diff --git a/.env_prx b/.env_prx index 824987a0f..3b16ef249 100644 --- a/.env_prx +++ b/.env_prx @@ -6,6 +6,12 @@ # ZBX_LOGREMOTECOMMANDS=0 # Available since 3.4.0 # ZBX_HOSTNAMEITEM=system.hostname # ZBX_SOURCEIP= +# ZBX_DBTLSCONNECT=require # Available since 5.0.0 +# ZBX_DBTLSCAFILE=/run/secrets/root-ca.pem # Available since 5.0.0 +# ZBX_DBTLSCERTFILE=/run/secrets/client-cert.pem # Available since 5.0.0 +# ZBX_DBTLSKEYFILE=/run/secrets/client-key.pem # Available since 5.0.0 +# ZBX_DBTLSCIPHER= # Available since 5.0.0 +# ZBX_DBTLSCIPHER13= # Available since 5.0.0 # ZBX_DEBUGLEVEL=3 # ZBX_PROXYLOCALBUFFER=0 # ZBX_PROXYOFFLINEBUFFER=1 diff --git a/.env_srv b/.env_srv index f510ed3c6..8a6ddbb3b 100644 --- a/.env_srv +++ b/.env_srv @@ -1,6 +1,12 @@ # ZBX_LISTENIP= # ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5 # ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.5 +# ZBX_DBTLSCONNECT=require # Available since 5.0.0 +# ZBX_DBTLSCAFILE=/run/secrets/root-ca.pem # Available since 5.0.0 +# ZBX_DBTLSCERTFILE=/run/secrets/client-cert.pem # Available since 5.0.0 +# ZBX_DBTLSKEYFILE=/run/secrets/client-key.pem # Available since 5.0.0 +# ZBX_DBTLSCIPHER= # Available since 5.0.0 +# ZBX_DBTLSCIPHER13= # Available since 5.0.0 # ZBX_DEBUGLEVEL=3 # ZBX_STARTPOLLERS=5 # ZBX_IPMIPOLLERS=0 diff --git a/.env_web b/.env_web index 4ef3f6ce5..959fcff33 100644 --- a/.env_web +++ b/.env_web @@ -1,6 +1,12 @@ # ZBX_SERVER_HOST=zabbix-server # ZBX_SERVER_PORT=10051 ZBX_SERVER_NAME=Composed installation +# ZBX_DB_ENCRYPTION=true # Available since 5.0.0 +# ZBX_DB_KEY_FILE=/run/secrets/client-key.pem # Available since 5.0.0 +# ZBX_DB_CERT_FILE=/run/secrets/client-cert.pem # Available since 5.0.0 +# ZBX_DB_CA_FILE=/run/secrets/pgsql-ca.pem # Available since 5.0.0 +# ZBX_DB_VERIFY_HOST=false # Available since 5.0.0 +# ZBX_DB_CIPHER_LIST= # Available since 5.0.0 # ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5 # ZBX_HISTORYSTORAGETYPES=['uint', 'dbl', 'str', 'text', 'log'] # Available since 3.4.5 # ZBX_MAXEXECUTIONTIME=600 diff --git a/docker-compose_v3_alpine_mysql_latest.yaml b/docker-compose_v3_alpine_mysql_latest.yaml index 698e8df13..b1bcbd9f1 100644 --- a/docker-compose_v3_alpine_mysql_latest.yaml +++ b/docker-compose_v3_alpine_mysql_latest.yaml @@ -38,6 +38,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-java-gateway @@ -152,6 +155,13 @@ services: - mysql-server - zabbix-java-gateway - zabbix-snmptraps + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem networks: zbx_net_backend: aliases: @@ -179,6 +189,7 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -193,6 +204,9 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server @@ -232,6 +246,7 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -246,6 +261,9 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server @@ -366,7 +384,15 @@ services: mysql-server: image: mysql:8.0 - command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password] + command: + - mysqld + - --character-set-server=utf8 + - --collation-server=utf8_bin + - --default-authentication-plugin=mysql_native_password +# - --require-secure-transport +# - --ssl-ca=/run/secrets/root-ca.pem +# - --ssl-cert=/run/secrets/server-cert.pem +# - --ssl-key=/run/secrets/server-key.pem volumes: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: @@ -375,6 +401,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD + - mysql-server-key.pem + - mysql-server-cert.pem + - mysql-ca.pem stop_grace_period: 1m networks: zbx_net_backend: @@ -424,3 +453,13 @@ secrets: file: ./.MYSQL_PASSWORD MYSQL_ROOT_PASSWORD: file: ./.MYSQL_ROOT_PASSWORD +# client-key.pem: +# file: ./.ZBX_DB_KEY_FILE +# client-cert.pem: +# file: ./.ZBX_DB_CERT_FILE +# root-ca.pem: +# file: ./.ZBX_DB_CA_FILE +# server-cert.pem: +# file: ./.DB_CERT_FILE +# server-key.pem: +# file: ./.DB_KEY_FILE diff --git a/docker-compose_v3_alpine_mysql_local.yaml b/docker-compose_v3_alpine_mysql_local.yaml index c1b9c23f7..7aa08958f 100644 --- a/docker-compose_v3_alpine_mysql_local.yaml +++ b/docker-compose_v3_alpine_mysql_local.yaml @@ -42,6 +42,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-java-gateway @@ -164,6 +167,13 @@ services: - mysql-server - zabbix-java-gateway - zabbix-snmptraps + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem networks: zbx_net_backend: aliases: @@ -195,6 +205,7 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -209,6 +220,9 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server @@ -252,6 +266,7 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -266,6 +281,9 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server @@ -398,7 +416,15 @@ services: mysql-server: image: mysql:8.0 - command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password] + command: + - mysqld + - --character-set-server=utf8 + - --collation-server=utf8_bin + - --default-authentication-plugin=mysql_native_password +# - --require-secure-transport +# - --ssl-ca=/run/secrets/root-ca.pem +# - --ssl-cert=/run/secrets/server-cert.pem +# - --ssl-key=/run/secrets/server-key.pem volumes: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: @@ -407,6 +433,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD + - mysql-server-key.pem + - mysql-server-cert.pem + - mysql-ca.pem stop_grace_period: 1m networks: zbx_net_backend: @@ -456,3 +485,13 @@ secrets: file: ./.MYSQL_PASSWORD MYSQL_ROOT_PASSWORD: file: ./.MYSQL_ROOT_PASSWORD +# client-key.pem: +# file: ./.ZBX_DB_KEY_FILE +# client-cert.pem: +# file: ./.ZBX_DB_CERT_FILE +# root-ca.pem: +# file: ./.ZBX_DB_CA_FILE +# server-cert.pem: +# file: ./.DB_CERT_FILE +# server-key.pem: +# file: ./.DB_KEY_FILE diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index a59c90c0a..3cbe5dace 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -15,6 +15,9 @@ services: - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro links: - postgres-server:postgres-server - zabbix-java-gateway:zabbix-java-gateway @@ -182,6 +185,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -235,6 +242,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -388,8 +399,12 @@ services: postgres-server: image: postgres:latest +# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem volumes: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro + - ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro + - ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro env_file: - .env_db_pgsql secrets: diff --git a/docker-compose_v3_alpine_pgsql_local.yaml b/docker-compose_v3_alpine_pgsql_local.yaml index 44bbe3aae..323b5ae04 100644 --- a/docker-compose_v3_alpine_pgsql_local.yaml +++ b/docker-compose_v3_alpine_pgsql_local.yaml @@ -19,6 +19,9 @@ services: - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro links: - postgres-server:postgres-server - zabbix-java-gateway:zabbix-java-gateway @@ -182,7 +185,6 @@ services: