -all +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
|
||||
@ -45,6 +49,18 @@ Listen 8443
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -20,11 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="apache"}
|
||||
: ${DAEMON_GROUP:="apache"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
|
||||
# Apache additional configuration files directory
|
||||
APACHE_SITES_DIR="/etc/httpd/conf.d"
|
||||
# Directory with SSL certificate files for Apache
|
||||
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -153,10 +161,53 @@ prepare_web_server() {
|
||||
fi
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
prepare_web_server() {
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
export APACHE_RUN_USER=${DAEMON_USER}
|
||||
else
|
||||
export APACHE_RUN_USER=$(id -n -u)
|
||||
fi
|
||||
export APACHE_RUN_GROUP=${DAEMON_GROUP}
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/apache.conf" "$APACHE_SITES_DIR/zabbix.conf"
|
||||
else
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
|
||||
echo "** Adding Zabbix virtual host (HTTPS)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
|
||||
else
|
||||
echo "**** Impossible to enable HTTPS virtual host"
|
||||
fi
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
|
||||
fi
|
||||
|
||||
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
export APACHE_CUSTOM_LOG="/dev/null"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
export APACHE_SERVER_TOKENS="OS"
|
||||
export APACHE_SERVER_SIGNATURE="On"
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
|
||||
export APACHE_SERVER_TOKENS="Prod"
|
||||
export APACHE_SERVER_SIGNATURE="Off"
|
||||
fi
|
||||
|
||||
mkdir -p /tmp/httpd
|
||||
}
|
||||
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
@ -166,10 +217,10 @@ prepare_zbx_web_config() {
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = zabbix" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
@ -210,45 +261,14 @@ prepare_zbx_web_config() {
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"$HTTPD_CONF_FILE"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
@ -257,8 +277,9 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
|
||||
RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
@ -35,11 +36,12 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
set -eux && \
|
||||
echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \
|
||||
INSTALL_PKGS="bash \
|
||||
apache2 \
|
||||
tzdata \
|
||||
curl \
|
||||
libapache2-mod-php \
|
||||
ca-certificates \
|
||||
apache2 \
|
||||
locales \
|
||||
libldap-common \
|
||||
php7.4-bcmath \
|
||||
php7.4-gd \
|
||||
php7.4-json \
|
||||
@ -47,9 +49,12 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
php7.4-mbstring \
|
||||
php7.4-xml \
|
||||
php7.4-pgsql \
|
||||
postgresql-client" && \
|
||||
postgresql-client \
|
||||
supervisor" && \
|
||||
apt-get -y update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y \
|
||||
-o Dpkg::Options::="--force-confdef" \
|
||||
-o Dpkg::Options::="--force-confold" \
|
||||
--no-install-recommends install \
|
||||
${INSTALL_PKGS} && \
|
||||
groupadd \
|
||||
@ -67,50 +72,45 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
|
||||
mkdir -p ${ZABBIX_CONF_DIR} && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web && \
|
||||
mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
|
||||
mkdir -p /var/lib/php/session && \
|
||||
find /etc/ -name '*.dpkg-dist' | xargs rm -f && \
|
||||
rm -f /etc/apache2/sites-available/* && \
|
||||
rm -f /etc/apache2/sites-enabled/* && \
|
||||
/usr/sbin/a2enmod ssl && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/apache2/apache2.conf" && \
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
|
||||
-e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
|
||||
"/etc/apache2/conf-available/other-vhosts-access-log.conf" && \
|
||||
sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf && \
|
||||
sed -i 's/Listen 443/Listen 8443/g' /etc/apache2/ports.conf && \
|
||||
sed -i 's|/var/run/apache2$SUFFIX|/tmp|g' /etc/apache2/envvars && \
|
||||
rm -f /var/run/apache2/apache2.pid && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
rm -f /etc/php/7.4/fpm/pool.d/www.conf && \
|
||||
rm -f /var/run/apache2/ && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
