Updated Zabbix web-frontend configuration file

Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php

@@ -31,8 +31,26 @@ $DB['VAULT']			= getenv('ZBX_VAULT');
 $DB['VAULT_URL']                = getenv('ZBX_VAULTURL');
 $DB['VAULT_DB_PATH']            = getenv('ZBX_VAULTDBPATH');
 $DB['VAULT_TOKEN']              = getenv('VAULT_TOKEN');
-$DB['VAULT_CERT_FILE']		= file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : '');
+
-$DB['VAULT_KEY_FILE']		= file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : '');
+if (file_exists('/etc/zabbix/web/certs/vault.crt')) {
+   $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt');
+}
+elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) {
+   $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE'];
+}
+else {
+   $DB['VAULT_CERT_FILE'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/vault.key')) {
+   $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key';
+}
+elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) {
+   $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE');
+}
+else {
+   $DB['VAULT_KEY_FILE'] = '';
+}
 
 $DB['VAULT_CACHE']              = getenv('ZBX_VAULTCACHE') == 'true' ? true: false;
 
@@ -53,9 +71,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
 $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
 
 // Used for SAML authentication.
-$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+if (file_exists('/etc/zabbix/web/certs/sp.key')) {
-$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+   $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
-$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
+   $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
+}
+else {
+   $SSO['SP_KEY'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
+   $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
+   $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
+}
+else {
+   $SSO['SP_CERT'] = '';
+}
+
+if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
+   $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
+}
+elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
+   $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
+}
+else {
+   $SSO['IDP_CERT'] = '';
+}
 
 $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
 $SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();