com.zabbix.dbtype: "mysql" com.zabbix.os: "alpine" - zabbix-web-apache-pgsql: build: context: ./web-apache-pgsql/alpine @@ -199,6 +201,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -256,6 +262,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -421,8 +431,12 @@ services: postgres-server: image: postgres:latest +# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem volumes: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro + - ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro + - ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro env_file: - .env_db_pgsql secrets: diff --git a/docker-compose_v3_centos_mysql_latest.yaml b/docker-compose_v3_centos_mysql_latest.yaml index e217d21d8..0d47da611 100644 --- a/docker-compose_v3_centos_mysql_latest.yaml +++ b/docker-compose_v3_centos_mysql_latest.yaml @@ -38,6 +38,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-java-gateway @@ -152,6 +155,13 @@ services: - mysql-server - zabbix-java-gateway - zabbix-snmptraps + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem networks: zbx_net_backend: aliases: @@ -179,6 +189,7 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -193,6 +204,9 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server @@ -232,6 +246,7 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -246,6 +261,9 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server @@ -366,7 +384,15 @@ services: mysql-server: image: mysql:8.0 - command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password] + command: + - mysqld + - --character-set-server=utf8 + - --collation-server=utf8_bin + - --default-authentication-plugin=mysql_native_password +# - --require-secure-transport +# - --ssl-ca=/run/secrets/root-ca.pem +# - --ssl-cert=/run/secrets/server-cert.pem +# - --ssl-key=/run/secrets/server-key.pem volumes: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: @@ -375,6 +401,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD + - mysql-server-key.pem + - mysql-server-cert.pem + - mysql-ca.pem stop_grace_period: 1m networks: zbx_net_backend: @@ -424,3 +453,13 @@ secrets: file: ./.MYSQL_PASSWORD MYSQL_ROOT_PASSWORD: file: ./.MYSQL_ROOT_PASSWORD +# client-key.pem: +# file: ./.ZBX_DB_KEY_FILE +# client-cert.pem: +# file: ./.ZBX_DB_CERT_FILE +# root-ca.pem: +# file: ./.ZBX_DB_CA_FILE +# server-cert.pem: +# file: ./.DB_CERT_FILE +# server-key.pem: +# file: ./.DB_KEY_FILE diff --git a/docker-compose_v3_centos_mysql_local.yaml b/docker-compose_v3_centos_mysql_local.yaml index 9e73368a1..3a5b20cca 100644 --- a/docker-compose_v3_centos_mysql_local.yaml +++ b/docker-compose_v3_centos_mysql_local.yaml @@ -42,6 +42,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-java-gateway @@ -164,6 +167,13 @@ services: - mysql-server - zabbix-java-gateway - zabbix-snmptraps + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem networks: zbx_net_backend: aliases: @@ -183,7 +193,7 @@ services: build: context: ./web-apache-mysql/centos cache_from: - - centos:centos7 + - centos:centos8 image: zabbix-web-apache-mysql:centos-local ports: - "80:8080" @@ -195,6 +205,7 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -209,6 +220,9 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server @@ -240,7 +254,7 @@ services: build: context: ./web-nginx-mysql/centos cache_from: - - centos:centos7 + - centos:centos8 image: zabbix-web-nginx-mysql:centos-local ports: - "8081:8080" @@ -252,6 +266,7 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -266,6 +281,9 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server @@ -398,7 +416,15 @@ services: mysql-server: image: mysql:8.0 - command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password] + command: + - mysqld + - --character-set-server=utf8 + - --collation-server=utf8_bin + - --default-authentication-plugin=mysql_native_password +# - --require-secure-transport +# - --ssl-ca=/run/secrets/root-ca.pem +# - --ssl-cert=/run/secrets/server-cert.pem +# - --ssl-key=/run/secrets/server-key.pem volumes: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: @@ -407,6 +433,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD + - mysql-server-key.pem + - mysql-server-cert.pem + - mysql-ca.pem stop_grace_period: 1m networks: zbx_net_backend: @@ -456,3 +485,13 @@ secrets: file: ./.MYSQL_PASSWORD MYSQL_ROOT_PASSWORD: file: ./.MYSQL_ROOT_PASSWORD +# client-key.pem: +# file: ./.ZBX_DB_KEY_FILE +# client-cert.pem: +# file: ./.ZBX_DB_CERT_FILE +# root-ca.pem: +# file: ./.ZBX_DB_CA_FILE +# server-cert.pem: +# file: ./.DB_CERT_FILE +# server-key.pem: +# file: ./.DB_KEY_FILE diff --git a/docker-compose_v3_centos_pgsql_latest.yaml b/docker-compose_v3_centos_pgsql_latest.yaml index 935b64a8f..592b7f423 100644 --- a/docker-compose_v3_centos_pgsql_latest.yaml +++ b/docker-compose_v3_centos_pgsql_latest.yaml @@ -15,6 +15,9 @@ services: - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro links: - postgres-server:postgres-server - zabbix-java-gateway:zabbix-java-gateway @@ -182,6 +185,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -235,6 +242,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -388,8 +399,12 @@ services: postgres-server: image: postgres:latest +# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem volumes: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro + - ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro + - ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro env_file: - .env_db_pgsql secrets: diff --git a/docker-compose_v3_centos_pgsql_local.yaml b/docker-compose_v3_centos_pgsql_local.yaml index 3e8c7c9cd..7b97b1682 100644 --- a/docker-compose_v3_centos_pgsql_local.yaml +++ b/docker-compose_v3_centos_pgsql_local.yaml @@ -1,7 +1,10 @@ version: '3.5' services: zabbix-server: - build: ./server-pgsql/centos + build: + context: ./server-pgsql/centos + cache_from: + - centos:centos7 image: zabbix-server-pgsql:centos-local ports: - "10051:10051" @@ -16,6 +19,9 @@ services: - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro links: - postgres-server:postgres-server - zabbix-java-gateway:zabbix-java-gateway @@ -66,7 +72,10 @@ services: com.zabbix.os: "centos" zabbix-proxy-sqlite3: - build: ./proxy-sqlite3/centos + build: + context: ./proxy-sqlite3/centos + cache_from: + - centos:centos7 image: zabbix-proxy-sqlite3:centos-local ports: - "10061:10051" @@ -117,7 +126,10 @@ services: com.zabbix.os: "centos" zabbix-proxy-mysql: - build: ./proxy-mysql/centos + build: + context: ./proxy-mysql/centos + cache_from: + - centos:centos7 image: zabbix-proxy-mysql:centos-local ports: - "10071:10051" @@ -173,9 +185,11 @@ services: com.zabbix.dbtype: "mysql" com.zabbix.os: "centos" - zabbix-web-apache-pgsql: - build: ./web-apache-pgsql/centos + build: + context: ./web-apache-pgsql/centos + cache_from: + - centos:centos8 image: zabbix-web-apache-pgsql:centos-local ports: - "80:8080" @@ -187,6 +201,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -229,7 +247,10 @@ services: com.zabbix.os: "centos" zabbix-web-nginx-pgsql: - build: ./web-nginx-pgsql/centos + build: + context: ./web-nginx-pgsql/centos + cache_from: + - centos:centos8 image: zabbix-web-nginx-pgsql:centos-local ports: - "8081:8080" @@ -241,6 +262,10 @@ services: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -283,7 +308,10 @@ services: com.zabbix.os: "centos" zabbix-agent: - build: ./agent/centos + build: + context: ./agent/centos + cache_from: + - centos:centos7 image: zabbix-agent:centos-local ports: - "10050:10050" @@ -323,7 +351,10 @@ services: com.zabbix.os: "centos" zabbix-java-gateway: - build: ./java-gateway/centos + build: + context: ./java-gateway/centos + cache_from: + - centos:centos7 image: zabbix-java-gateway:centos-local ports: - "10052:10052" @@ -400,8 +431,12 @@ services: postgres-server: image: postgres:latest +# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem volumes: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro + - ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro + - ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro env_file: - .env_db_pgsql secrets: diff --git a/docker-compose_v3_ubuntu_mysql_latest.yaml b/docker-compose_v3_ubuntu_mysql_latest.yaml index 2826a99a8..a0867966f 100644 --- a/docker-compose_v3_ubuntu_mysql_latest.yaml +++ b/docker-compose_v3_ubuntu_mysql_latest.yaml @@ -6,6 +6,7 @@ services: - "10051:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw @@ -37,7 +38,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-java-gateway @@ -60,7 +63,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "mysql" com.zabbix.os: "ubuntu" @@ -71,6 +74,7 @@ services: - "10061:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -96,7 +100,6 @@ services: env_file: - .env_prx - .env_prx_sqlite3 - user: root depends_on: - zabbix-java-gateway - zabbix-snmptraps @@ -110,7 +113,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "ubuntu" @@ -121,6 +124,7 @@ services: - "10071:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -147,11 +151,17 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql - user: root depends_on: - mysql-server - zabbix-java-gateway - zabbix-snmptraps + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem networks: zbx_net_backend: aliases: @@ -162,7 +172,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "ubuntu" @@ -170,14 +180,16 @@ services: zabbix-web-apache-mysql: image: zabbix/zabbix-web-apache-mysql:ubuntu-trunk ports: - - "80:80" - - "443:443" + - "80:8080" + - "443:8443" links: - mysql-server:mysql-server - zabbix-server:zabbix-server volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -192,12 +204,14 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD - user: root +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -214,7 +228,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "mysql" @@ -223,14 +237,16 @@ services: zabbix-web-nginx-mysql: image: zabbix/zabbix-web-nginx-mysql:ubuntu-trunk ports: - - "8081:80" - - "8443:443" + - "8081:8080" + - "8443:8443" links: - mysql-server:mysql-server - zabbix-server:zabbix-server volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -245,12 +261,14 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD - user: root +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -267,7 +285,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "mysql" @@ -279,6 +297,7 @@ services: - "10050:10050" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -296,7 +315,6 @@ services: mode: global env_file: - .env_agent - user: root privileged: true pid: "host" networks: @@ -308,7 +326,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "ubuntu" @@ -326,7 +344,6 @@ services: memory: 256M env_file: - .env_java - user: root networks: zbx_net_backend: aliases: @@ -335,14 +352,14 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "ubuntu" zabbix-snmptraps: image: zabbix/zabbix-snmptraps:ubuntu-trunk ports: - - "162:162/udp" + - "162:1162/udp" volumes: - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw deploy: @@ -353,7 +370,6 @@ services: reservations: cpus: '0.25' memory: 128M - user: root networks: zbx_net_frontend: aliases: @@ -362,13 +378,21 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" mysql-server: image: mysql:8.0 - command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password] + command: + - mysqld + - --character-set-server=utf8 + - --collation-server=utf8_bin + - --default-authentication-plugin=mysql_native_password +# - --require-secure-transport +# - --ssl-ca=/run/secrets/root-ca.pem +# - --ssl-cert=/run/secrets/server-cert.pem +# - --ssl-key=/run/secrets/server-key.pem volumes: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: @@ -377,7 +401,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root + - mysql-server-key.pem + - mysql-server-cert.pem + - mysql-ca.pem stop_grace_period: 1m networks: zbx_net_backend: @@ -427,3 +453,13 @@ secrets: file: ./.MYSQL_PASSWORD MYSQL_ROOT_PASSWORD: file: ./.MYSQL_ROOT_PASSWORD +# client-key.pem: +# file: ./.ZBX_DB_KEY_FILE +# client-cert.pem: +# file: ./.ZBX_DB_CERT_FILE +# root-ca.pem: +# file: ./.ZBX_DB_CA_FILE +# server-cert.pem: +# file: ./.DB_CERT_FILE +# server-key.pem: +# file: ./.DB_KEY_FILE diff --git a/docker-compose_v3_ubuntu_mysql_local.yaml b/docker-compose_v3_ubuntu_mysql_local.yaml index b6787c874..87bd212af 100644 --- a/docker-compose_v3_ubuntu_mysql_local.yaml +++ b/docker-compose_v3_ubuntu_mysql_local.yaml @@ -10,6 +10,7 @@ services: - "10051:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw @@ -41,7 +42,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-java-gateway @@ -64,7 +67,7 @@ services: - net.ipv4.conf.all.send_redirects=0 labels: com.zabbix.description: "Zabbix server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-server" com.zabbix.dbtype: "mysql" com.zabbix.os: "ubuntu" @@ -79,6 +82,7 @@ services: - "10061:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -104,7 +108,6 @@ services: env_file: - .env_prx - .env_prx_sqlite3 - user: root depends_on: - zabbix-java-gateway - zabbix-snmptraps @@ -118,7 +121,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with SQLite3 database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "sqlite3" com.zabbix.os: "ubuntu" @@ -133,6 +136,7 @@ services: - "10071:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -159,11 +163,17 @@ services: - .env_db_mysql_proxy - .env_prx - .env_prx_mysql - user: root depends_on: - mysql-server - zabbix-java-gateway - zabbix-snmptraps + secrets: + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD +# - client-key.pem +# - client-cert.pem +# - root-ca.pem networks: zbx_net_backend: aliases: @@ -174,7 +184,7 @@ services: stop_grace_period: 30s labels: com.zabbix.description: "Zabbix proxy