mkdir -p /var/lib/locales/supported.d/ && \
|
||||
rm -f /var/lib/locales/supported.d/local && \
|
||||
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cut -d"'" -f 2 | sort | \
|
||||
xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \
|
||||
dpkg-reconfigure locales && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/apache2/ /etc/php/7.4/ && \
|
||||
chgrp -R 0 /etc/apache2/ /etc/php/7.4/ && \
|
||||
chmod -R g=u /etc/apache2/ /etc/php/7.4/
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/apache2/ /etc/php/7.4/fpm/ && \
|
||||
chgrp -R 0 /etc/apache2/ /etc/php/7.4/fpm/ && \
|
||||
chmod -R g=u /etc/apache2/ /etc/php/7.4/fpm/ && \
|
||||
chown --quiet -R zabbix:root /var/lib/php/session/ && \
|
||||
chgrp -R 0 /var/lib/php/session/ && \
|
||||
chmod -R g=u /var/lib/php/session/
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
USER 1997
|
||||
|
||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||
|
||||
CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
|
||||
|
||||
@ -0,0 +1,75 @@
|
||||
ServerRoot /etc/apache2/
|
||||
ServerRoot /var/www
|
||||
DefaultRuntimeDir /tmp/apache2/
|
||||
PidFile /tmp/apache2.pid
|
||||
|
||||
ServerName 127.0.0.1
|
||||
|
||||
IncludeOptional /etc/apache2/includes.conf
|
||||
|
||||
Timeout 300
|
||||
KeepAlive On
|
||||
MaxKeepAliveRequests 100
|
||||
KeepAliveTimeout 5
|
||||
|
||||
<IfModule unixd_module>
|
||||
User ${APACHE_RUN_USER}
|
||||
Group ${APACHE_RUN_GROUP}
|
||||
</IfModule>
|
||||
|
||||
HostnameLookups Off
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
|
||||
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %O" common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
|
||||
CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
|
||||
</IfModule>
|
||||
|
||||
ErrorLog /proc/self/fd/2
|
||||
|
||||
LogLevel warn
|
||||
|
||||
<IfModule mpm_event_module>
|
||||
StartServers 2
|
||||
MinSpareThreads 25
|
||||
MaxSpareThreads 75
|
||||
ThreadLimit 64
|
||||
ThreadsPerChild 25
|
||||
MaxRequestWorkers 150
|
||||
MaxConnectionsPerChild 0
|
||||
</IfModule>
|
||||
|
||||
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
||||
<FilesMatch "^\.">
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
|
||||
ServerTokens ${APACHE_SERVER_TOKENS}
|
||||
|
||||
ServerSignature ${APACHE_SERVER_SIGNATURE}
|
||||
|
||||
TraceEnable Off
|
||||
|
||||
AddDefaultCharset UTF-8
|
||||
|
||||
<IfModule status_module>
|
||||
<Location /apache-status>
|
||||
SetHandler server-status
|
||||
Require local
|
||||
</Location>
|
||||
|
||||
ExtendedStatus On
|
||||
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyStatus On
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
@ -0,0 +1,8 @@
|
||||
IncludeOptional /etc/apache2/modules.conf
|
||||
|
||||
IncludeOptional mods-enabled/mime.conf
|
||||
IncludeOptional mods-enabled/negotiation.conf
|
||||
IncludeOptional mods-enabled/reqtimeout.conf
|
||||
IncludeOptional mods-enabled/setenvif.conf
|
||||
|
||||
IncludeOptional sites-enabled/*.conf
|
||||
@ -0,0 +1,21 @@
|
||||
LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
|
||||
LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
|
||||
LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
|
||||
LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
|
||||
LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
|
||||
LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
|
||||
LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
|
||||
LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
|
||||
LoadModule env_module /usr/lib/apache2/modules/mod_env.so
|
||||
LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
|
||||
LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
|
||||
LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
|
||||
LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
|
||||
LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
|
||||
LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
|
||||
LoadModule status_module /usr/lib/apache2/modules/mod_status.so
|
||||
|
||||
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
|
||||
LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
|
||||
LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
