#!/bin/bash set -o pipefail set +e # Script trace mode if [ "${DEBUG_MODE,,}" == "true" ]; then set -o xtrace fi # Default Zabbix installation name # Used only by Zabbix web-interface : ${ZBX_SERVER_NAME:="Zabbix docker"} # Default Zabbix server port number : ${ZBX_SERVER_PORT:="10051"} # Default timezone for web interface : ${PHP_TZ:="Europe/Riga"} # Default directories # Configuration files directory ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" # Apache main configuration file HTTPD_CONF_FILE="/etc/apache2/apache2.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) # unsets the VAR_FILE afterwards and just leaving VAR file_env() { local var="$1" local fileVar="${var}_FILE" local defaultValue="${2:-}" if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then echo "**** Both variables $var and $fileVar are set (but are exclusive)" exit 1 fi local val="$defaultValue" if [ "${!var:-}" ]; then val="${!var}" echo "** Using ${var} variable from ENV" elif [ "${!fileVar:-}" ]; then if [ ! -f "${!fileVar}" ]; then echo "**** Secret file \"${!fileVar}\" is not found" exit 1 fi val="$(< "${!fileVar}")" echo "** Using ${var} variable from secret file" fi export "$var"="$val" unset "$fileVar" } # Check prerequisites for PostgreSQL database check_variables() { file_env POSTGRES_USER file_env POSTGRES_PASSWORD : ${DB_SERVER_HOST:="postgres-server"} : ${DB_SERVER_PORT:="5432"} DB_SERVER_ZBX_USER=${POSTGRES_USER:-"zabbix"} DB_SERVER_ZBX_PASS=${POSTGRES_PASSWORD:-"zabbix"} : ${DB_SERVER_SCHEMA:="public"} DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"} : ${POSTGRES_USE_IMPLICIT_SEARCH_PATH:="false"} } check_db_connect() { echo "********************" echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}" echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}" echo "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}" echo "* DB_SERVER_SCHEMA: ${DB_SERVER_SCHEMA}" if [ "${DEBUG_MODE,,}" == "true" ]; then echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}" echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}" fi echo "********************" if [ -n "${DB_SERVER_ZBX_PASS}" ]; then export PGPASSWORD="${DB_SERVER_ZBX_PASS}" fi WAIT_TIMEOUT=5 if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" export PGOPTIONS fi if [ -n "${ZBX_DBTLSCONNECT}" ]; then PGSSLMODE=${ZBX_DBTLSCONNECT//_/-} export PGSSLMODE=${PGSSLMODE//required/require} export PGSSLROOTCERT=${ZBX_DBTLSCAFILE} export PGSSLCERT=${ZBX_DBTLSCERTFILE} export PGSSLKEY=${ZBX_DBTLSKEYFILE} fi while [ ! "$(psql --host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT} --username ${DB_SERVER_ZBX_USER} --dbname ${DB_SERVER_DBNAME} --list --quiet 2>/dev/null)" ]; do echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done unset PGPASSWORD unset PGOPTIONS unset PGSSLMODE unset PGSSLROOTCERT unset PGSSLCERT unset PGSSLKEY } prepare_web_server() { APACHE_SITES_DIR="/etc/apache2/sites-enabled" ln -sfT "$ZABBIX_ETC_DIR/apache_envvars" "/etc/apache2/envvars" echo "** Adding Zabbix virtual host (HTTP)" if [ -f "$ZABBIX_ETC_DIR/apache.conf" ]; then ln -sfT "$ZABBIX_ETC_DIR/apache.conf" "$APACHE_SITES_DIR/zabbix.conf" else echo "**** Impossible to enable HTTP virtual host" fi if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then echo "** Adding Zabbix virtual host (HTTPS)" if [ -f "$ZABBIX_ETC_DIR/apache_ssl.conf" ]; then ln -sfT "$ZABBIX_ETC_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf" else echo "**** Impossible to enable HTTPS virtual host" fi else echo "**** Impossible to enable SSL support for Apache2. Certificates are missed." fi } clear_deploy() { echo "** Cleaning the system" } prepare_zbx_web_config() { echo "** Preparing Zabbix frontend configuration file" : ${ZBX_DENY_GUI_ACCESS:="false"} export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,} export ZBX_GUI_ACCESS_IP_RANGE=${ZBX_GUI_ACCESS_IP_RANGE:-"['127.0.0.1']"} export ZBX_GUI_WARNING_MSG=${ZBX_GUI_WARNING_MSG:-"Zabbix is under maintenance."