extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-08-16 19:40:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated according security and style recommendations

Browse Source
This commit is contained in:
Alexey Pustovalov
2024-02-16 18:45:59 +09:00
parent a9a246da60
commit f5d2f4a656
65 changed files with 1509 additions and 657 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,25 +19,25 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -48,9 +48,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

56
Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,25 +19,25 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -48,9 +48,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

56
Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,25 +19,25 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -48,9 +48,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

56
Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,25 +19,25 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -48,9 +48,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();

2
Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
View File

@ -59,7 +59,7 @@ RUN set -eux && \
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \
gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \
DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \
echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \
echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
> /etc/apt/preferences.d/99nginx && \
gpgconf --kill all && \

56
Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php
View File

@ -19,25 +19,25 @@ if (getenv('ZBX_SERVER_HOST')) {
$ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME');
// Used for TLS connection.
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false;
$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE');
$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE');
$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE');
$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false;
$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : '';
// Vault configuration. Used if database credentials are stored in Vault secrets manager.
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
$DB['VAULT_URL'] = getenv('ZBX_VAULTURL');
$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH');
$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN');
// Use IEEE754 compatible value range for 64-bit Numeric (float) history values.
// This option is enabled by default for new Zabbix installations.
// For upgraded installations, please read database upgrade notes before enabling this option.
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
// Elasticsearch url (can be string if same url is used for all types).
$history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL'));
@ -48,9 +48,35 @@ $storage_types = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGETYPES'));
$HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array();
// Used for SAML authentication.
$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : '');
$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : '');
$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : '');
if (file_exists('/etc/zabbix/web/certs/sp.key')) {
$SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key';
}
elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) {
$SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY');
}
else {
$SSO['SP_KEY'] = '';
}
if (file_exists('/etc/zabbix/web/certs/sp.crt')) {
$SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) {
$SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT');
}
else {
$SSO['SP_CERT'] = '';
}
if (file_exists('/etc/zabbix/web/certs/idp.crt')) {
$SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt';
}
elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) {
$SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT');
}
else {
$SSO['IDP_CERT'] = '';
}
$sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS'));
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();
$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array();