|
||||
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
|
||||
@ -1,10 +0,0 @@
|
||||
max_execution_time = ${ZBX_MAXEXECUTIONTIME}
|
||||
memory_limit = ${ZBX_MEMORYLIMIT}
|
||||
post_max_size = ${ZBX_POSTMAXSIZE}
|
||||
upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
|
||||
max_input_time = ${ZBX_MAXINPUTTIME}
|
||||
; always_populate_raw_post_data=-1
|
||||
max_input_vars = 10000
|
||||
date.timezone = ${PHP_TZ}
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
expose_php = ${EXPOSE_WEB_SERVER_INFO}
|
||||
@ -0,0 +1,10 @@
|
||||
include=/etc/php/7.4/fpm/pool.d/*.conf
|
||||
|
||||
[global]
|
||||
|
||||
pid = /tmp/php-fpm.pid
|
||||
|
||||
error_log = /dev/fd/2
|
||||
log_level = notice
|
||||
|
||||
daemonize = no
|
||||
@ -0,0 +1,36 @@
|
||||
[zabbix]
|
||||
|
||||
; https://www.php.net/manual/en/security.hiding.php
|
||||
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
|
||||
|
||||
listen = /tmp/php-fpm.sock
|
||||
|
||||
clear_env = no
|
||||
|
||||
pm = ${PHP_FPM_PM}
|
||||
pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
|
||||
pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
|
||||
pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
|
||||
pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
|
||||
pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
|
||||
|
||||
slowlog = /dev/fd/1
|
||||
|
||||
php_admin_value[error_log] = /dev/fd/2
|
||||
php_admin_flag[log_errors] = on
|
||||
catch_workers_output = yes
|
||||
|
||||
php_value[session.save_handler] = files
|
||||
php_value[session.save_path] = /var/lib/php/session
|
||||
|
||||
php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
|
||||
php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
|
||||
php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
|
||||
php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
|
||||
php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
|
||||
php_value[max_input_vars] = 10000
|
||||
php_value[date.timezone] = ${PHP_TZ}
|
||||
|
||||
; PHP-FPM monitoring
|
||||
pm.status_path = /status
|
||||
ping.path = /ping
|
||||
@ -0,0 +1,30 @@
|
||||
[supervisord]
|
||||
nodaemon = true
|
||||
|
||||
[program:apache2]
|
||||
command = /usr/sbin/%(program_name)s -D FOREGROUND
|
||||
auto_start = true
|
||||
autorestart = true
|
||||
|
||||
startsecs=2
|
||||
startretries=3
|
||||
stopsignal=TERM
|
||||
stopwaitsecs=2
|
||||
|
||||
redirect_stderr=true
|
||||
stdout_logfile = /dev/stdout
|
||||
stdout_logfile_maxbytes = 0
|
||||
|
||||
[program:php-fpm7.4]
|
||||
command = /usr/sbin/%(program_name)s -F -y /etc/php/7.4/fpm/php-fpm.conf
|
||||
auto_start = true
|
||||
autorestart = true
|
||||
|
||||
startsecs=2
|
||||
startretries=3
|
||||
stopsignal=TERM
|
||||
stopwaitsecs=2
|
||||
|
||||
redirect_stderr=true
|
||||
stdout_logfile = /dev/stdout
|
||||
stdout_logfile_maxbytes = 0
|
||||
@ -0,0 +1,35 @@
|
||||
; supervisor config file
|
||||
|
||||
[unix_http_server]
|
||||
file = /tmp/supervisor.sock ; (the path to the socket file)
|
||||
chmod = 0700 ; sockef file mode (default 0700)
|
||||
username = zbx
|
||||
password = password
|
||||
|
||||
[supervisord]
|
||||
logfile = /dev/stdout ; (main log file;default $CWD/supervisord.log)
|
||||
pidfile = /tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
|
||||
childlogdir = /tmp ; ('AUTO' child log dir, default $TEMP)
|
||||
critical = critical
|
||||
;user = zabbix
|
||||
logfile_maxbytes = 0
|
||||
logfile_backupcount = 0
|
||||
loglevel = info
|
||||
|
||||
; the below section must remain in the config file for RPC
|
||||
; (supervisorctl/web interface) to work, additional interfaces may be
|
||||
; added by defining them in separate rpcinterface: sections
|
||||
[rpcinterface:supervisor]
|
||||
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
|
||||
|
||||
[supervisorctl]
|
||||
serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
|
||||
|
||||
; The [include] section can just contain the "files" setting. This
|
||||
; setting can list multiple files (separated by whitespace or
|
||||
; newlines). It can also contain wildcards. The filenames are
|
||||
; interpreted as relative to this file. Included files *cannot*
|
||||
; include files themselves.
