mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2025-01-06 21:59:30 +01:00
179 lines
4.8 KiB
Plaintext
179 lines
4.8 KiB
Plaintext
####### TLS-RELATED PARAMETERS #######
|
|
|
|
### Option: TLSConnect
|
|
# How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy.
|
|
# Only one value can be specified:
|
|
# unencrypted - connect without encryption
|
|
# psk - connect using TLS and a pre-shared key
|
|
# cert - connect using TLS and a certificate
|
|
#
|
|
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
|
|
# Default:
|
|
# TLSConnect=unencrypted
|
|
|
|
TLSConnect=${ZBX_TLSCONNECT}
|
|
|
|
### Option: TLSAccept
|
|
# What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.
|
|
# Multiple values can be specified, separated by comma:
|
|
# unencrypted - accept connections without encryption
|
|
# psk - accept connections secured with TLS and a pre-shared key
|
|
# cert - accept connections secured with TLS and a certificate
|
|
#
|
|
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
|
|
# Default:
|
|
# TLSAccept=unencrypted
|
|
|
|
TLSAccept=${ZBX_TLSACCEPT}
|
|
|
|
### Option: TLSCAFile
|
|
# Full pathname of a file containing the top-level CA(s) certificates for
|
|
# peer certificate verification.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCAFile=
|
|
|
|
TLSCAFile=${ZBX_TLSCAFILE}
|
|
|
|
### Option: TLSCRLFile
|
|
# Full pathname of a file containing revoked certificates.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCRLFile=
|
|
|
|
TLSCRLFile=${ZBX_TLSCRLFILE}
|
|
|
|
### Option: TLSServerCertIssuer
|
|
# Allowed server certificate issuer.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSServerCertIssuer=
|
|
|
|
TLSServerCertIssuer=${ZBX_TLSSERVERCERTISSUER}
|
|
|
|
### Option: TLSServerCertSubject
|
|
# Allowed server certificate subject.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSServerCertSubject=
|
|
|
|
TLSServerCertSubject=${ZBX_TLSSERVERCERTSUBJECT}
|
|
|
|
### Option: TLSCertFile
|
|
# Full pathname of a file containing the proxy certificate or certificate chain.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCertFile=
|
|
|
|
TLSCertFile=${ZBX_TLSCERTFILE}
|
|
|
|
### Option: TLSKeyFile
|
|
# Full pathname of a file containing the proxy private key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSKeyFile=
|
|
|
|
TLSKeyFile=${ZBX_TLSKEYFILE}
|
|
|
|
### Option: TLSPSKIdentity
|
|
# Unique, case sensitive string used to identify the pre-shared key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSPSKIdentity=
|
|
|
|
TLSPSKIdentity=${ZBX_TLSPSKIDENTITY}
|
|
|
|
### Option: TLSPSKFile
|
|
# Full pathname of a file containing the pre-shared key.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSPSKFile=
|
|
|
|
TLSPSKFile=${ZBX_TLSPSKFILE}
|
|
|
|
####### For advanced users - TLS ciphersuite selection criteria #######
|
|
|
|
### Option: TLSCipherCert13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for certificate-based encryption.
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherCert13=
|
|
|
|
TLSCipherCert13=${ZBX_TLSCIPHERCERT13}
|
|
|
|
### Option: TLSCipherCert
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for certificate-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
|
|
# Example for OpenSSL:
|
|
# EECDH+aRSA+AES128:RSA+aRSA+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherCert=
|
|
|
|
TLSCipherCert=${ZBX_TLSCIPHERCERT}
|
|
|
|
### Option: TLSCipherPSK13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for PSK-based encryption.
|
|
# Example:
|
|
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherPSK13=
|
|
|
|
TLSCipherPSK13=${ZBX_TLSCIPHERPSK13}
|
|
|
|
### Option: TLSCipherPSK
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for PSK-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
|
|
# Example for OpenSSL:
|
|
# kECDHEPSK+AES128:kPSK+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherPSK=
|
|
|
|
TLSCipherPSK=${ZBX_TLSCIPHERPSK}
|
|
|
|
### Option: TLSCipherAll13
|
|
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
|
|
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
|
|
# Example:
|
|
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherAll13=
|
|
|
|
TLSCipherAll13=${ZBX_TLSCIPHERALL13}
|
|
|
|
### Option: TLSCipherAll
|
|
# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
|
|
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
|
|
# Example for GnuTLS:
|
|
# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
|
|
# Example for OpenSSL:
|
|
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
|
|
#
|
|
# Mandatory: no
|
|
# Default:
|
|
# TLSCipherAll=
|
|
|
|
TLSCipherAll=${ZBX_TLSCIPHERALL}
|