with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-proxy" com.zabbix.dbtype: "mysql" com.zabbix.os: "ubuntu" @@ -186,14 +196,16 @@ services: - ubuntu:bionic image: zabbix-web-apache-mysql:ubuntu-local ports: - - "80:80" - - "443:443" + - "80:8080" + - "443:8443" links: - mysql-server:mysql-server - zabbix-server:zabbix-server volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -208,12 +220,14 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD - user: root +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -230,7 +244,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "apache2" com.zabbix.dbtype: "mysql" @@ -243,14 +257,16 @@ services: - ubuntu:bionic image: zabbix-web-nginx-mysql:ubuntu-local ports: - - "8081:80" - - "8443:443" + - "8081:8080" + - "8443:8443" links: - mysql-server:mysql-server - zabbix-server:zabbix-server volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro deploy: resources: limits: @@ -265,12 +281,14 @@ services: secrets: - MYSQL_USER - MYSQL_PASSWORD - user: root +# - client-key.pem +# - client-cert.pem +# - root-ca.pem depends_on: - mysql-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -287,7 +305,7 @@ services: - net.core.somaxconn=65535 labels: com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-frontend" com.zabbix.webserver: "nginx" com.zabbix.dbtype: "mysql" @@ -303,6 +321,7 @@ services: - "10050:10050" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -320,7 +339,6 @@ services: mode: global env_file: - .env_agent - user: root privileged: true pid: "host" networks: @@ -332,7 +350,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix agent" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "zabbix-agentd" com.zabbix.os: "ubuntu" @@ -354,7 +372,6 @@ services: memory: 256M env_file: - .env_java - user: root networks: zbx_net_backend: aliases: @@ -363,7 +380,7 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix Java Gateway" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "java-gateway" com.zabbix.os: "ubuntu" @@ -374,7 +391,7 @@ services: - ubuntu:bionic image: zabbix-snmptraps:ubuntu-local ports: - - "162:162/udp" + - "162:1162/udp" volumes: - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw deploy: @@ -385,7 +402,6 @@ services: reservations: cpus: '0.25' memory: 128M - user: root networks: zbx_net_frontend: aliases: @@ -394,13 +410,21 @@ services: stop_grace_period: 5s labels: com.zabbix.description: "Zabbix snmptraps" - com.zabbix.company: "Zabbix SIA" + com.zabbix.company: "Zabbix LLC" com.zabbix.component: "snmptraps" com.zabbix.os: "ubuntu" mysql-server: image: mysql:8.0 - command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin, --default-authentication-plugin=mysql_native_password] + command: + - mysqld + - --character-set-server=utf8 + - --collation-server=utf8_bin + - --default-authentication-plugin=mysql_native_password +# - --require-secure-transport +# - --ssl-ca=/run/secrets/root-ca.pem +# - --ssl-cert=/run/secrets/server-cert.pem +# - --ssl-key=/run/secrets/server-key.pem volumes: - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw env_file: @@ -409,7 +433,9 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root + - mysql-server-key.pem + - mysql-server-cert.pem + - mysql-ca.pem stop_grace_period: 1m networks: zbx_net_backend: @@ -459,3 +485,13 @@ secrets: file: ./.MYSQL_PASSWORD MYSQL_ROOT_PASSWORD: file: ./.MYSQL_ROOT_PASSWORD +# client-key.pem: +# file: ./.ZBX_DB_KEY_FILE +# client-cert.pem: +# file: ./.ZBX_DB_CERT_FILE +# root-ca.pem: +# file: ./.ZBX_DB_CA_FILE +# server-cert.pem: +# file: ./.DB_CERT_FILE +# server-key.pem: +# file: ./.DB_KEY_FILE diff --git a/docker-compose_v3_ubuntu_pgsql_latest.yaml b/docker-compose_v3_ubuntu_pgsql_latest.yaml index 7aade0657..b3a30a576 100644 --- a/docker-compose_v3_ubuntu_pgsql_latest.yaml +++ b/docker-compose_v3_ubuntu_pgsql_latest.yaml @@ -6,6 +6,7 @@ services: - "10051:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw @@ -14,6 +15,9 @@ services: - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro links: - postgres-server:postgres-server - zabbix-java-gateway:zabbix-java-gateway @@ -36,7 +40,6 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-java-gateway @@ -70,6 +73,7 @@ services: - "10061:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -95,7 +99,6 @@ services: env_file: - .env_prx - .env_prx_sqlite3 - user: root depends_on: - zabbix-java-gateway - zabbix-snmptraps @@ -120,6 +123,7 @@ services: - "10071:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -150,7 +154,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root depends_on: - mysql-server - zabbix-java-gateway @@ -173,14 +176,19 @@ services: zabbix-web-apache-pgsql: image: zabbix/zabbix-web-apache-pgsql:ubuntu-trunk ports: - - "80:80" - - "443:443" + - "80:8080" + - "443:8443" links: - postgres-server:postgres-server - zabbix-server:zabbix-server volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -195,12 +203,11 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -226,14 +233,19 @@ services: zabbix-web-nginx-pgsql: image: zabbix/zabbix-web-nginx-pgsql:ubuntu-trunk ports: - - "8081:80" - - "8443:443" + - "8081:8080" + - "8443:8443" links: - postgres-server:postgres-server - zabbix-server:zabbix-server volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -248,12 +260,11 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -282,6 +293,7 @@ services: - "10050:10050" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -299,7 +311,6 @@ services: mode: global env_file: - .env_agent - user: root privileged: true pid: "host" networks: @@ -329,7 +340,6 @@ services: memory: 256M env_file: - .env_java - user: root networks: zbx_net_backend: aliases: @@ -345,7 +355,7 @@ services: zabbix-snmptraps: image: zabbix/zabbix-snmptraps:ubuntu-trunk ports: - - "162:162/udp" + - "162:1162/udp" volumes: - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw deploy: @@ -356,7 +366,6 @@ services: reservations: cpus: '0.25' memory: 128M - user: root networks: zbx_net_frontend: aliases: @@ -380,7 +389,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: @@ -391,14 +399,17 @@ services: postgres-server: image: postgres:latest +# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem volumes: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro + - ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro + - ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro env_file: - .env_db_pgsql secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: diff --git a/docker-compose_v3_ubuntu_pgsql_local.yaml b/docker-compose_v3_ubuntu_pgsql_local.yaml index 98ab5a4c2..1a1aa9708 100644 --- a/docker-compose_v3_ubuntu_pgsql_local.yaml +++ b/docker-compose_v3_ubuntu_pgsql_local.yaml @@ -1,12 +1,16 @@ version: '3.5' services: zabbix-server: - build: ./server-pgsql/ubuntu + build: + context: ./server-pgsql/ubuntu + cache_from: + - ubuntu:bionic