|
||||
|
||||
[include]
|
||||
files = /etc/supervisor/conf.d/*.conf
|
||||
@ -1,14 +1,44 @@
|
||||
Listen 8080
|
||||
|
||||
<VirtualHost *:8080>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</LocationMatch>
|
||||
|
||||
<Directory "/usr/share/zabbix">
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
|
||||
@ -1,22 +1,26 @@
|
||||
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
|
||||
LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
|
||||
|
||||
<IfModule mod_ssl.c>
|
||||
Listen 8443
|
||||
|
||||
<VirtualHost *:8443>
|
||||
DocumentRoot /usr/share/zabbix/
|
||||
|
||||
ServerName zabbix
|
||||
DirectoryIndex {HTTP_INDEX_FILE}
|
||||
|
||||
DirectoryIndex ${HTTP_INDEX_FILE}
|
||||
|
||||
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
|
||||
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# intermediate configuration
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProtocol -all +TLSv1.2 +TLSv1.3
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
|
||||
@ -30,10 +34,33 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
|
||||
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
|
||||
Header always set Strict-Transport-Security "max-age=63072000"
|
||||
|
||||
<LocationMatch "/(ping|status)">
|
||||
Order Allow,Deny
|
||||
Allow from all
|
||||
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</LocationMatch>
|
||||
|
||||
<Directory "/usr/share/zabbix">
|
||||
Options FollowSymLinks
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
|
||||
<FilesMatch \.(php|phar)$>
|
||||
SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
|
||||
</FilesMatch>
|
||||
|
||||
<filesMatch "\.(ico)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 year"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
|
||||
<filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 14 day"
|
||||
Header append Cache-Control "public"
|
||||
</filesMatch>
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/share/zabbix/conf">
|
||||
@ -84,4 +111,3 @@ LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
|
||||
</files>
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
</IfModule>
|
||||
|
||||
@ -20,11 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="www-data"}
|
||||
: ${DAEMON_GROUP:="www-data"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Apache main configuration file
|
||||
HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
|
||||
# Apache additional configuration files directory
|
||||
APACHE_SITES_DIR="/etc/apache2/sites-enabled"
|
||||
# Directory with SSL certificate files for Apache
|
||||
APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php/7.4/fpm/pool.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -132,7 +140,12 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
APACHE_SITES_DIR="/etc/apache2/sites-enabled"
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
export APACHE_RUN_USER=${DAEMON_USER}
|
||||
else
|
||||
export APACHE_RUN_USER=$(id -n -u)
|
||||
fi
|
||||
export APACHE_RUN_GROUP=${DAEMON_GROUP}
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
|
||||
@ -141,7 +154,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
|
||||
if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
|
||||
echo "** Adding Zabbix virtual host (HTTPS)"
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
|
||||
@ -151,14 +164,42 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
|
||||
fi
|
||||
|
||||
export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
export APACHE_CUSTOM_LOG="/proc/self/fd/1"
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
export APACHE_CUSTOM_LOG="/dev/null"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
export APACHE_SERVER_TOKENS="OS"
|
||||
export APACHE_SERVER_SIGNATURE="On"
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
|
||||
export APACHE_SERVER_TOKENS="Prod"
|
||||
export APACHE_SERVER_SIGNATURE="Off"
|
||||
fi
|
||||
|
||||
mkdir -p /tmp/httpd
|
||||
}
|
||||
|
||||
clear_deploy() {
|
||||
echo "** Cleaning the system"
|
||||
}
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
@ -198,48 +239,14 @@ prepare_zbx_web_config() {
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
: ${HTTP_INDEX_FILE:="index.php"}
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache.conf"
|
||||
|
||||
if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
|
||||
sed -i \
|
||||
-e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
|
||||
"$ZABBIX_CONF_DIR/apache_ssl.conf"
|
||||
fi
|
||||
|
||||
: ${ENABLE_WEB_ACCESS_LOG:="true"}
|
||||
|
||||
