Added RHEL images for trunk

web-nginx-mysql/rhel/conf/etc/nginx/nginx.conf

@@ -0,0 +1,71 @@
+#user nginx;
+worker_processes 5;
+worker_rlimit_nofile 256000;
+
+error_log /dev/fd/2 error;
+
+pid        /tmp/nginx.pid;
+
+events {
+    worker_connections 5120;
+    use epoll;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /dev/fd/1 main;
+    error_log /dev/fd/2 error;
+
+    client_body_temp_path /tmp/client_body 1 2;
+    proxy_temp_path /tmp/proxy 1 2;
+    fastcgi_temp_path /tmp/fastcgi 1 2;
+    uwsgi_temp_path /tmp/uwsgi 1 2;
+    scgi_temp_path /tmp/scgi 1 2;
+
+    client_body_timeout             5m;
+    send_timeout                    5m;
+
+    connection_pool_size            4096;
+    client_header_buffer_size       4k;
+    large_client_header_buffers     4 4k;
+    request_pool_size               4k;
+    reset_timedout_connection       on;
+
+
+    gzip                            on;
+    gzip_min_length                 100;
+    gzip_buffers                    4 8k;
+    gzip_comp_level                 5;
+    gzip_types                      text/plain;
+    gzip_types                      application/x-javascript;
+    gzip_types                      text/css;
+
+    output_buffers                  128 512k;
+    postpone_output                 1460;
+    aio                             on;
+    directio                        512;
+
+    sendfile                        on;
+    client_max_body_size            8m;
+    client_body_buffer_size	    256k;
+    fastcgi_intercept_errors        on;
+
+    tcp_nopush                      on;
+    tcp_nodelay                     on;
+
+    keepalive_timeout               75 20;
+
+    ignore_invalid_headers          on;
+
+    index                           index.php;
+    server_tokens                   off;
+
+    include /etc/nginx/conf.d/*.conf;
+}

web-nginx-mysql/rhel/conf/etc/php-fpm.conf

@@ -0,0 +1,9 @@
+include=/etc/php-fpm.d/*.conf
+
+[global]
+
+pid = /tmp/php-fpm.pid
+
+error_log = /dev/fd/2
+
+daemonize = no

web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf

@@ -0,0 +1,27 @@
+[zabbix]
+
+listen = /tmp/php-fpm.sock
+
+clear_env = no
+
+pm = dynamic
+pm.max_children = 50
+pm.start_servers = 5
+pm.min_spare_servers = 5
+pm.max_spare_servers = 35
+
+slowlog = /dev/fd/1
+
+; php_admin_value[error_log] = /dev/fd/2
+php_admin_flag[log_errors] = on
+
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+
+php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
+php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
+php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
+php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
+php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
+php_value[max_input_vars] = 10000
+php_value[date.timezone] = ${PHP_TZ}

web-nginx-mysql/rhel/conf/etc/supervisor/conf.d/supervisord_web_nginx.conf

@@ -0,0 +1,30 @@
+[supervisord]
+nodaemon = true
+
+[program:nginx]
+command = /usr/sbin/%(program_name)s -g "daemon off;error_log /dev/stdout info;" -c /etc/nginx/%(program_name)s.conf
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+
+[program:php-fpm]
+command = /usr/sbin/%(program_name)s -F -y /etc/%(program_name)s.conf
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0

web-nginx-mysql/rhel/conf/etc/supervisor/supervisord.conf

@@ -0,0 +1,35 @@
+; supervisor config file
+
+[unix_http_server]
+file = /tmp/supervisor.sock   ; (the path to the socket file)
+chmod = 0700                       ; sockef file mode (default 0700)
+username = zbx
+password = password
+
+[supervisord]
+logfile = /dev/stdout                        ; (main log file;default $CWD/supervisord.log)
+pidfile = /tmp/supervisord.pid           ; (supervisord pidfile;default supervisord.pid)
+childlogdir = /tmp                           ; ('AUTO' child log dir, default $TEMP)
+critical = critical
+;user = zabbix
+logfile_maxbytes = 0
+logfile_backupcount = 0
+loglevel = info
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf

web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo

@@ -0,0 +1,8 @@
+[nginx-stable]
+name=nginx stable repo
+baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=https://nginx.org/keys/nginx_signing.key
+module_hotfixes=true
+

web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf

@@ -0,0 +1,74 @@
+server {
+    listen 8080;
+    listen [::]:8080;
+
+    server_name     zabbix;
+    index           index.php;
+
+    access_log      /dev/fd/1 main;
+    error_log       /dev/fd/2 notice;
+
+    set $webroot '/usr/share/zabbix';
+
+    root $webroot;
+
+    large_client_header_buffers 8 8k;
+    client_max_body_size 10M;
+
+    location = /favicon.ico {
+        log_not_found off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    # caching of files
+    location ~* \.ico$ {
+        expires 1y;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
+        expires 14d;
+    }
+
+    location ~ /(app\/|conf[^\.]|include\/|local\/|locale\/) {
+        deny all;
+        return 404;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location ~ .php$ {
+        fastcgi_pass   unix:/tmp/php-fpm.sock;
+        fastcgi_index  index.php;
+
+        fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
+
+        include fastcgi_params;
+        fastcgi_param  QUERY_STRING     $query_string;
+        fastcgi_param  REQUEST_METHOD   $request_method;
+        fastcgi_param  CONTENT_TYPE     $content_type;
+        fastcgi_param  CONTENT_LENGTH   $content_length;
+        fastcgi_intercept_errors        on;
+        fastcgi_ignore_client_abort     off;
+        fastcgi_connect_timeout 60;
+        fastcgi_send_timeout 180;
+        fastcgi_read_timeout {FCGI_READ_TIMEOUT};
+        fastcgi_buffer_size 128k;
+        fastcgi_buffers 4 256k;
+        fastcgi_busy_buffers_size 256k;
+        fastcgi_temp_file_write_size 256k;
+    }
+}

web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf

@@ -0,0 +1,101 @@
+server {
+    listen 8443 ssl http2;
+    listen [::]:8443 ssl http2;
+
+    server_name     zabbix;
+    server_name_in_redirect off;
+
+    index  index.php;
+    access_log      /dev/fd/1 main;
+    error_log       /dev/fd/2 error;
+
+    set $webroot '/usr/share/zabbix';
+
+    root $webroot;
+
+    large_client_header_buffers 8 8k;
+
+    client_max_body_size 10M;
+
+    ssl_certificate     /etc/ssl/nginx/ssl.crt;
+    ssl_certificate_key /etc/ssl/nginx/ssl.key;
+    ssl_dhparam /etc/ssl/nginx/dhparam.pem;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;
+    ssl_session_tickets off;
+
+    # intermediate configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
+
+    location =/nginx_status {
+        stub_status on;
+        access_log off;
+        allow 127.0.0.1;
+        deny all;
+    }
+
+    location = /favicon.ico {
+        log_not_found off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+    location ~ /\. {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+
+    # caching of files
+    location ~* \.ico$ {
+        expires 1y;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|xml|txt)$ {
+        expires 14d;
+    }
+
+    location ~ /(app\/|conf[^\.]|include\/|local\/|locale\/) {
+        deny all;
+        return 404;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    location ~ .php$ {
+        fastcgi_pass   unix:/tmp/php-fpm.sock;
+        fastcgi_index  index.php;
+
+        fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
+
+        include fastcgi_params;
+        fastcgi_param  QUERY_STRING     $query_string;
+        fastcgi_param  REQUEST_METHOD   $request_method;
+        fastcgi_param  CONTENT_TYPE     $content_type;
+        fastcgi_param  CONTENT_LENGTH   $content_length;
+        fastcgi_intercept_errors        on;
+        fastcgi_ignore_client_abort     off;
+        fastcgi_connect_timeout 60;
+        fastcgi_send_timeout 180;
+        fastcgi_read_timeout {FCGI_READ_TIMEOUT};
+        fastcgi_buffer_size 128k;
+        fastcgi_buffers 4 256k;
+        fastcgi_busy_buffers_size 256k;
+        fastcgi_temp_file_write_size 256k;
+    }
+}