image: zabbix-server-pgsql:ubuntu-local ports: - "10051:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw @@ -15,6 +19,9 @@ services: - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro links: - postgres-server:postgres-server - zabbix-java-gateway:zabbix-java-gateway @@ -37,7 +44,6 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-java-gateway @@ -66,12 +72,16 @@ services: com.zabbix.os: "ubuntu" zabbix-proxy-sqlite3: - build: ./proxy-sqlite3/ubuntu + build: + context: ./proxy-sqlite3/ubuntu + cache_from: + - ubuntu:bionic image: zabbix-proxy-sqlite3:ubuntu-local ports: - "10061:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -97,7 +107,6 @@ services: env_file: - .env_prx - .env_prx_sqlite3 - user: root depends_on: - zabbix-java-gateway - zabbix-snmptraps @@ -117,12 +126,16 @@ services: com.zabbix.os: "ubuntu" zabbix-proxy-mysql: - build: ./proxy-mysql/ubuntu + build: + context: ./proxy-mysql/ubuntu + cache_from: + - ubuntu:bionic image: zabbix-proxy-mysql:ubuntu-local ports: - "10071:10051" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -153,7 +166,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root depends_on: - mysql-server - zabbix-java-gateway @@ -173,19 +185,26 @@ services: com.zabbix.dbtype: "mysql" com.zabbix.os: "ubuntu" - zabbix-web-apache-pgsql: - build: ./web-apache-pgsql/ubuntu + build: + context: ./web-apache-pgsql/ubuntu + cache_from: + - ubuntu:bionic image: zabbix-web-apache-pgsql:ubuntu-local ports: - - "80:80" - - "443:443" + - "80:8080" + - "443:8443" links: - postgres-server:postgres-server - zabbix-server:zabbix-server volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -200,12 +219,11 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -229,17 +247,25 @@ services: com.zabbix.os: "ubuntu" zabbix-web-nginx-pgsql: - build: ./web-nginx-pgsql/ubuntu + build: + context: ./web-nginx-pgsql/ubuntu + cache_from: + - ubuntu:bionic image: zabbix-web-nginx-pgsql:ubuntu-local ports: - - "8081:80" - - "8443:443" + - "8081:8080" + - "8443:8443" links: - postgres-server:postgres-server - zabbix-server:zabbix-server volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +# - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +# - ./.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +# - ./.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro deploy: resources: limits: @@ -254,12 +280,11 @@ services: secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root depends_on: - postgres-server - zabbix-server healthcheck: - test: ["CMD", "curl", "-f", "http://localhost"] + test: ["CMD", "curl", "-f", "http://localhost:8080/"] interval: 10s timeout: 5s retries: 3 @@ -283,12 +308,16 @@ services: com.zabbix.os: "ubuntu" zabbix-agent: - build: ./agent/ubuntu + build: + context: ./agent/ubuntu + cache_from: + - ubuntu:bionic image: zabbix-agent:ubuntu-local ports: - "10050:10050" volumes: - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro - ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro @@ -306,7 +335,6 @@ services: mode: global env_file: - .env_agent - user: root privileged: true pid: "host" networks: @@ -323,7 +351,10 @@ services: com.zabbix.os: "ubuntu" zabbix-java-gateway: - build: ./java-gateway/ubuntu + build: + context: ./java-gateway/ubuntu + cache_from: + - ubuntu:bionic image: zabbix-java-gateway:ubuntu-local ports: - "10052:10052" @@ -337,7 +368,6 @@ services: memory: 256M env_file: - .env_java - user: root networks: zbx_net_backend: aliases: @@ -351,10 +381,13 @@ services: com.zabbix.os: "ubuntu" zabbix-snmptraps: - build: ./snmptraps/ubuntu + build: + context: ./snmptraps/ubuntu + cache_from: + - ubuntu:bionic image: zabbix-snmptraps:ubuntu-local ports: - - "162:162/udp" + - "162:1162/udp" volumes: - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:rw deploy: @@ -365,7 +398,6 @@ services: reservations: cpus: '0.25' memory: 128M - user: root networks: zbx_net_frontend: aliases: @@ -389,7 +421,6 @@ services: - MYSQL_USER - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: @@ -400,14 +431,17 @@ services: postgres-server: image: postgres:latest +# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem volumes: - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - ./.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro + - ./.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro + - ./.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro env_file: - .env_db_pgsql secrets: - POSTGRES_USER - POSTGRES_PASSWORD - user: root stop_grace_period: 1m networks: zbx_net_backend: diff --git a/proxy-mysql/alpine/docker-entrypoint.sh b/proxy-mysql/alpine/docker-entrypoint.sh index a834d688c..5c92d8289 100755 --- a/proxy-mysql/alpine/docker-entrypoint.sh +++ b/proxy-mysql/alpine/docker-entrypoint.sh @@ -188,8 +188,12 @@ check_db_connect_mysql() { WAIT_TIMEOUT=5 + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -199,8 +203,12 @@ mysql_query() { query=$1 local result="" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query") + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts) echo $result } @@ -245,9 +253,13 @@ create_db_schema_mysql() { if [ -z "${ZBX_DB_VERSION}" ]; then echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \ -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \ + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \ ${DB_SERVER_DBNAME} 1>/dev/null fi } @@ -278,6 +290,15 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" + update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" + update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" + update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" + update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" + update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" + fi + update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" diff --git a/proxy-mysql/centos/docker-entrypoint.sh b/proxy-mysql/centos/docker-entrypoint.sh index a834d688c..bcae364a4 100755 --- a/proxy-mysql/centos/docker-entrypoint.sh +++ b/proxy-mysql/centos/docker-entrypoint.sh @@ -188,8 +188,12 @@ check_db_connect_mysql() { WAIT_TIMEOUT=5 + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -199,8 +203,12 @@ mysql_query() { query=$1 local result="" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query") + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts) echo $result } @@ -245,9 +253,13 @@ create_db_schema_mysql() { if [ -z "${ZBX_DB_VERSION}" ]; then echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + zcat /usr/share/doc/zabbix-proxy-mysql/create.sql.gz | mysql --silent --skip-column-names \ -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \ + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \ ${DB_SERVER_DBNAME} 1>/dev/null fi } @@ -278,6 +290,15 