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"$HTTPD_CONF_FILE"
|
||||
sed -ri \
|
||||
-e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
|
||||
"/etc/apache2/conf-available/other-vhosts-access-log.conf"
|
||||
fi
|
||||
|
||||
: ${EXPOSE_WEB_SERVER_INFO:="on"}
|
||||
if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
else
|
||||
EXPOSE_WEB_SERVER_INFO="on"
|
||||
fi
|
||||
|
||||
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
|
||||
sed -i \
|
||||
-e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
|
||||
"$HTTPD_CONF_FILE"
|
||||
}
|
||||
|
||||
#################################################
|
||||
@ -248,17 +255,18 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
if [ "$1" != "" ]; then
|
||||
echo "** Executing '$@'"
|
||||
exec "$@"
|
||||
elif [ -f "/usr/sbin/httpd" ]; then
|
||||
echo "** Executing HTTPD"
|
||||
exec /usr/sbin/httpd -D FOREGROUND
|
||||
elif [ -f "/usr/bin/supervisord" ]; then
|
||||
echo "** Executing supervisord"
|
||||
exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
||||
else
|
||||
echo "Unknown instructions. Exiting..."
|
||||
exit 1
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
|
||||
RUN set -eux && \
|
||||
@ -83,17 +84,17 @@ RUN set -eux && \
|
||||
rm -f /etc/nginx/http.d/*.conf && \
|
||||
ln -sf /dev/stdout /var/log/nginx/access.log && \
|
||||
ln -sf /dev/stderr /var/log/nginx/error.log && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
|
||||
chgrp -R 0 /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
|
||||
chmod -R g=u /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \
|
||||
@ -101,9 +102,12 @@ RUN set -eux && \
|
||||
chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \
|
||||
chmod -R g=u /var/lib/php/session/ /var/lib/nginx/
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
|
||||
@ -5,5 +5,6 @@ include=/etc/php7/php-fpm.d/*.conf
|
||||
pid = /tmp/php-fpm.pid
|
||||
|
||||
error_log = /dev/fd/2
|
||||
log_level = notice
|
||||
|
||||
daemonize = no
|
||||
|
||||
@ -46,8 +46,17 @@ server {
|
||||
return 404;
|
||||
}
|
||||
|
||||
location = /nginx-status {
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
allow ::1;
|
||||
deny all;
|
||||
stub_status;
|
||||
}
|
||||
|
||||
location ~ ^/(status|ping)$ {
|
||||
access_log off;
|
||||
|
||||
fastcgi_pass unix:/tmp/php-fpm.sock;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;
|
||||
|
||||
@ -20,14 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="nginx"}
|
||||
: ${DAEMON_GROUP:="nginx"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Nginx main configuration file
|
||||
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
|
||||
# Nginx virtual hosts configuration directory
|
||||
NGINX_CONFD_DIR="/etc/nginx/http.d"
|
||||
# Directory with SSL certificate files for Nginx
|
||||
NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -136,12 +141,15 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
NGINX_CONFD_DIR="/etc/nginx/http.d"
|
||||
NGINX_SSL_CONFIG="/etc/ssl/nginx"
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
|
||||
fi
|
||||
|
||||
if [ ! -f "/proc/net/if_inet6" ]; then
|
||||
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
|
||||
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
|
||||
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
@ -151,7 +159,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
|
||||
if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
|
||||
echo "** Enable SSL support for Nginx"
|
||||
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
|
||||
@ -161,73 +169,6 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
|
||||
fi
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php7/php-fpm.d/zabbix.conf"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
|
||||
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
export ZBX_GUI_ACCESS_IP_RANGE=${ZBX_GUI_ACCESS_IP_RANGE:-"['127.0.0.1']"}
|
||||
export ZBX_GUI_WARNING_MSG=${ZBX_GUI_WARNING_MSG:-"Zabbix is under maintenance."}
|
||||
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ}
|
||||
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
: ${ZBX_DB_ENCRYPTION:="false"}
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION,,}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
: ${ZBX_DB_VERIFY_HOST:="false"}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
|
||||
|
||||
: ${DB_DOUBLE_IEEE754:="true"}
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
|
||||
sed -i \
|
||||
@ -273,14 +214,80 @@ prepare_zbx_web_config() {
|
||||
"$NGINX_CONF_FILE"
|
||||
}
|
||||
