Added tzdata package to Zabbix components

agent/alpine/Dockerfile

@@ -24,6 +24,7 @@ RUN set -eux && \
     apk add --no-cache --clean-protected \
             tini \
             bash \
+            tzdata \
             coreutils \
             iputils \
             pcre \

agent/centos/Dockerfile

@@ -25,6 +25,7 @@ RUN set -eux && \
     dnf --quiet makecache && \
     dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \
             libcurl-minimal \
+            tzdata \
             openssl-libs && \
     curl -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" -o /sbin/tini && \
     curl -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc" -o /tmp/tini.asc && \
@@ -38,7 +39,7 @@ RUN set -eux && \
         gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
     done && \
     gpg --batch --verify /tmp/tini.asc /sbin/tini && \
-    rm -r "$GNUPGHOME" /tmp/tini.asc && \
+    rm -rf "$GNUPGHOME" /tmp/tini.asc && \
     chmod +x /sbin/tini && \
     dnf -y clean all && \
     rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \

agent/ubuntu/Dockerfile

@@ -26,6 +26,7 @@ RUN set -eux && \
     apt-get -y update && \
     DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
             tini \
+            tzdata \
             ca-certificates \
             libssl1.1 \
             libcurl4 \

kubernetes.yaml

@@ -458,6 +458,9 @@ metadata:
     tier: agent
   namespace: zabbix
 spec:
+  selector:
+   matchLabels:
+    name: zabbix-agent
   updateStrategy:
    type: RollingUpdate
    rollingUpdate:

proxy-mysql/centos/Dockerfile

@@ -56,7 +56,7 @@ RUN set -eux && \
         gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
     done && \
     gpg --batch --verify /tmp/tini.asc /sbin/tini && \
-    rm -r "$GNUPGHOME" /tmp/tini.asc && \
+    rm -rf "$GNUPGHOME" /tmp/tini.asc && \
     chmod +x /sbin/tini && \
     dnf -y clean all && \
     rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \

proxy-sqlite3/centos/Dockerfile

@@ -55,7 +55,7 @@ RUN set -eux && \
         gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
     done && \
     gpg --batch --verify /tmp/tini.asc /sbin/tini && \
-    rm -r "$GNUPGHOME" /tmp/tini.asc && \
+    rm -rf "$GNUPGHOME" /tmp/tini.asc && \
     chmod +x /sbin/tini && \
     dnf -y clean all && \
     rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \

server-mysql/alpine/Dockerfile

@@ -36,6 +36,7 @@ RUN set -eux && \
             tini \
             bash \
             fping \
+            tzdata \
             iputils \
             libcurl \
             libevent \

server-mysql/centos/Dockerfile

@@ -35,6 +35,7 @@ RUN set -eux && \
     dnf --quiet makecache && \
     dnf -y install --setopt=tsflags=nodocs http://repo.zabbix.com/non-supported/rhel/8/x86_64/fping-3.16-1.el8.x86_64.rpm && \
     dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \
+            tzdata \
             iputils \
             traceroute \
             libcurl-minimal \
@@ -60,7 +61,7 @@ RUN set -eux && \
         gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
     done && \
     gpg --batch --verify /tmp/tini.asc /sbin/tini && \
-    rm -r "$GNUPGHOME" /tmp/tini.asc && \
+    rm -rf "$GNUPGHOME" /tmp/tini.asc && \
     chmod +x /sbin/tini && \
     dnf -y clean all && \
     rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \

server-mysql/ubuntu/Dockerfile

@@ -36,6 +36,7 @@ RUN set -eux && \
     apt-get -y update && \
     DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
             tini \
+            tzdata \
             ca-certificates \
             iputils-ping \
             traceroute \

server-pgsql/alpine/Dockerfile

@@ -36,6 +36,7 @@ RUN set -eux && \
             tini \
             bash \
             fping \
+            tzdata \
             iputils \
             libcurl \
             libevent \

server-pgsql/centos/Dockerfile

@@ -36,6 +36,7 @@ RUN set -eux && \
     dnf -y install --setopt=tsflags=nodocs https://repo.zabbix.com/non-supported/rhel/8/x86_64/fping-3.16-1.el8.x86_64.rpm && \
     dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \
             iputils \
+            tzdata \
             traceroute \
             libcurl-minimal \
             libevent \
@@ -61,7 +62,7 @@ RUN set -eux && \
         gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
     done && \
     gpg --batch --verify /tmp/tini.asc /sbin/tini && \
-    rm -r "$GNUPGHOME" /tmp/tini.asc && \
+    rm -rf "$GNUPGHOME" /tmp/tini.asc && \
     chmod +x /sbin/tini && \
     dnf -y clean all && \
     rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \

server-pgsql/ubuntu/Dockerfile

@@ -36,6 +36,7 @@ RUN set -eux && \
     apt-get -y update && \
     DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
             tini \
+            tzdata \
             ca-certificates \
             iputils-ping \
             traceroute \

snmptraps/alpine/Dockerfile

@@ -30,6 +30,7 @@ RUN set -eux && \
         zabbix && \
     apk update && \
     apk add --clean-protected --no-cache \
+            tzdata \
             net-snmp \
             supervisor && \
     apk add --no-cache --virtual build-dependencies \

