From f61539a3b27616e60f15508366042eb7cf8ae7e4 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 5 Aug 2020 16:57:17 -0400 Subject: [PATCH] Added new params for many Zabbix components --- agent/alpine/docker-entrypoint.sh | 6 ++++ agent/centos/docker-entrypoint.sh | 6 ++++ agent/rhel/README.md | 32 +++++++++++++-------- agent/rhel/docker-entrypoint.sh | 6 ++++ agent/ubuntu/docker-entrypoint.sh | 6 ++++ proxy-mysql/alpine/docker-entrypoint.sh | 6 ++++ proxy-mysql/centos/docker-entrypoint.sh | 8 +++++- proxy-mysql/rhel/README.md | 34 ++++++++++++++++------- proxy-mysql/rhel/docker-entrypoint.sh | 8 +++++- proxy-mysql/ubuntu/docker-entrypoint.sh | 6 ++++ proxy-sqlite3/alpine/docker-entrypoint.sh | 6 ++++ proxy-sqlite3/centos/docker-entrypoint.sh | 6 ++++ proxy-sqlite3/rhel/README.md | 6 ++++ proxy-sqlite3/rhel/docker-entrypoint.sh | 6 ++++ proxy-sqlite3/ubuntu/docker-entrypoint.sh | 6 ++++ server-mysql/alpine/docker-entrypoint.sh | 6 ++++ server-mysql/centos/docker-entrypoint.sh | 6 ++++ server-mysql/rhel/README.md | 14 +++++++++- server-mysql/rhel/docker-entrypoint.sh | 6 ++++ server-mysql/ubuntu/docker-entrypoint.sh | 6 ++++ server-pgsql/alpine/docker-entrypoint.sh | 6 ++++ server-pgsql/centos/docker-entrypoint.sh | 6 ++++ server-pgsql/ubuntu/docker-entrypoint.sh | 6 ++++ 23 files changed, 180 insertions(+), 24 deletions(-) diff --git a/agent/alpine/docker-entrypoint.sh b/agent/alpine/docker-entrypoint.sh index 6f9b0bf77..9c8fc5791 100755 --- a/agent/alpine/docker-entrypoint.sh +++ b/agent/alpine/docker-entrypoint.sh @@ -180,6 +180,12 @@ prepare_zbx_agent_config() { update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" update_config_var $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" diff --git a/agent/centos/docker-entrypoint.sh b/agent/centos/docker-entrypoint.sh index 6f9b0bf77..9c8fc5791 100755 --- a/agent/centos/docker-entrypoint.sh +++ b/agent/centos/docker-entrypoint.sh @@ -180,6 +180,12 @@ prepare_zbx_agent_config() { update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" update_config_var $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" diff --git a/agent/rhel/README.md b/agent/rhel/README.md index e644c6e71..055150d3f 100644 --- a/agent/rhel/README.md +++ b/agent/rhel/README.md @@ -14,21 +14,23 @@ Zabbix agent is deployed on a monitoring target to actively monitor local resour # Zabbix agent images -These are the only official Zabbix agent Docker images. They are based on Alpine Linux v3.9, Ubuntu 18.04 (bionic) and CentOS 7 images. The available versions of Zabbix agent are: +These are the only official Zabbix agent Docker images. They are based on Alpine Linux v3.11, Ubuntu 18.04 (bionic) and CentOS 7 images. The available versions of Zabbix agent are: Zabbix agent 3.0 (tags: alpine-3.0-latest, ubuntu-3.0-latest, centos-3.0-latest) Zabbix agent 3.0.* (tags: alpine-3.0.*, ubuntu-3.0.*, centos-3.0.*) - Zabbix agent 3.2 (tags: alpine-3.2-latest, ubuntu-3.2-latest, centos-3.2-latest) - Zabbix agent 3.2.* (tags: alpine-3.2.*, ubuntu-3.2.*, centos-3.2.