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
export ZBX_GUI_ACCESS_IP_RANGE=${ZBX_GUI_ACCESS_IP_RANGE:-"['127.0.0.1']"}
|
||||
export ZBX_GUI_WARNING_MSG=${ZBX_GUI_WARNING_MSG:-"Zabbix is under maintenance."}
|
||||
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ}
|
||||
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
: ${ZBX_DB_ENCRYPTION:="false"}
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION,,}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
: ${ZBX_DB_VERIFY_HOST:="false"}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
|
||||
|
||||
: ${DB_DOUBLE_IEEE754:="true"}
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
||||
echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
|
||||
RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
@ -79,20 +80,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
rm -f /etc/php-fpm.d/www.conf && \
|
||||
ln -sf /dev/stdout /var/log/nginx/access.log && \
|
||||
ln -sf /dev/stderr /var/log/nginx/error.log && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cut -d"'" -f 2 | sort | \
|
||||
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
@ -103,9 +104,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
findutils \
|
||||
glibc-locale-source
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
|
||||
@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
|
||||
pid = /tmp/php-fpm.pid
|
||||
|
||||
error_log = /dev/fd/2
|
||||
log_level = notice
|
||||
|
||||
daemonize = no
|
||||
|
||||
@ -46,8 +46,17 @@ server {
|
||||
return 404;
|
||||
}
|
||||
|
||||
location = /nginx-status {
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
allow ::1;
|
||||
deny all;
|
||||
stub_status;
|
||||
}
|
||||
|
||||
location ~ ^/(status|ping)$ {
|
||||
access_log off;
|
||||
|
||||
fastcgi_pass unix:/tmp/php-fpm.sock;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;
|
||||
|
||||
@ -20,14 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="nginx"}
|
||||
: ${DAEMON_GROUP:="nginx"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Nginx main configuration file
|
||||
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
|
||||
# Nginx virtual hosts configuration directory
|
||||
NGINX_CONFD_DIR="/etc/nginx/conf.d"
|
||||
# Directory with SSL certificate files for Nginx
|
||||
NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -136,12 +141,15 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
NGINX_CONFD_DIR="/etc/nginx/conf.d"
|
||||
NGINX_SSL_CONFIG="/etc/ssl/nginx"
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
|
||||
fi
|
||||
|
||||
if [ ! -f "/proc/net/if_inet6" ]; then
|
||||
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
|
||||
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
|
||||
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
@ -151,7 +159,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
|
||||
if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
|
||||
echo "** Enable SSL support for Nginx"
|
||||
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
|
||||
@ -161,73 +169,6 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
|
||||
fi
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
|
||||
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
export ZBX_GUI_ACCESS_IP_RANGE=${ZBX_GUI_ACCESS_IP_RANGE:-"['127.0.0.1']"}
|
||||
export ZBX_GUI_WARNING_MSG=${ZBX_GUI_WARNING_MSG:-"Zabbix is under maintenance."}
|
||||
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ}
|
||||
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
: ${ZBX_DB_ENCRYPTION:="false"}
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION,,}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
: ${ZBX_DB_VERIFY_HOST:="false"}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
|
||||
|
||||
: ${DB_DOUBLE_IEEE754:="true"}
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
|
||||
sed -i \
|
||||
@ -273,14 +214,80 @@ prepare_zbx_web_config() {
|
||||
"$NGINX_CONF_FILE"
|
||||
}
|
||||
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
export ZBX_GUI_ACCESS_IP_RANGE=${ZBX_GUI_ACCESS_IP_RANGE:-"['127.0.0.1']"}
|
||||
export ZBX_GUI_WARNING_MSG=${ZBX_GUI_WARNING_MSG:-"Zabbix is under maintenance."}
|
||||
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ}
|
||||
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
: ${ZBX_DB_ENCRYPTION:="false"}
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION,,}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
: ${ZBX_DB_VERIFY_HOST:="false"}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
|
||||
|
||||