snmptraps/centos/Dockerfile

@@ -30,6 +30,7 @@ RUN set -eux && \
     yum --quiet makecache && \
     yum -y install epel-release && \
     yum -y install --setopt=tsflags=nodocs \
+            tzdata \
             net-snmp \
             supervisor && \
     yum -y install --setopt=tsflags=nodocs \

snmptraps/ubuntu/Dockerfile

@@ -32,6 +32,7 @@ RUN set -eux && \
         zabbix && \
     apt-get -y update && \
     DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \
+            tzdata \
             snmp-mibs-downloader \
             snmptrapd \
             supervisor && \

web-apache-mysql/alpine/README.md

@@ -166,6 +166,30 @@ The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
+### `ZBX_DB_CIPHER_LIST`
+
+The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/apache2``

web-apache-mysql/centos/README.md

@@ -166,6 +166,30 @@ The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
+### `ZBX_DB_CIPHER_LIST`
+
+The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/apache2``

web-apache-mysql/ubuntu/README.md

@@ -166,6 +166,30 @@ The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
+### `ZBX_DB_CIPHER_LIST`
+
+The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/apache2``

web-apache-mysql/ubuntu/docker-entrypoint.sh

@@ -254,6 +254,10 @@ prepare_zbx_web_config() {
     ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
     ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
 
+    ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
+    ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
+    ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
+
     sed -i \
         -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
         -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \

web-apache-pgsql/alpine/README.md

@@ -161,9 +161,29 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`.
 The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 ### `ZBX_SESSION_NAME`
-                                                                                               
+
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/apache2``

web-apache-pgsql/centos/README.md

@@ -161,9 +161,29 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`.
 The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 ### `ZBX_SESSION_NAME`
-                                                                                               
+
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/apache2``

web-apache-pgsql/ubuntu/README.md

@@ -161,9 +161,29 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`.
 The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 ### `ZBX_SESSION_NAME`
-                                                                                               
+
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/apache2``

web-apache-pgsql/ubuntu/docker-entrypoint.sh

@@ -250,6 +250,10 @@ prepare_zbx_web_config() {
     ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
     ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
 
+    ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
+    ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
+    ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
+
     sed -i \
         -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
         -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \

web-nginx-mysql/alpine/README.md

@@ -164,14 +164,38 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`.
 The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 ### `ZBX_SESSION_NAME`
-                                                                                               
+
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
+### `ZBX_DB_CIPHER_LIST`
+
+The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/nginx``
 
-The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
+The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
 
 Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
 

web-nginx-mysql/centos/README.md

@@ -163,15 +163,41 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`.
 
 The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
+<<<<<<< HEAD
 ### `ZBX_SESSION_NAME`
                                                                                                
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
+=======
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
+### `ZBX_DB_CIPHER_LIST`
+
+The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
+>>>>>>> master
 
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/nginx``
 
-The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
+The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
 
 Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
 

web-nginx-mysql/ubuntu/README.md

@@ -163,15 +163,41 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`.
 
 The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
+<<<<<<< HEAD
 ### `ZBX_SESSION_NAME`
                                                                                                
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
+=======
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
+### `ZBX_DB_CIPHER_LIST`
+
+The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0.
+>>>>>>> master
 
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/nginx``
 
-The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
+The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
 
 Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
 

web-nginx-mysql/ubuntu/docker-entrypoint.sh

@@ -281,6 +281,10 @@ prepare_zbx_web_config() {
     ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
     ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
 
+    ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
+    ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
+    ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
+
     sed -i \
         -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
         -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \

web-nginx-pgsql/alpine/README.md

@@ -161,14 +161,34 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`.
 The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 ### `ZBX_SESSION_NAME`
-                                                                                               
+
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/nginx``
 
-The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
+The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
 
 Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
 

web-nginx-pgsql/centos/README.md

@@ -161,14 +161,34 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`.
 The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 ### `ZBX_SESSION_NAME`
-                                                                                               
+
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/nginx``
 
-The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
+The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
 
 Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
 

web-nginx-pgsql/ubuntu/README.md

@@ -161,14 +161,34 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`.
 The varable is PHP ``max_input_time`` option. By default, value is `300`.
 
 ### `ZBX_SESSION_NAME`
-                                                                                               
+
 The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`.
 
+### `ZBX_DB_ENCRYPTION`
+
+The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default.
+
+### `ZBX_DB_KEY_FILE`
+
+The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0.
+
+### `ZBX_DB_CERT_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0.
+
+### `ZBX_DB_CA_FILE`
+
+The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0.
+
+### `ZBX_DB_VERIFY_HOST`
+
+The variable allows to activate host verification. Available since 5.0.0.
+
 ## Allowed volumes for the Zabbix web interface container
 
 ### ``/etc/ssl/nginx``
 
-The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
+The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections.
 
 Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files.
 

web-nginx-pgsql/ubuntu/docker-entrypoint.sh

@@ -271,6 +271,10 @@ prepare_zbx_web_config() {
     ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
     ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
 
+    ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}")
+    ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}")
+    ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}")
+
     sed -i \
         -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \
         -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \