Added EXPOSE_WEB_SERVER_INFO variable to control web server / php versions expose

This commit is contained in:
Alexey Pustovalov
2024-02-06 17:54:37 +09:00
parent 58f68d6494
commit 8dc8d284c6
45 changed files with 298 additions and 40 deletions

View File

@ -135,12 +135,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av
### `ENABLE_WEB_ACCESS_LOG`
The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output.
The variable sets the Access Log directive for Web server. By default, value corresponds to standard output.
### `HTTP_INDEX_FILE`
The variable controls default index page. By default, `index.php`.
### `EXPOSE_WEB_SERVER_INFO`
The variable allows to hide Web server and PHP versions. By default, `on`.
### `ZBX_MAXEXECUTIONTIME`
The varable is PHP ``max_execution_time`` option. By default, value is `300`.

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/http.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -214,7 +216,7 @@ prepare_zbx_web_config() {
export VAULT_TOKEN=${VAULT_TOKEN}
export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE}
export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE}
: ${DB_DOUBLE_IEEE754:="true"}
export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,}
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################

View File

@ -65,7 +65,7 @@ http {
ignore_invalid_headers on;
index index.php;
server_tokens off;
server_tokens {EXPOSE_WEB_SERVER_INFO};
include /etc/nginx/conf.d/*.conf;
}

View File

@ -1,5 +1,8 @@
[zabbix]
; https://www.php.net/manual/en/security.hiding.php
php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
listen = /tmp/php-fpm.sock
clear_env = no

View File

@ -23,6 +23,8 @@ fi
ZABBIX_ETC_DIR="/etc/zabbix"
# Web interface www-root directory
ZABBIX_WWW_ROOT="/usr/share/zabbix"
# Nginx main configuration file
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@ -257,14 +259,23 @@ prepare_zbx_web_config() {
if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/nginx/nginx.conf"
"$NGINX_CONF_FILE"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx.conf"
"$ZABBIX_ETC_DIR/nginx.conf"
sed -ri \
-e 's!^(\s*access_log).+\;!\1 off\;!g' \
"/etc/zabbix/nginx_ssl.conf"
"$ZABBIX_ETC_DIR/nginx_ssl.conf"
fi
: ${EXPOSE_WEB_SERVER_INFO:="on"}
[[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
sed -i \
-e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
"$NGINX_CONF_FILE"
}
#################################################