: ${DB_DOUBLE_IEEE754:="true"}
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
||||
echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
|
||||
@ -13,7 +13,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
|
||||
|
||||
ENV TERM=xterm \
|
||||
ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
|
||||
ZABBIX_CONF_DIR="/etc/zabbix"
|
||||
ZABBIX_CONF_DIR="/etc/zabbix" \
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
|
||||
LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
|
||||
org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
|
||||
@ -27,7 +28,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
|
||||
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
|
||||
COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
|
||||
COPY ["conf/etc/", "/etc/"]
|
||||
COPY ["conf/etc/yum.repos.d/oracle-epel-ol8.repo", "/etc/yum.repos.d/oracle-epel-ol8.repo"]
|
||||
|
||||
@ -81,20 +82,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
rm -f /etc/php-fpm.d/www.conf && \
|
||||
ln -sf /dev/stdout /var/log/nginx/access.log && \
|
||||
ln -sf /dev/stderr /var/log/nginx/error.log && \
|
||||
cd /usr/share/zabbix/ && \
|
||||
cd ${ZABBIX_WWW_ROOT}/ && \
|
||||
rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
|
||||
rm -rf tests && \
|
||||
rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
|
||||
find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
|
||||
find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
|
||||
cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
|
||||
find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
|
||||
ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
|
||||
cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
|
||||
cut -d"'" -f 2 | sort | \
|
||||
xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
|
||||
chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
|
||||
chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
|
||||
@ -105,9 +106,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
|
||||
findutils \
|
||||
glibc-locale-source
|
||||
|
||||
HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
|
||||
CMD curl -f http://localhost:8080/ping || exit 1
|
||||
|
||||
EXPOSE 8080/TCP 8443/TCP
|
||||
|
||||
WORKDIR /usr/share/zabbix
|
||||
WORKDIR ${ZABBIX_WWW_ROOT}
|
||||
|
||||
COPY ["docker-entrypoint.sh", "/usr/bin/"]
|
||||
|
||||
|
||||
@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
|
||||
pid = /tmp/php-fpm.pid
|
||||
|
||||
error_log = /dev/fd/2
|
||||
log_level = notice
|
||||
|
||||
daemonize = no
|
||||
|
||||
@ -46,8 +46,17 @@ server {
|
||||
return 404;
|
||||
}
|
||||
|
||||
location = /nginx-status {
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
allow ::1;
|
||||
deny all;
|
||||
stub_status;
|
||||
}
|
||||
|
||||
location ~ ^/(status|ping)$ {
|
||||
access_log off;
|
||||
|
||||
fastcgi_pass unix:/tmp/php-fpm.sock;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;
|
||||
|
||||
@ -20,14 +20,19 @@ fi
|
||||
# Default timezone for web interface
|
||||
: ${PHP_TZ:="Europe/Riga"}
|
||||
|
||||
# Default user
|
||||
# Default user settings
|
||||
: ${DAEMON_USER:="nginx"}
|
||||
: ${DAEMON_GROUP:="nginx"}
|
||||
|
||||
# Default directories
|
||||
# Web interface www-root directory
|
||||
ZABBIX_WWW_ROOT="/usr/share/zabbix"
|
||||
# Nginx main configuration file
|
||||
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
|
||||
# Nginx virtual hosts configuration directory
|
||||
NGINX_CONFD_DIR="/etc/nginx/conf.d"
|
||||
# Directory with SSL certificate files for Nginx
|
||||
NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
|
||||
# PHP-FPM configuration file
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
|
||||
@ -136,12 +141,15 @@ check_db_connect() {
|
||||
}
|
||||
|
||||
prepare_web_server() {
|
||||
NGINX_CONFD_DIR="/etc/nginx/conf.d"
|
||||
NGINX_SSL_CONFIG="/etc/ssl/nginx"
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
|
||||
fi
|
||||
|
||||
if [ ! -f "/proc/net/if_inet6" ]; then
|
||||
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
|
||||
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
|
||||
sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
|
||||
fi
|
||||
|
||||
echo "** Adding Zabbix virtual host (HTTP)"
|
||||
@ -151,7 +159,7 @@ prepare_web_server() {
|
||||
echo "**** Impossible to enable HTTP virtual host"
|
||||
fi
|
||||
|
||||
if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
|
||||
if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
|
||||
echo "** Enable SSL support for Nginx"
|
||||