} export ZBX_MAXEXECUTIONTIME=${ZBX_MAXEXECUTIONTIME:-"600"} export ZBX_MEMORYLIMIT=${ZBX_MEMORYLIMIT:-"128M"} export ZBX_POSTMAXSIZE=${ZBX_POSTMAXSIZE:-"16M"} export ZBX_UPLOADMAXFILESIZE=${ZBX_UPLOADMAXFILESIZE:-"2M"} export ZBX_MAXINPUTTIME=${ZBX_MAXINPUTTIME:-"300"} export PHP_TZ=${PHP_TZ} export DB_SERVER_TYPE="POSTGRESQL" export DB_SERVER_HOST=${DB_SERVER_HOST} export DB_SERVER_PORT=${DB_SERVER_PORT} export DB_SERVER_DBNAME=${DB_SERVER_DBNAME} export DB_SERVER_SCHEMA=${DB_SERVER_SCHEMA} export DB_SERVER_USER=${DB_SERVER_ZBX_USER} export DB_SERVER_PASS=${DB_SERVER_ZBX_PASS} export ZBX_SERVER_HOST=${ZBX_SERVER_HOST} export ZBX_SERVER_PORT=${ZBX_SERVER_PORT} export ZBX_SERVER_NAME=${ZBX_SERVER_NAME} : ${ZBX_DB_ENCRYPTION:="false"} export ZBX_DB_ENCRYPTION=${ZBX_DB_ENCRYPTION,,} export ZBX_DB_KEY_FILE=${ZBX_DB_KEY_FILE} export ZBX_DB_CERT_FILE=${ZBX_DB_CERT_FILE} export ZBX_DB_CA_FILE=${ZBX_DB_CA_FILE} : ${ZBX_DB_VERIFY_HOST:="false"} export ZBX_DB_VERIFY_HOST=${ZBX_DB_VERIFY_HOST,,} export ZBX_VAULT=${ZBX_VAULT} export ZBX_VAULTURL=${ZBX_VAULTURL} export ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH} export VAULT_TOKEN=${VAULT_TOKEN} export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE} export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE} : ${DB_DOUBLE_IEEE754:="true"} export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,} export ZBX_HISTORYSTORAGEURL=${ZBX_HISTORYSTORAGEURL} export ZBX_HISTORYSTORAGETYPES=${ZBX_HISTORYSTORAGETYPES:-"[]"} export ZBX_SSO_SETTINGS=${ZBX_SSO_SETTINGS:-""} export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY} export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT} export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT} : ${ZBX_ALLOW_HTTP_AUTH:="true"} export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH} if [ -n "${ZBX_SESSION_NAME}" ]; then cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp" sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php" rm -f "/tmp/defines.inc.php_tmp" fi : ${HTTP_INDEX_FILE:="index.php"} sed -i \ -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \ "$ZABBIX_ETC_DIR/apache.conf" if [ -f "$ZABBIX_ETC_DIR/apache_ssl.conf" ]; then sed -i \ -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \ "$ZABBIX_ETC_DIR/apache_ssl.conf" fi : ${ENABLE_WEB_ACCESS_LOG:="true"} if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ "$HTTPD_CONF_FILE" sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ "/etc/apache2/conf-available/other-vhosts-access-log.conf" fi : ${EXPOSE_WEB_SERVER_INFO:="on"} if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then sed -i \ -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \ "$HTTPD_CONF_FILE" else EXPOSE_WEB_SERVER_INFO="on" fi export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} sed -i \ -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \ "$HTTPD_CONF_FILE" } ################################################# echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database" check_variables check_db_connect prepare_web_server prepare_zbx_web_config echo "########################################################" if [ "$1" != "" ]; then echo "** Executing '$@'" exec "$@" elif [ -f "/usr/sbin/httpd" ]; then echo "** Executing HTTPD" exec /usr/sbin/httpd -D FOREGROUND else echo "Unknown instructions. Exiting..." exit 1 fi #################################################