*) - Zabbix agent 3.4 (tags: alpine-3.4-latest, ubuntu-3.4-latest, centos-3.4-latest) - Zabbix agent 3.4.* (tags: alpine-3.4.*, ubuntu-3.4.*, centos-3.4.*) + Zabbix agent 3.2 (tags: alpine-3.2-latest, ubuntu-3.2-latest, centos-3.2.*) (unsupported) + Zabbix agent 3.2.* (tags: alpine-3.2.*, ubuntu-3.2.*, centos-3.2.*) (unsupported) + Zabbix agent 3.4 (tags: alpine-3.4-latest, ubuntu-3.4-latest, centos-3.4.*) (unsupported) + Zabbix agent 3.4.* (tags: alpine-3.4.*, ubuntu-3.4.*, centos-3.4.*) (unsupported) Zabbix agent 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) Zabbix agent 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) - Zabbix agent 4.2 (tags: alpine-4.2-latest, ubuntu-4.2-latest, centos-4.2-latest) - Zabbix agent 4.2.* (tags: alpine-4.2.*, ubuntu-4.2.*, centos-4.2.*) - Zabbix agent 4.4 (tags: alpine-4.4-latest, ubuntu-4.4-latest, centos-4.4-latest, alpine-latest, ubuntu-latest, centos-latest, latest) - Zabbix agent 4.4.* (tags: alpine-4.4.*, ubuntu-4.4.*, centos-4.4.*) - Zabbix agent 5.0 (tags: alpine-trunk, ubuntu-trunk, centos-trunk) + Zabbix agent 4.2 (tags: alpine-4.2-latest, ubuntu-4.2-latest, centos-4.2.*) (unsupported) + Zabbix agent 4.2.* (tags: alpine-4.2.*, ubuntu-4.2.*, centos-4.2.*) (unsupported) + Zabbix agent 4.4 (tags: alpine-4.4-latest, ubuntu-4.4-latest, centos-4.4-latest) (unsupported) + Zabbix agent 4.4.* (tags: alpine-4.4.*, ubuntu-4.4.*, centos-4.4.*) (unsupported) + Zabbix agent 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, centos-5.0-latest, alpine-latest, ubuntu-latest, centos-latest, latest) + Zabbix agent 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, centos-5.0.*) + Zabbix agent 5.2 (tags: alpine-trunk, ubuntu-trunk, centos-trunk) Images are updated when new releases are published. The image with ``latest`` tag is based on Alpine Linux. @@ -135,7 +137,7 @@ Additionally the image allows to specify many other environment variables listed ``` ZBX_SOURCEIP= -ZBX_ENABLEREMOTECOMMANDS=0 +ZBX_ENABLEREMOTECOMMANDS=0 # Deprecated since 5.0.0 ZBX_LOGREMOTECOMMANDS=0 ZBX_HOSTINTERFACE= # Available since 4.4.0 ZBX_HOSTINTERFACEITEM= # Available since 4.4.0 @@ -159,6 +161,14 @@ ZBX_TLSCERTFILE= ZBX_TLSKEYFILE= ZBX_TLSPSKIDENTITY= ZBX_TLSPSKFILE= +ZBX_TLSCIPHERALL= # Available since 4.4.7 +ZBX_TLSCIPHERALL13= # Available since 4.4.7 +ZBX_TLSCIPHERCERT= # Available since 4.4.7 +ZBX_TLSCIPHERCERT13= # Available since 4.4.7 +ZBX_TLSCIPHERPSK= # Available since 4.4.7 +ZBX_TLSCIPHERPSK13= # Available since 4.4.7 +ZBX_DENYKEY=system.run[*] # Available since 5.0.0 +ZBX_ALLOWKEY= # Available since 5.0.0 ``` Default values of these variables are specified after equal sign. diff --git a/agent/rhel/docker-entrypoint.sh b/agent/rhel/docker-entrypoint.sh index 6f9b0bf77..9c8fc5791 100755 --- a/agent/rhel/docker-entrypoint.sh +++ b/agent/rhel/docker-entrypoint.sh @@ -180,6 +180,12 @@ prepare_zbx_agent_config() { update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" update_config_var $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" diff --git a/agent/ubuntu/docker-entrypoint.sh