if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
|
||||
ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
|
||||
@ -161,73 +169,6 @@ prepare_web_server() {
|
||||
else
|
||||
echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
|
||||
fi
|
||||
}
|
||||
|
||||
prepare_zbx_web_config() {
|
||||
echo "** Preparing Zabbix frontend configuration file"
|
||||
|
||||
PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
|
||||
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
export ZBX_GUI_ACCESS_IP_RANGE=${ZBX_GUI_ACCESS_IP_RANGE:-"['127.0.0.1']"}
|
||||
export ZBX_GUI_WARNING_MSG=${ZBX_GUI_WARNING_MSG:-"Zabbix is under maintenance."}
|
||||
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ}
|
||||
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
: ${ZBX_DB_ENCRYPTION:="false"}
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION,,}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
: ${ZBX_DB_VERIFY_HOST:="false"}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
|
||||
|
||||
: ${DB_DOUBLE_IEEE754:="true"}
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
|
||||
FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
|
||||
sed -i \
|
||||
@ -273,14 +214,80 @@ prepare_zbx_web_config() {
|
||||
"$NGINX_CONF_FILE"
|
||||
}
|
||||
|
||||
prepare_zbx_php_config() {
|
||||
echo "** Preparing PHP configuration"
|
||||
|
||||
export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
|
||||
export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
|
||||
export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
|
||||
export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
|
||||
export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
|
||||
|
||||
if [ "$(id -u)" == '0' ]; then
|
||||
echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
|
||||
echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
: ${ZBX_DENY_GUI_ACCESS:="false"}
|
||||
export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
|
||||
export ZBX_GUI_ACCESS_IP_RANGE=${ZBX_GUI_ACCESS_IP_RANGE:-"['127.0.0.1']"}
|
||||
export ZBX_GUI_WARNING_MSG=${ZBX_GUI_WARNING_MSG:-"Zabbix is under maintenance."}
|
||||
|
||||
export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"}
|
||||
export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"}
|
||||
export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"}
|
||||
export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"}
|
||||
export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"}
|
||||
export PHP_TZ=${PHP_TZ}
|
||||
|
||||
export DB_SERVER_TYPE="MYSQL"
|
||||
export DB_SERVER_HOST=${DB_SERVER_HOST}
|
||||
export DB_SERVER_PORT=${DB_SERVER_PORT}
|
||||
export DB_SERVER_DBNAME=${DB_SERVER_DBNAME}
|
||||
export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA}
|
||||
export DB_SERVER_USER=${DB_SERVER_ZBX_USER}
|
||||
export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS}
|
||||
export ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
|
||||
export ZBX_SERVER_PORT=${ZBX_SERVER_PORT}
|
||||
export ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
|
||||
|
||||
: ${ZBX_DB_ENCRYPTION:="false"}
|
||||
export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION,,}
|
||||
export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE}
|
||||
export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE}
|
||||
export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE}
|
||||
: ${ZBX_DB_VERIFY_HOST:="false"}
|
||||
export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,}
|
||||
|
||||
: ${DB_DOUBLE_IEEE754:="true"}
|
||||
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
|
||||
|
||||
export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL}
|
||||
export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"}
|
||||
|
||||
export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""}
|
||||
}
|
||||
|
||||
prepare_zbx_config() {
|
||||
if [ -n "${ZBX_SESSION_NAME}" ]; then
|
||||
cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
|
||||
sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
|
||||
rm -f "/tmp/defines.inc.php_tmp"
|
||||
fi
|
||||
}
|
||||
|
||||
#################################################
|
||||
|
||||
echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
|
||||
|
||||
check_variables
|
||||
check_db_connect
|
||||
prepare_zbx_php_config
|
||||
prepare_web_server
|
||||
prepare_zbx_web_config
|
||||
prepare_zbx_config
|
||||
|
||||
echo "########################################################"
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user