extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2024-11-25 01:04:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1182 from zabbix/security_patches

Browse Source 
Security patches
This commit is contained in:
Alexey Pustovalov 2024-02-16 14:19:02 +09:00 committed by Alexey Pustovalov
parent 2db7c83d92
commit 8466fff198
34 changed files with 1088 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfiles/build-mysql/alpine/Dockerfile
View File

@ -72,7 +72,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-mysql/centos/Dockerfile
View File

@ -72,7 +72,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-mysql/ol/Dockerfile
View File

@ -72,7 +72,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-mysql/rhel/Dockerfile
View File

@ -82,7 +82,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-mysql/ubuntu/Dockerfile
View File

@ -72,7 +72,7 @@ RUN set -eux && \
gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
rm -rf database/mysql/create.sql && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-pgsql/alpine/Dockerfile
View File

@ -72,7 +72,7 @@ RUN set -eux && \
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
rm -rf database/postgresql/create.sql && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-pgsql/centos/Dockerfile
View File

@ -72,7 +72,7 @@ RUN set -eux && \
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
rm -rf database/postgresql/create.sql && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-pgsql/ol/Dockerfile
View File

@ -72,7 +72,7 @@ RUN set -eux && \
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
rm -rf database/postgresql/create.sql && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-pgsql/ubuntu/Dockerfile
View File

@ -72,7 +72,7 @@ RUN set -eux && \
gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
rm -rf database/postgresql/create.sql && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-sqlite3/alpine/Dockerfile
View File

@ -58,7 +58,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-sqlite3/centos/Dockerfile
View File

@ -58,7 +58,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-sqlite3/ol/Dockerfile
View File

@ -58,7 +58,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-sqlite3/rhel/Dockerfile
View File

@ -68,7 +68,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

2
Dockerfiles/build-sqlite3/ubuntu/Dockerfile
View File

@ -58,7 +58,7 @@ RUN set -eux && \
make -j"$(nproc)" -s dbschema && \
make -j"$(nproc)" -s && \
mkdir /tmp/fonts/ && \
curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

82
Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

2
Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo
View File

@ -1,6 +1,6 @@
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
baseurl=https://nginx.org/packages/rhel/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key

82
Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

2
Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
View File

@ -59,7 +59,7 @@ RUN set -eux && \
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \
DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \
echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
> /etc/apt/preferences.d/99nginx && \
gpgconf --kill all && \

82
Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

82
Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

2
Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
View File

@ -59,7 +59,7 @@ RUN set -eux && \
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \
DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \
echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
> /etc/apt/preferences.d/99nginx && \
gpgconf --kill all && \

82
Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,30 +19,48 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
$DB['VAULT'] = getenv('ZBX_VAULT');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
}
elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
$DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
}
else {
$DB['VAULT_CERT_FILE'] = '';
}
if (file_exists('/etc/zabbix/web/certs/vault.key')) {
$DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
}
elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
$DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
}
else {
$DB['VAULT_KEY_FILE'] = '';
}
$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();