b/agent/ubuntu/docker-entrypoint.sh index 6f9b0bf77..9c8fc5791 100755 --- a/agent/ubuntu/docker-entrypoint.sh +++ b/agent/ubuntu/docker-entrypoint.sh @@ -180,6 +180,12 @@ prepare_zbx_agent_config() { update_config_var $ZBX_AGENT_CONFIG "TLSServerCertIssuer" "${ZBX_TLSSERVERCERTISSUER}" update_config_var $ZBX_AGENT_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_AGENT_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_AGENT_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_AGENT_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_AGENT_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" update_config_var $ZBX_AGENT_CONFIG "TLSPSKFile" "${ZBX_TLSPSKFILE}" diff --git a/proxy-mysql/alpine/docker-entrypoint.sh b/proxy-mysql/alpine/docker-entrypoint.sh index 59210c305..6d8a1c2a6 100755 --- a/proxy-mysql/alpine/docker-entrypoint.sh +++ b/proxy-mysql/alpine/docker-entrypoint.sh @@ -398,6 +398,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/proxy-mysql/centos/docker-entrypoint.sh b/proxy-mysql/centos/docker-entrypoint.sh index 9fdf41782..6d8a1c2a6 100755 --- a/proxy-mysql/centos/docker-entrypoint.sh +++ b/proxy-mysql/centos/docker-entrypoint.sh @@ -265,7 +265,7 @@ create_db_schema_mysql() { zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \ -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \ + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \ ${DB_SERVER_DBNAME} 1>/dev/null fi } @@ -398,6 +398,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/proxy-mysql/rhel/README.md b/proxy-mysql/rhel/README.md index 63767a323..7a8fd29f0 100644 --- a/proxy-mysql/rhel/README.md +++ b/proxy-mysql/rhel/README.md @@ -14,21 +14,23 @@ Zabbix proxy is a process that may collect monitoring data from one or more moni # Zabbix proxy images -These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.9, Ubuntu 18.04 (bionic) and CentOS 7 images. The available versions of Zabbix proxy are: +These are the only official Zabbix proxy Docker images. They are based on Alpine Linux v3.11, Ubuntu 18.04 (bionic) and CentOS 7 images. The available versions of Zabbix proxy are: Zabbix proxy 3.0 (tags: alpine-3.0-latest, ubuntu-3.0-latest, centos-3.0-latest) Zabbix proxy 3.0.* (tags: alpine-3.0.*, ubuntu-3.0.*, centos-3.0.*) - Zabbix proxy 3.2 (tags: alpine-3.2-latest, ubuntu-3.2-latest, centos-3.2-latest) - Zabbix proxy 3.2.* (tags: alpine-3.2.*, ubuntu-3.2.*, centos-3.2.*) - Zabbix proxy 3.4 (tags: alpine-3.4-latest, ubuntu-3.4-latest, centos-3.4-latest) - Zabbix proxy 3.4.* (tags: alpine-3.4.*, ubuntu-3.4.*, centos-3.4.*) + Zabbix proxy 3.2 (tags: alpine-3.2-latest, ubuntu-3.2-latest, centos-3.2.*) (unsupported) + Zabbix proxy 3.2.* (tags: alpine-3.2.*, ubuntu-3.2.*, centos-3.2.*) (unsupported) + Zabbix proxy 3.4 (tags: alpine-3.4-latest, ubuntu-3.4-latest, centos-3.4.*) (unsupported) + Zabbix proxy 3.4.* (tags: alpine-3.4.*, ubuntu-3.4.*, centos-3.4.*) (unsupported) Zabbix proxy 4.0 (tags: alpine-4.0-latest, ubuntu-4.0-latest, centos-4.0-latest) Zabbix proxy 4.0.* (tags: alpine-4.0.*, ubuntu-4.0.*, centos-4.0.