Merge pull request #1182 from zabbix/security_patches

Security patches

Dockerfiles/build-mysql/alpine/Dockerfile

@@ -73,7 +73,7 @@ RUN set -eux && \
     gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
     rm -rf database/mysql/create.sql && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-mysql/centos/Dockerfile

@@ -73,7 +73,7 @@ RUN set -eux && \
     gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
     rm -rf database/mysql/create.sql && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-mysql/ol/Dockerfile

@@ -73,7 +73,7 @@ RUN set -eux && \
     gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
     rm -rf database/mysql/create.sql && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-mysql/rhel/Dockerfile

@@ -83,7 +83,7 @@ RUN set -eux && \
     gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
     rm -rf database/mysql/create.sql && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-mysql/ubuntu/Dockerfile

@@ -73,7 +73,7 @@ RUN set -eux && \
     gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \
     rm -rf database/mysql/create.sql && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-pgsql/alpine/Dockerfile

@@ -73,7 +73,7 @@ RUN set -eux && \
     gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
     rm -rf database/postgresql/create.sql && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-pgsql/centos/Dockerfile

@@ -73,7 +73,7 @@ RUN set -eux && \
     gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
     rm -rf database/postgresql/create.sql && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-pgsql/ol/Dockerfile

@@ -73,7 +73,7 @@ RUN set -eux && \
     gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
     rm -rf database/postgresql/create.sql && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-pgsql/ubuntu/Dockerfile

@@ -73,7 +73,7 @@ RUN set -eux && \
     gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \
     rm -rf database/postgresql/create.sql && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-sqlite3/alpine/Dockerfile

@@ -59,7 +59,7 @@ RUN set -eux && \
     make -j"$(nproc)" -s dbschema && \
     make -j"$(nproc)" -s && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-sqlite3/centos/Dockerfile

@@ -59,7 +59,7 @@ RUN set -eux && \
     make -j"$(nproc)" -s dbschema && \
     make -j"$(nproc)" -s && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-sqlite3/ol/Dockerfile

@@ -59,7 +59,7 @@ RUN set -eux && \
     make -j"$(nproc)" -s dbschema && \
     make -j"$(nproc)" -s && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-sqlite3/rhel/Dockerfile

@@ -69,7 +69,7 @@ RUN set -eux && \
     make -j"$(nproc)" -s dbschema && \
     make -j"$(nproc)" -s && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/build-sqlite3/ubuntu/Dockerfile

@@ -59,7 +59,7 @@ RUN set -eux && \
     make -j"$(nproc)" -s dbschema && \
     make -j"$(nproc)" -s && \
     mkdir /tmp/fonts/ && \
-    curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
+    curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \
     unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \
     cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \
     cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \

Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo

@@ -1,6 +1,6 @@
 [nginx-stable]
 name=nginx stable repo
-baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
+baseurl=https://nginx.org/packages/rhel/$releasever/$basearch/
 gpgcheck=1
 enabled=0
 gpgkey=https://nginx.org/keys/nginx_signing.key

Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile

@@ -59,7 +59,7 @@ RUN set -eux && \
     curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
     gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \
     DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \
-    echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
+    echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
     echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
         > /etc/apt/preferences.d/99nginx && \
     gpgconf --kill all && \

Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile

@@ -59,7 +59,7 @@ RUN set -eux && \
     curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
     gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \
     DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \
-    echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
+    echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
     echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
         > /etc/apt/preferences.d/99nginx && \
     gpgconf --kill all && \

Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();