diff --git a/Dockerfiles/web-apache-mysql/README.md b/Dockerfiles/web-apache-mysql/README.md index 9bf1b3434..dce9c167c 100644 --- a/Dockerfiles/web-apache-mysql/README.md +++ b/Dockerfiles/web-apache-mysql/README.md @@ -258,6 +258,10 @@ PHP_FPM_PM_START_SERVERS=5 PHP_FPM_PM_MIN_SPARE_SERVERS=5 PHP_FPM_PM_MAX_SPARE_SERVERS=35 PHP_FPM_PM_MAX_REQUESTS=0 + +Allowed Apache configuration options: +WEB_REAL_IP_FROM= +WEB_REAL_IP_HEADER= ``` ## Allowed volumes for the Zabbix web interface container diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf index 61cc676ee..2738d7abb 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh index cd84f15a7..fdc75a274 100755 --- a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh @@ -202,6 +202,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf index f4b52948b..9fcdb019b 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh index b6c30b92f..140f149b2 100755 --- a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh @@ -202,6 +202,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf index f4b52948b..9fcdb019b 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh index b6c30b92f..140f149b2 100755 --- a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh @@ -202,6 +202,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf index 88cbea64c..6eb7a763d 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf @@ -12,3 +12,4 @@ LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so +LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf index fede75993..5a345610b 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh index 1f2e1ee41..c8ca94545 100755 --- a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh @@ -202,6 +202,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-pgsql/README.md b/Dockerfiles/web-apache-pgsql/README.md index 2437044d8..19715c7fc 100644 --- a/Dockerfiles/web-apache-pgsql/README.md +++ b/Dockerfiles/web-apache-pgsql/README.md @@ -258,6 +258,10 @@ PHP_FPM_PM_START_SERVERS=5 PHP_FPM_PM_MIN_SPARE_SERVERS=5 PHP_FPM_PM_MAX_SPARE_SERVERS=35 PHP_FPM_PM_MAX_REQUESTS=0 + +Allowed Apache configuration options: +WEB_REAL_IP_FROM= +WEB_REAL_IP_HEADER= ``` ## Allowed volumes for the Zabbix web interface container diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf index 61cc676ee..2738d7abb 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh index c6a02cfba..16cb31f6c 100755 --- a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh @@ -201,6 +201,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf index f4b52948b..9fcdb019b 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh index 20bd8d24d..b282764ea 100755 --- a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh @@ -201,6 +201,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf index f4b52948b..9fcdb019b 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh index c05cb33fd..14cc9cbee 100755 --- a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh @@ -201,6 +201,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf index 88cbea64c..6eb7a763d 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf @@ -12,3 +12,4 @@ LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so +LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf index fede75993..5a345610b 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh index 4b8cf4234..cb689c43d 100755 --- a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh @@ -201,6 +201,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-nginx-mysql/README.md b/Dockerfiles/web-nginx-mysql/README.md index 531c6b576..ba4e22e63 100644 --- a/Dockerfiles/web-nginx-mysql/README.md +++ b/Dockerfiles/web-nginx-mysql/README.md @@ -259,6 +259,10 @@ PHP_FPM_PM_START_SERVERS=5 PHP_FPM_PM_MIN_SPARE_SERVERS=5 PHP_FPM_PM_MAX_SPARE_SERVERS=35 PHP_FPM_PM_MAX_REQUESTS=0 + +Allowed Nginx configuration options: +WEB_REAL_IP_FROM= +WEB_REAL_IP_HEADER= ``` ## Allowed volumes for the Zabbix web interface container diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf index 3a59b420a..1b9739373 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -4,6 +4,9 @@ server { http2 on; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh index bb77a009f..4a8e1628d 100755 --- a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php84/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -229,6 +238,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh index 75a2af188..c570461eb 100755 --- a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -229,6 +238,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh index 75a2af188..c570461eb 100755 --- a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -229,6 +238,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh index 75a2af188..c570461eb 100755 --- a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -229,6 +238,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh index 72fdbb897..5e36d87d1 100755 --- a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -229,6 +238,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/README.md b/Dockerfiles/web-nginx-pgsql/README.md index 8ed996b84..d52f8e75a 100644 --- a/Dockerfiles/web-nginx-pgsql/README.md +++ b/Dockerfiles/web-nginx-pgsql/README.md @@ -258,6 +258,10 @@ PHP_FPM_PM_START_SERVERS=5 PHP_FPM_PM_MIN_SPARE_SERVERS=5 PHP_FPM_PM_MAX_SPARE_SERVERS=35 PHP_FPM_PM_MAX_REQUESTS=0 + +Allowed Nginx configuration options: +WEB_REAL_IP_FROM= +WEB_REAL_IP_HEADER= ``` ## Allowed volumes for the Zabbix web interface container diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf index 3a59b420a..1b9739373 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -4,6 +4,9 @@ server { http2 on; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh index 1edfd1c29..d4d1632bc 100755 --- a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php84/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -228,6 +237,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh index b9629d58a..38059530c 100755 --- a/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -228,6 +237,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh index b9629d58a..38059530c 100755 --- a/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -228,6 +237,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh index b9629d58a..38059530c 100755 --- a/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -228,6 +237,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh index 2fb456239..566240b9d 100755 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh @@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -228,6 +237,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/env_vars/.env_web b/env_vars/.env_web index ba8934c60..ba2b385bd 100644 --- a/env_vars/.env_web +++ b/env_vars/.env_web @@ -48,3 +48,6 @@ ZBX_SERVER_NAME=Composed installation # PHP_FPM_PM_MIN_SPARE_SERVERS=5 # PHP_FPM_PM_MAX_SPARE_SERVERS=35 # PHP_FPM_PM_MAX_REQUESTS=0 + +#WEB_REAL_IP_FROM= +#WEB_REAL_IP_HEADER=