web-nginx-mysql/rhel/conf/etc/zabbix/web/maintenance.inc.php

@@ -0,0 +1,32 @@
+<?php
+/*
+** Zabbix
+** Copyright (C) 2001-2016 Zabbix SIA
+**
+** This program is free software; you can redistribute it and/or modify
+** it under the terms of the GNU General Public License as published by
+** the Free Software Foundation; either version 2 of the License, or
+** (at your option) any later version.
+**
+** This program is distributed in the hope that it will be useful,
+** but WITHOUT ANY WARRANTY; without even the implied warranty of
+** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+** GNU General Public License for more details.
+**
+** You should have received a copy of the GNU General Public License
+** along with this program; if not, write to the Free Software
+** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+**/
+
+
+// Maintenance mode
+if (getenv('ZBX_DENY_GUI_ACCESS') == 'true') {
+    define('ZBX_DENY_GUI_ACCESS', 1);
+
+    // IP range, who are allowed to connect to FrontEnd
+    $ip_range = str_replace("'","\"",getenv('ZBX_GUI_ACCESS_IP_RANGE'));
+    $ZBX_GUI_ACCESS_IP_RANGE = (json_decode($ip_range)) ? json_decode($ip_range, true) : array();
+
+    // MSG shown on Warning screen!
+    $_REQUEST['warning_msg'] = getenv('ZBX_GUI_WARNING_MSG');
+}

web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php

@@ -0,0 +1,54 @@
+<?php
+// Zabbix GUI configuration file.
+global $DB, $HISTORY;
+
+$DB['TYPE']     = getenv('DB_SERVER_TYPE');
+$DB['SERVER']   = getenv('DB_SERVER_HOST');
+$DB['PORT']     = getenv('DB_SERVER_PORT');
+$DB['DATABASE'] = getenv('DB_SERVER_DBNAME');
+$DB['USER']     = ! getenv('VAULT_TOKEN') ? getenv('DB_SERVER_USER') : '';
+$DB['PASSWORD'] = ! getenv('VAULT_TOKEN') ? getenv('DB_SERVER_PASS') : '';
+
+// Schema name. Used for PostgreSQL.
+$DB['SCHEMA'] = getenv('DB_SERVER_SCHEMA');
+
+$ZBX_SERVER      = getenv('ZBX_SERVER_HOST');
+$ZBX_SERVER_PORT = getenv('ZBX_SERVER_PORT');
+$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
+
+// Used for TLS connection.
+$DB['ENCRYPTION']		= getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
+$DB['KEY_FILE']			= getenv('ZBX_DB_KEY_FILE');
+$DB['CERT_FILE']		= getenv('ZBX_DB_CERT_FILE');
+$DB['CA_FILE']			= getenv('ZBX_DB_CA_FILE');
+$DB['VERIFY_HOST']		= getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
+$DB['CIPHER_LIST']		= getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
+
+// Vault configuration. Used if database credentials are stored in Vault secrets manager.
+$DB['VAULT_URL']		= getenv('ZBX_VAULTURL');
+$DB['VAULT_DB_PATH']		= getenv('ZBX_VAULTDBPATH');
+$DB['VAULT_TOKEN']		= getenv('VAULT_TOKEN');
+
+// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
+// This option is enabled by default for new Zabbix installations.
+// For upgraded installations, please read database upgrade notes before enabling this option.
+$DB['DOUBLE_IEEE754']	= getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
+
+
+$IMAGE_FORMAT_DEFAULT	= IMAGE_FORMAT_PNG;
+
+// Elasticsearch url (can be string if same url is used for all types).
+$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
+$HISTORY['url']   = (json_decode($history_url)) ? json_decode($history_url, true) : $history_url;
+// Value types stored in Elasticsearch.
+$storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
+
+$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
+
+// Used for SAML authentication.
+$SSO['SP_KEY']			= file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
+$SSO['SP_CERT']			= file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
+$SSO['IDP_CERT']		= file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
+
+$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
+$SSO['SETTINGS']		= (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();