mirror of
https://github.com/zabbix/zabbix-docker.git
synced 2024-12-27 16:59:08 +01:00
2da6081c7a
PIE (ASLR) mitigation + Full RELRO mitigation
121 lines
4.2 KiB
Docker
121 lines
4.2 KiB
Docker
FROM alpine:3.4
|
|
MAINTAINER Alexey Pustovalov <alexey.pustovalov@zabbix.com>
|
|
|
|
ARG APK_FLAGS_COMMON="-q"
|
|
ARG APK_FLAGS_PERSISTANT="${APK_FLAGS_COMMON} --clean-protected --no-cache"
|
|
ARG APK_FLAGS_DEV="${APK_FLAGS_COMMON} --no-cache"
|
|
ARG DB_TYPE=mysql
|
|
ENV TERM=xterm
|
|
ENV MIBDIRS=/usr/share/snmp/mibs:/var/lib/zabbix/mibs MIBS=+ALL
|
|
|
|
RUN addgroup zabbix && \
|
|
adduser -S \
|
|
-D -G zabbix \
|
|
-h /var/lib/zabbix/ \
|
|
zabbix && \
|
|
mkdir -p /etc/zabbix/ && \
|
|
mkdir -p /var/lib/zabbix && \
|
|
mkdir -p /var/lib/zabbix/enc && \
|
|
mkdir -p /var/lib/zabbix/modules && \
|
|
mkdir -p /var/lib/zabbix/ssh_keys && \
|
|
mkdir -p /var/lib/zabbix/ssl && \
|
|
mkdir -p /var/lib/zabbix/ssl/certs && \
|
|
mkdir -p /var/lib/zabbix/ssl/keys && \
|
|
mkdir -p /var/lib/zabbix/ssl/ssl_ca && \
|
|
mkdir -p /usr/lib/zabbix/externalscripts && \
|
|
mkdir -p /usr/lib/zabbix/alertscripts && \
|
|
mkdir -p /var/lib/zabbix/mibs && \
|
|
mkdir -p /var/lib/zabbix/snmptraps && \
|
|
chown --quiet -R zabbix:root /var/lib/zabbix && \
|
|
mkdir -p /usr/share/doc/zabbix-server-${DB_TYPE} && \
|
|
apk update && \
|
|
apk add ${APK_FLAGS_PERSISTANT} \
|
|
supervisor \
|
|
bash \
|
|
mariadb-client-libs \
|
|
mariadb-client \
|
|
fping \
|
|
libxml2 \
|
|
unixodbc \
|
|
net-snmp-agent-libs \
|
|
libldap \
|
|
libcurl \
|
|
openipmi-libs \
|
|
libevent \
|
|
libssh2 && \
|
|
rm -rf /var/cache/apk/*
|
|
|
|
ARG MAJOR_VERSION=3.4
|
|
ARG ZBX_VERSION=${MAJOR_VERSION}
|
|
ARG ZBX_SOURCES=svn://svn.zabbix.com/trunk/
|
|
ENV ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} DB_TYPE=${DB_TYPE}
|
|
|
|
RUN apk add ${APK_FLAGS_DEV} --virtual build-dependencies \
|
|
alpine-sdk \
|
|
coreutils \
|
|
automake \
|
|
autoconf \
|
|
mysql-dev \
|
|
libxml2-dev \
|
|
unixodbc-dev \
|
|
net-snmp-dev \
|
|
libssh2-dev \
|
|
openipmi-dev \
|
|
openldap-dev \
|
|
curl-dev \
|
|
libevent-dev \
|
|
subversion && \
|
|
cd /tmp/ && \
|
|
svn --quiet export ${ZBX_SOURCES} zabbix-${ZBX_VERSION} 1>/dev/null && \
|
|
cd /tmp/zabbix-${ZBX_VERSION} && \
|
|
zabbix_revision=`svn info ${ZBX_SOURCES} |grep "Last Changed Rev"|awk '{print $4;}'` && \
|
|
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
|
|
./bootstrap.sh 1>/dev/null && \
|
|
export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \
|
|
./configure \
|
|
--prefix=/usr \
|
|
--silent \
|
|
--sysconfdir=/etc/zabbix \
|
|
--libdir=/usr/lib/zabbix \
|
|
--datadir=/usr/lib \
|
|
--enable-server \
|
|
--enable-ipv6 \
|
|
# Does not support stable iksemel library
|
|
# --with-jabber \
|
|
--with-ldap \
|
|
--with-net-snmp \
|
|
--with-openipmi \
|
|
--with-ssh2 \
|
|
--with-libcurl \
|
|
--with-unixodbc \
|
|
--with-libxml2 \
|
|
--with-openssl \
|
|
--with-${DB_TYPE} && \
|
|
make -j"$(nproc)" -s dbschema 1>/dev/null && \
|
|
make -j"$(nproc)" -s 1>/dev/null && \
|
|
cp src/zabbix_server/zabbix_server /usr/sbin/zabbix_server && \
|
|
cp conf/zabbix_server.conf /etc/zabbix/zabbix_server.conf && \
|
|
chown --quiet -R zabbix:root /etc/zabbix && \
|
|
cp database/${DB_TYPE}/schema.sql /usr/share/doc/zabbix-server-${DB_TYPE}/ && \
|
|
cp database/${DB_TYPE}/images.sql /usr/share/doc/zabbix-server-${DB_TYPE}/ && \
|
|
cp database/${DB_TYPE}/data.sql /usr/share/doc/zabbix-server-${DB_TYPE}/ && \
|
|
cd /tmp/ && \
|
|
rm -rf /tmp/zabbix-${ZBX_VERSION}/ && \
|
|
apk del ${APK_FLAGS_COMMON} --purge \
|
|
build-dependencies && \
|
|
rm -rf /var/cache/apk/*
|
|
|
|
EXPOSE 10051/TCP 162/UDP
|
|
|
|
WORKDIR /var/lib/zabbix
|
|
|
|
VOLUME ["/usr/lib/zabbix/alertscripts", "/usr/lib/zabbix/externalscripts", "/var/lib/zabbix/enc", "/var/lib/zabbix/modules", "/var/lib/zabbix/ssh_keys"]
|
|
VOLUME ["/var/lib/zabbix/ssl/certs", "/var/lib/zabbix/ssl/keys", "/var/lib/zabbix/ssl/ssl_ca", "/var/lib/zabbix/snmptraps", "/var/lib/zabbix/mibs"]
|
|
|
|
ADD conf/etc/supervisor/ /etc/supervisor/
|
|
ADD run_zabbix_component.sh /
|
|
|
|
ENTRYPOINT ["/bin/bash"]
|
|
|
|
CMD ["/run_zabbix_component.sh", "server", "mysql"]
|