*) - Zabbix proxy 4.2 (tags: alpine-4.2-latest, ubuntu-4.2-latest, centos-4.2-latest) - Zabbix proxy 4.2.* (tags: alpine-4.2.*, ubuntu-4.2.*, centos-4.2.*) - Zabbix proxy 4.4 (tags: alpine-4.4-latest, ubuntu-4.4-latest, centos-4.4-latest, alpine-latest, ubuntu-latest, centos-latest, latest) - Zabbix proxy 4.4.* (tags: alpine-4.4.*, ubuntu-4.4.*, centos-4.4.*) - Zabbix proxy 5.0 (tags: alpine-trunk, ubuntu-trunk, centos-trunk) + Zabbix proxy 4.2 (tags: alpine-4.2-latest, ubuntu-4.2-latest, centos-4.2.*) (unsupported) + Zabbix proxy 4.2.* (tags: alpine-4.2.*, ubuntu-4.2.*, centos-4.2.*) (unsupported) + Zabbix proxy 4.4 (tags: alpine-4.4-latest, ubuntu-4.4-latest, centos-4.4-latest) (unsupported) + Zabbix proxy 4.4.* (tags: alpine-4.4.*, ubuntu-4.4.*, centos-4.4.*) (unsupported) + Zabbix proxy 5.0 (tags: alpine-5.0-latest, ubuntu-5.0-latest, centos-5.0-latest, alpine-latest, ubuntu-latest, centos-latest, latest) + Zabbix proxy 5.0.* (tags: alpine-5.0.*, ubuntu-5.0.*, centos-5.0.*) + Zabbix proxy 5.2 (tags: alpine-trunk, ubuntu-trunk, centos-trunk) Images are updated when new releases are published. The image with ``latest`` tag is based on Alpine Linux. @@ -157,6 +159,12 @@ The variable enable communication with Zabbix Java Gateway to collect Java relat Additionally the image allows to specify many other environment variables listed below: ``` +ZBX_DBTLSCONNECT= # Available since 5.0.0 +ZBX_DBTLSCAFILE= # Available since 5.0.0 +ZBX_DBTLSCERTFILE= # Available since 5.0.0 +ZBX_DBTLSKEYFILE= # Available since 5.0.0 +ZBX_DBTLSCIPHER= # Available since 5.0.0 +ZBX_DBTLSCIPHER13= # Available since 5.0.0 ZBX_ENABLEREMOTECOMMANDS=0 # Available since 3.4.0 ZBX_LOGREMOTECOMMANDS=0 # Available since 3.4.0 ZBX_HOSTNAMEITEM=system.hostname @@ -205,6 +213,12 @@ ZBX_TLSCERTFILE= ZBX_TLSKEYFILE= ZBX_TLSPSKIDENTITY= ZBX_TLSPSKFILE= +ZBX_TLSCIPHERALL= # Available since 4.4.7 +ZBX_TLSCIPHERALL13= # Available since 4.4.7 +ZBX_TLSCIPHERCERT= # Available since 4.4.7 +ZBX_TLSCIPHERCERT13= # Available since 4.4.7 +ZBX_TLSCIPHERPSK= # Available since 4.4.7 +ZBX_TLSCIPHERPSK13= # Available since 4.4.7 ``` Default values of these variables are specified after equal sign. diff --git a/proxy-mysql/rhel/docker-entrypoint.sh b/proxy-mysql/rhel/docker-entrypoint.sh index 9fdf41782..6d8a1c2a6 100755 --- a/proxy-mysql/rhel/docker-entrypoint.sh +++ b/proxy-mysql/rhel/docker-entrypoint.sh @@ -265,7 +265,7 @@ create_db_schema_mysql() { zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \ -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \ + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \ ${DB_SERVER_DBNAME} 1>/dev/null fi } @@ -398,6 +398,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/proxy-mysql/ubuntu/docker-entrypoint.sh b/proxy-mysql/ubuntu/docker-entrypoint.sh index c904f6d49..ba066f813 100755 --- a/proxy-mysql/ubuntu/docker-entrypoint.sh +++ b/proxy-mysql/ubuntu/docker-entrypoint.sh @@ -398,6 +398,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/proxy-sqlite3/alpine/docker-entrypoint.sh b/proxy-sqlite3/alpine/docker-entrypoint.sh index b4987d07f..5a068a347 100755 --- a/proxy-sqlite3/alpine/docker-entrypoint.sh +++ b/proxy-sqlite3/alpine/docker-entrypoint.sh @@ -223,6 +223,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/proxy-sqlite3/centos/docker-entrypoint.sh b/proxy-sqlite3/centos/docker-entrypoint.sh index b4987d07f..5a068a347 100755 --- a/proxy-sqlite3/centos/docker-entrypoint.sh +++ b/proxy-sqlite3/centos/docker-entrypoint.sh @@ -223,6 +223,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/proxy-sqlite3/rhel/README.md b/proxy-sqlite3/rhel/README.md index 7dc954593..77c514388 100644 --- a/proxy-sqlite3/rhel/README.md +++ b/proxy-sqlite3/rhel/README.md @@ -171,6 +171,12 @@ ZBX_TLSCERTFILE= ZBX_TLSKEYFILE= ZBX_TLSPSKIDENTITY= ZBX_TLSPSKFILE= +ZBX_TLSCIPHERALL= # Available since 4.4.7 +ZBX_TLSCIPHERALL13= # Available since 4.4.7 +ZBX_TLSCIPHERCERT= # Available since 4.4.7 +ZBX_TLSCIPHERCERT13= # Available since 4.4.7 +ZBX_TLSCIPHERPSK= # Available since 4.4.7 +ZBX_TLSCIPHERPSK13= # Available since 4.4.7 ``` Default values of these variables are specified after equal sign. diff --git a/proxy-sqlite3/rhel/docker-entrypoint.sh b/proxy-sqlite3/rhel/docker-entrypoint.sh index b4987d07f..5a068a347 100755 --- a/proxy-sqlite3/rhel/docker-entrypoint.sh +++ b/proxy-sqlite3/rhel/docker-entrypoint.sh @@ -223,6 +223,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/proxy-sqlite3/ubuntu/docker-entrypoint.sh b/proxy-sqlite3/ubuntu/docker-entrypoint.sh index a33618ab4..e9a88482a 100755 --- a/proxy-sqlite3/ubuntu/docker-entrypoint.sh +++ b/proxy-sqlite3/ubuntu/docker-entrypoint.sh @@ -223,6 +223,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSServerCertSubject" "${ZBX_TLSSERVERCERTSUBJECT}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/server-mysql/alpine/docker-entrypoint.sh b/server-mysql/alpine/docker-entrypoint.sh index 2a6629615..755c64913 100755 --- a/server-mysql/alpine/docker-entrypoint.sh +++ b/server-mysql/alpine/docker-entrypoint.sh @@ -396,6 +396,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/server-mysql/centos/docker-entrypoint.sh b/server-mysql/centos/docker-entrypoint.sh index 2a6629615..755c64913 100755 --- a/server-mysql/centos/docker-entrypoint.sh +++ b/server-mysql/centos/docker-entrypoint.sh @@ -396,6 +396,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/server-mysql/rhel/README.md b/server-mysql/rhel/README.md index 754363af4..060b0fe15 100644 --- a/server-mysql/rhel/README.md +++ b/server-mysql/rhel/README.md @@ -16,7 +16,7 @@ The server performs the polling and trapping of data, it calculates triggers, se # Zabbix server images -These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.9, Ubuntu 18.04 (bionic) and CentOS 7 images. The available versions of Zabbix server are: +These are the only official Zabbix server Docker images. They are based on Alpine Linux v3.11, Ubuntu 18.04 (bionic) and CentOS 7 images. The available versions of Zabbix server are: Zabbix server 3.0 (tags: alpine-3.0-latest, ubuntu-3.0-latest, centos-3.0-latest) Zabbix server 3.0.* (tags: alpine-3.0.*, ubuntu-3.0.*, centos-3.0.