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" + update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" + update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" + update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" + update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" + update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" + fi + update_config_var $ZBX_CONFIG "EnableRemoteCommands" "${ZBX_ENABLEREMOTECOMMANDS}" update_config_var $ZBX_CONFIG "LogRemoteCommands" "${ZBX_LOGREMOTECOMMANDS}" diff --git a/server-mysql/alpine/docker-entrypoint.sh b/server-mysql/alpine/docker-entrypoint.sh index 085e3e1cc..428d497ba 100755 --- a/server-mysql/alpine/docker-entrypoint.sh +++ b/server-mysql/alpine/docker-entrypoint.sh @@ -183,8 +183,12 @@ check_db_connect_mysql() { WAIT_TIMEOUT=5 + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -194,8 +198,12 @@ mysql_query() { query=$1 local result="" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query") + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts) echo $result } @@ -240,9 +248,13 @@ create_db_schema_mysql() { if [ -z "${ZBX_DB_VERSION}" ]; then echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \ -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \ + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \ ${DB_SERVER_DBNAME} 1>/dev/null fi } @@ -262,6 +274,15 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" + update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" + update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" + update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" + update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" + update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" + fi + update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" diff --git a/server-mysql/centos/docker-entrypoint.sh b/server-mysql/centos/docker-entrypoint.sh index 085e3e1cc..428d497ba 100755 --- a/server-mysql/centos/docker-entrypoint.sh +++ b/server-mysql/centos/docker-entrypoint.sh @@ -183,8 +183,12 @@ check_db_connect_mysql() { WAIT_TIMEOUT=5 + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -194,8 +198,12 @@ mysql_query() { query=$1 local result="" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + result=$(mysql --silent --skip-column-names -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query") + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" -e "$query" $ssl_opts) echo $result } @@ -240,9 +248,13 @@ create_db_schema_mysql() { if [ -z "${ZBX_DB_VERSION}" ]; then echo "** Creating '${DB_SERVER_DBNAME}' schema in MySQL" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DBTLSCAFILE} --ssl-key=${ZBX_DBTLSKEYFILE} --ssl-cert=${ZBX_DBTLSCERTFILE}" + fi + zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql --silent --skip-column-names \ -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} \ - -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" \ + -u ${DB_SERVER_ROOT_USER} --password="${DB_SERVER_ROOT_PASS}" $ssl_opts \ ${DB_SERVER_DBNAME} 1>/dev/null fi } @@ -262,6 +274,15 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" + update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" + update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" + update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" + update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" + update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" + fi + update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" diff --git a/server-pgsql/alpine/docker-entrypoint.sh b/server-pgsql/alpine/docker-entrypoint.sh index 488223c62..33a6bb760 100755 --- a/server-pgsql/alpine/docker-entrypoint.sh +++ b/server-pgsql/alpine/docker-entrypoint.sh @@ -177,13 +177,18 @@ check_db_connect_postgresql() { fi WAIT_TIMEOUT=5 - + if [ -n "${DB_SERVER_SCHEMA}" ]; then PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" export PGOPTIONS fi - while [ ! "$(psql -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + dbtlsconnect=${ZBX_DBTLSCONNECT//_/-} + ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}" + fi + + while [ ! "$(psql "$ssl_opts" -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -201,13 +206,18 @@ psql_query() { if [ -n "${DB_SERVER_ZBX_PASS}" ]; then export PGPASSWORD="${DB_SERVER_ZBX_PASS}" fi - + if [ -n "${DB_SERVER_SCHEMA}" ]; then PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" export PGOPTIONS fi - result=$(psql -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + dbtlsconnect=${ZBX_DBTLSCONNECT//_/-} + ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}" + fi + + result=$(psql -A -q -t "$ssl_opts" -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ -U ${DB_SERVER_ROOT_USER} -c "$query" $db 2>/dev/null); unset PGPASSWORD @@ -268,12 +278,17 @@ create_db_schema_postgresql() { export PGOPTIONS fi - zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql -q \ + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + dbtlsconnect=${ZBX_DBTLSCONNECT//_/-} + ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}" + fi + + zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql "$ssl_opts" -q \ -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ -U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then - cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql -q \ + cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql "$ssl_opts" -q \ -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ -U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null fi @@ -301,6 +316,15 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" + update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" + update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" + update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" + update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" + update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" + fi + update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" diff --git a/server-pgsql/centos/docker-entrypoint.sh b/server-pgsql/centos/docker-entrypoint.sh index 488223c62..29e1fd23e 100755 --- a/server-pgsql/centos/docker-entrypoint.sh +++ b/server-pgsql/centos/docker-entrypoint.sh @@ -177,13 +177,18 @@ check_db_connect_postgresql() { fi WAIT_TIMEOUT=5 - + if [ -n "${DB_SERVER_SCHEMA}" ]; then PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" export PGOPTIONS fi - while [ ! "$(psql -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + dbtlsconnect=${ZBX_DBTLSCONNECT//_/-} + ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}" + fi + + while [ ! "$(psql "$ssl_opts" -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -201,13 +206,18 @@ psql_query() { if [ -n "${DB_SERVER_ZBX_PASS}" ]; then export PGPASSWORD="${DB_SERVER_ZBX_PASS}" fi - + if [ -n "${DB_SERVER_SCHEMA}" ]; then PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" export PGOPTIONS fi - result=$(psql -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + dbtlsconnect=${ZBX_DBTLSCONNECT//_/-} + ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}" + fi + + result=$(psql "$ssl_opts" -A -q -t -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ -U ${DB_SERVER_ROOT_USER} -c "$query" $db 2>/dev/null); unset PGPASSWORD @@ -268,12 +278,17 @@ create_db_schema_postgresql() { export PGOPTIONS fi - zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql -q \ + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + dbtlsconnect=${ZBX_DBTLSCONNECT//_/-} + ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}" + fi + + zcat /usr/share/doc/zabbix-server-postgresql/create.sql.gz | psql "$ssl_opts" -q \ -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ -U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null if [ "${ENABLE_TIMESCALEDB}" == "true" ]; then - cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql -q \ + cat /usr/share/doc/zabbix-server-postgresql/timescaledb.sql | psql "$ssl_opts" -q \ -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} \ -U ${DB_SERVER_ZBX_USER} ${DB_SERVER_DBNAME} 1>/dev/null fi @@ -301,6 +316,15 @@ update_zbx_config() { update_config_var $ZBX_CONFIG "DebugLevel" "${ZBX_DEBUGLEVEL}" + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + update_config_var $ZBX_CONFIG "DBTLSConnect" "${ZBX_DBTLSCONNECT}" + update_config_var $ZBX_CONFIG "DBTLSCAFile" "${ZBX_DBTLSCAFILE}" + update_config_var $ZBX_CONFIG "DBTLSCertFile" "${ZBX_DBTLSCERTFILE}" + update_config_var $ZBX_CONFIG "DBTLSKeyFile" "${ZBX_DBTLSKEYFILE}" + update_config_var $ZBX_CONFIG "DBTLSCipher" "${ZBX_DBTLSCIPHER}" + update_config_var $ZBX_CONFIG "DBTLSCipher13" "${ZBX_DBTLSCIPHER13}" + fi + update_config_var $ZBX_CONFIG "DBHost" "${DB_SERVER_HOST}" update_config_var $ZBX_CONFIG "DBName" "${DB_SERVER_DBNAME}" update_config_var $ZBX_CONFIG "DBSchema" "${DB_SERVER_SCHEMA}" diff --git a/web-apache-mysql/alpine/Dockerfile b/web-apache-mysql/alpine/Dockerfile index 47a1d10fe..e576dc333 100644 --- a/web-apache-mysql/alpine/Dockerfile +++ b/web-apache-mysql/alpine/Dockerfile @@ -80,9 +80,9 @@ RUN set -eux && \ rm -rf tests && \ ./locale/make_mo.sh && \ ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ - chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/ && \ chgrp -R 0 /etc/apache2/ /etc/php7/ && \ chmod -R g=u /etc/apache2/ /etc/php7/ && \ @@ -94,7 +94,7 @@ EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix -VOLUME ["/etc/ssl/apache2"] +VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules/"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/web-apache-mysql/alpine/docker-entrypoint.sh b/web-apache-mysql/alpine/docker-entrypoint.sh index a5f04bafd..1c1a559c2 100755 --- a/web-apache-mysql/alpine/docker-entrypoint.sh +++ b/web-apache-mysql/alpine/docker-entrypoint.sh @@ -178,8 +178,12 @@ check_db_connect() { WAIT_TIMEOUT=5 + if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -236,6 +240,10 @@ prepare_zbx_web_config() { history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ diff --git a/web-apache-mysql/centos/Dockerfile b/web-apache-mysql/centos/Dockerfile index 26ab71f26..2a6da73ad 100644 --- a/web-apache-mysql/centos/Dockerfile +++ b/web-apache-mysql/centos/Dockerfile @@ -79,9 +79,9 @@ RUN set -eux && \ cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cut -d"'" -f 2 | sort | \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ - chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ @@ -98,7 +98,7 @@ EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix -VOLUME ["/etc/ssl/apache2"] +VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/web-apache-mysql/centos/docker-entrypoint.sh b/web-apache-mysql/centos/docker-entrypoint.sh index d7c3f7641..5a95668cf 100755 --- a/web-apache-mysql/centos/docker-entrypoint.sh +++ b/web-apache-mysql/centos/docker-entrypoint.sh @@ -178,8 +178,12 @@ check_db_connect() { WAIT_TIMEOUT=5 + if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -236,6 +240,10 @@ prepare_zbx_web_config() { history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ diff --git a/web-apache-mysql/ubuntu/Dockerfile b/web-apache-mysql/ubuntu/Dockerfile index 543465fdd..08016c5a2 100644 --- a/web-apache-mysql/ubuntu/Dockerfile +++ b/web-apache-mysql/ubuntu/Dockerfile @@ -98,7 +98,7 @@ EXPOSE 80/TCP 443/TCP WORKDIR /usr/share/zabbix -VOLUME ["/etc/ssl/apache2"] +VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules"] COPY ["conf/etc/zabbix/apache.conf", "/etc/zabbix/"] COPY ["conf/etc/zabbix/apache_ssl.conf", "/etc/zabbix/"] diff --git a/web-apache-pgsql/alpine/Dockerfile b/web-apache-pgsql/alpine/Dockerfile index c10f45471..467dfa1c3 100644 --- a/web-apache-pgsql/alpine/Dockerfile +++ b/web-apache-pgsql/alpine/Dockerfile @@ -79,9 +79,9 @@ RUN set -eux && \ rm -rf tests && \ ./locale/make_mo.sh && \ ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ - chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/apache2/ /etc/php7/ && \ chgrp -R 0 /etc/apache2/ /etc/php7/ && \ chmod -R g=u /etc/apache2/ /etc/php7/ && \ @@ -93,7 +93,7 @@ EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix -VOLUME ["/etc/ssl/apache2"] +VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/web-apache-pgsql/alpine/docker-entrypoint.sh b/web-apache-pgsql/alpine/docker-entrypoint.sh index bb6b72173..0caaf23bb 100755 --- a/web-apache-pgsql/alpine/docker-entrypoint.sh +++ b/web-apache-pgsql/alpine/docker-entrypoint.sh @@ -164,7 +164,7 @@ check_db_connect() { fi WAIT_TIMEOUT=5 - + if [ -n "${DB_SERVER_SCHEMA}" ]; then PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" export PGOPTIONS @@ -226,6 +226,10 @@ prepare_zbx_web_config() { history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ diff --git a/web-apache-pgsql/centos/Dockerfile b/web-apache-pgsql/centos/Dockerfile index adada8512..6b0dbcd05 100644 --- a/web-apache-pgsql/centos/Dockerfile +++ b/web-apache-pgsql/centos/Dockerfile @@ -79,9 +79,9 @@ RUN set -eux && \ cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cut -d"'" -f 2 | sort | \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ - chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ @@ -98,7 +98,7 @@ EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix -VOLUME ["/etc/ssl/apache2"] +VOLUME ["/etc/ssl/apache2", "/usr/share/zabbix/modules"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/web-apache-pgsql/centos/docker-entrypoint.sh b/web-apache-pgsql/centos/docker-entrypoint.sh index c093dbc31..4e7591a5a 100755 --- a/web-apache-pgsql/centos/docker-entrypoint.sh +++ b/web-apache-pgsql/centos/docker-entrypoint.sh @@ -171,13 +171,18 @@ check_db_connect() { fi WAIT_TIMEOUT=5 - + if [ -n "${DB_SERVER_SCHEMA}" ]; then PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}" export PGOPTIONS fi - while [ ! "$(psql -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do + if [ -n "${ZBX_DBTLSCONNECT}" ]; then + dbtlsconnect=${ZBX_DBTLSCONNECT//_/-} + ssl_opts="sslmode=$dbtlsconnect sslrootcert=${ZBX_DBTLSCAFILE} sslcert=${ZBX_DBTLSCERTFILE} sslkey=${ZBX_DBTLSKEYFILE}" + fi + + while [ ! "$(psql "$ssl_opts" -h ${DB_SERVER_HOST} -p ${DB_SERVER_PORT} -U ${DB_SERVER_ROOT_USER} -d ${DB_SERVER_DBNAME} -l -q 2>/dev/null)" ]; do echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -233,6 +238,10 @@ prepare_zbx_web_config() { history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ diff --git a/web-nginx-mysql/alpine/Dockerfile b/web-nginx-mysql/alpine/Dockerfile index e8efaec19..8127783ef 100644 --- a/web-nginx-mysql/alpine/Dockerfile +++ b/web-nginx-mysql/alpine/Dockerfile @@ -73,9 +73,9 @@ RUN set -eux && \ rm -rf tests && \ ./locale/make_mo.sh && \ ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ - chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \ chgrp -R 0 /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \ chmod -R g=u /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \ @@ -90,7 +90,7 @@ EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix -VOLUME ["/etc/ssl/nginx"] +VOLUME ["/etc/ssl/nginx", "/usr/share/zabbix/modules"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/web-nginx-mysql/alpine/docker-entrypoint.sh b/web-nginx-mysql/alpine/docker-entrypoint.sh index 34afaa762..4e98d853b 100755 --- a/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -197,8 +197,12 @@ check_db_connect() { WAIT_TIMEOUT=5 + if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -259,6 +263,10 @@ prepare_zbx_web_config() { history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ diff --git a/web-nginx-mysql/centos/Dockerfile b/web-nginx-mysql/centos/Dockerfile index 876fdc776..8042e7ede 100644 --- a/web-nginx-mysql/centos/Dockerfile +++ b/web-nginx-mysql/centos/Dockerfile @@ -71,9 +71,9 @@ RUN set -eux && \ cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cut -d"'" -f 2 | sort | \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ - chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ @@ -89,7 +89,7 @@ EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix -VOLUME ["/etc/ssl/nginx"] +VOLUME ["/etc/ssl/nginx", "/usr/share/zabbix/modules"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/web-nginx-mysql/centos/docker-entrypoint.sh b/web-nginx-mysql/centos/docker-entrypoint.sh index 86f513551..4bdf1b7af 100755 --- a/web-nginx-mysql/centos/docker-entrypoint.sh +++ b/web-nginx-mysql/centos/docker-entrypoint.sh @@ -197,8 +197,12 @@ check_db_connect() { WAIT_TIMEOUT=5 + if [ "${ZBX_DB_ENCRYPTION}" == "true" ]; then + ssl_opts="--ssl --ssl-ca=${ZBX_DB_CA_FILE} --ssl-key=${ZBX_DB_KEY_FILE} --ssl-cert=${ZBX_DB_CERT_FILE}" + fi + while [ ! "$(mysqladmin ping -h ${DB_SERVER_HOST} -P ${DB_SERVER_PORT} -u ${DB_SERVER_ROOT_USER} \ - --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10)" ]; do + --password="${DB_SERVER_ROOT_PASS}" --silent --connect_timeout=10 $ssl_opts)" ]; do echo "**** MySQL server is not available. Waiting $WAIT_TIMEOUT seconds..." sleep $WAIT_TIMEOUT done @@ -259,6 +263,10 @@ prepare_zbx_web_config() { history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ @@ -269,6 +277,12 @@ prepare_zbx_web_config() { -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ + -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ + -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ + -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ + -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ + -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ + -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ "$ZBX_WEB_CONFIG" diff --git a/web-nginx-pgsql/alpine/Dockerfile b/web-nginx-pgsql/alpine/Dockerfile index 5083e005e..9c4857dff 100644 --- a/web-nginx-pgsql/alpine/Dockerfile +++ b/web-nginx-pgsql/alpine/Dockerfile @@ -72,9 +72,9 @@ RUN set -eux && \ rm -rf tests && \ ./locale/make_mo.sh && \ ln -s "/etc/zabbix/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \ - chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \ chgrp -R 0 /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \ chmod -R g=u /etc/nginx/ /etc/php7/php-fpm.d/ /etc/php7/php-fpm.conf && \ @@ -89,7 +89,7 @@ EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix -VOLUME ["/etc/ssl/nginx"] +VOLUME ["/etc/ssl/nginx", "/usr/share/zabbix/modules"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/web-nginx-pgsql/alpine/docker-entrypoint.sh b/web-nginx-pgsql/alpine/docker-entrypoint.sh index 09743c981..5a5d29530 100755 --- a/web-nginx-pgsql/alpine/docker-entrypoint.sh +++ b/web-nginx-pgsql/alpine/docker-entrypoint.sh @@ -259,6 +259,10 @@ prepare_zbx_web_config() { history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ diff --git a/web-nginx-pgsql/centos/Dockerfile b/web-nginx-pgsql/centos/Dockerfile index 97b0e7ca9..df1d65e14 100644 --- a/web-nginx-pgsql/centos/Dockerfile +++ b/web-nginx-pgsql/centos/Dockerfile @@ -71,9 +71,9 @@ RUN set -eux && \ cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \ cut -d"'" -f 2 | sort | \ xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \ - chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ && \ - chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ && \ + chown --quiet -R zabbix:root /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chgrp -R 0 /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ + chmod -R g=u /etc/zabbix/ /usr/share/zabbix/conf/ /usr/share/zabbix/modules/ && \ chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf && \ @@ -89,7 +89,7 @@ EXPOSE 8080/TCP 8443/TCP WORKDIR /usr/share/zabbix -VOLUME ["/etc/ssl/nginx"] +VOLUME ["/etc/ssl/nginx", "/usr/share/zabbix/modules"] COPY ["docker-entrypoint.sh", "/usr/bin/"] diff --git a/web-nginx-pgsql/centos/docker-entrypoint.sh b/web-nginx-pgsql/centos/docker-entrypoint.sh index 6620fb348..138dea5a9 100755 --- a/web-nginx-pgsql/centos/docker-entrypoint.sh +++ b/web-nginx-pgsql/centos/docker-entrypoint.sh @@ -265,6 +265,10 @@ prepare_zbx_web_config() { history_storage_url=$(escape_spec_char "${ZBX_HISTORYSTORAGEURL}") history_storage_types=$(escape_spec_char "${ZBX_HISTORYSTORAGETYPES}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ @@ -275,6 +279,12 @@ prepare_zbx_web_config() { -e "s/{ZBX_SERVER_HOST}/${ZBX_SERVER_HOST}/g" \ -e "s/{ZBX_SERVER_PORT}/${ZBX_SERVER_PORT}/g" \ -e "s/{ZBX_SERVER_NAME}/$server_name/g" \ + -e "s/{ZBX_DB_ENCRYPTION}/${ZBX_DB_ENCRYPTION:-"false"}/g" \ + -e "s/{ZBX_DB_KEY_FILE}/${ZBX_DB_KEY_FILE}/g" \ + -e "s/{ZBX_DB_CERT_FILE}/${ZBX_DB_CERT_FILE}/g" \ + -e "s/{ZBX_DB_CA_FILE}/${ZBX_DB_CA_FILE}/g" \ + -e "s/{ZBX_DB_VERIFY_HOST}/${ZBX_DB_VERIFY_HOST:-"false"}/g" \ + -e "s/{ZBX_DB_CIPHER_LIST}/${ZBX_DB_CIPHER_LIST}/g" \ -e "s/{ZBX_HISTORYSTORAGEURL}/$history_storage_url/g" \ -e "s/{ZBX_HISTORYSTORAGETYPES}/$history_storage_types/g" \ "$ZBX_WEB_CONFIG"