*) @@ -129,6 +129,12 @@ The variable enable communication with Zabbix Java Gateway to collect Java relat Additionally the image allows to specify many other environment variables listed below: ``` +ZBX_DBTLSCONNECT= # Available since 5.0.0 +ZBX_DBTLSCAFILE= # Available since 5.0.0 +ZBX_DBTLSCERTFILE= # Available since 5.0.0 +ZBX_DBTLSKEYFILE= # Available since 5.0.0 +ZBX_DBTLSCIPHER= # Available since 5.0.0 +ZBX_DBTLSCIPHER13= # Available since 5.0.0 ZBX_LISTENIP= ZBX_HISTORYSTORAGEURL= # Available since 3.4.0 ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.0 @@ -179,6 +185,12 @@ ZBX_TLSCAFILE= ZBX_TLSCRLFILE= ZBX_TLSCERTFILE= ZBX_TLSKEYFILE= +ZBX_TLSCIPHERALL= # Available since 4.4.7 +ZBX_TLSCIPHERALL13= # Available since 4.4.7 +ZBX_TLSCIPHERCERT= # Available since 4.4.7 +ZBX_TLSCIPHERCERT13= # Available since 4.4.7 +ZBX_TLSCIPHERPSK= # Available since 4.4.7 +ZBX_TLSCIPHERPSK13= # Available since 4.4.7 ``` Default values of these variables are specified after equal sign. diff --git a/server-mysql/rhel/docker-entrypoint.sh b/server-mysql/rhel/docker-entrypoint.sh index 2a6629615..755c64913 100755 --- a/server-mysql/rhel/docker-entrypoint.sh +++ b/server-mysql/rhel/docker-entrypoint.sh @@ -396,6 +396,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/server-mysql/ubuntu/docker-entrypoint.sh b/server-mysql/ubuntu/docker-entrypoint.sh index 59773fb50..22b595854 100755 --- a/server-mysql/ubuntu/docker-entrypoint.sh +++ b/server-mysql/ubuntu/docker-entrypoint.sh @@ -396,6 +396,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/server-pgsql/alpine/docker-entrypoint.sh b/server-pgsql/alpine/docker-entrypoint.sh index eb947d616..568562bff 100755 --- a/server-pgsql/alpine/docker-entrypoint.sh +++ b/server-pgsql/alpine/docker-entrypoint.sh @@ -463,6 +463,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/server-pgsql/centos/docker-entrypoint.sh b/server-pgsql/centos/docker-entrypoint.sh index eb947d616..568562bff 100755 --- a/server-pgsql/centos/docker-entrypoint.sh +++ b/server-pgsql/centos/docker-entrypoint.sh @@ -463,6 +463,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}" diff --git a/server-pgsql/ubuntu/docker-entrypoint.sh b/server-pgsql/ubuntu/docker-entrypoint.sh index e823d6321..27acf0933 100755 --- a/server-pgsql/ubuntu/docker-entrypoint.sh +++ b/server-pgsql/ubuntu/docker-entrypoint.sh @@ -463,6 +463,12 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "TLSCRLFile" "${ZBX_TLSCRLFILE}" update_config_var $ZBX_CONFIG "TLSCertFile" "${ZBX_TLSCERTFILE}" + update_config_var $ZBX_CONFIG "TLSCipherAll" "${ZBX_TLSCIPHERALL}" + update_config_var $ZBX_CONFIG "TLSCipherAll13" "${ZBX_TLSCIPHERALL13}" + update_config_var $ZBX_CONFIG "TLSCipherCert" "${ZBX_TLSCIPHERCERT}" + update_config_var $ZBX_CONFIG "TLSCipherCert13" "${ZBX_TLSCIPHERCERT13}" + update_config_var $ZBX_CONFIG "TLSCipherPSK" "${ZBX_TLSCIPHERPSK}" + update_config_var $ZBX_CONFIG "TLSCipherPSK13" "${ZBX_TLSCIPHERPSK13}" update_config_var $ZBX_CONFIG "TLSKeyFile" "${ZBX_TLSKEYFILE}" update_config_var $ZBX_CONFIG "TLSPSKIdentity" "${ZBX_TLSPSKIDENTITY}"