diff --git a/Dockerfiles/web-apache-mysql/README.md b/Dockerfiles/web-apache-mysql/README.md index e881b7bc5..b8f36ebd8 100644 --- a/Dockerfiles/web-apache-mysql/README.md +++ b/Dockerfiles/web-apache-mysql/README.md @@ -134,12 +134,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av ### `ENABLE_WEB_ACCESS_LOG` -The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output. +The variable sets the Access Log directive for Web server. By default, value corresponds to standard output. ### `HTTP_INDEX_FILE` The variable controls default index page. By default, `index.php`. +### `EXPOSE_WEB_SERVER_INFO` + +The variable allows to hide Web server and PHP versions. By default, `on`. + ### `ZBX_MAXEXECUTIONTIME` The varable is PHP ``max_execution_time`` option. By default, value is `300`. diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini index 5dfff39cd..e180720b9 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini @@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME} ; always_populate_raw_post_data=-1 max_input_vars = 10000 date.timezone = ${PHP_TZ} +; https://www.php.net/manual/en/security.hiding.php +expose_php = ${EXPOSE_WEB_SERVER_INFO} diff --git a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh index eb5752fbf..a0152e21f 100755 --- a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Apache main configuration file +HTTPD_CONF_FILE="/etc/apache2/httpd.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -226,8 +228,22 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ - "/etc/apache2/httpd.conf" + "$HTTPD_CONF_FILE" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then + sed -i \ + -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \ + "$HTTPD_CONF_FILE" + else + EXPOSE_WEB_SERVER_INFO="on" + fi + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \ + "$HTTPD_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/php-fpm.d/zabbix.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh index 31ebc46f7..9158c0f7c 100755 --- a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Apache main configuration file +HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -242,8 +244,22 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ - "/etc/httpd/conf/httpd.conf" + "$HTTPD_CONF_FILE" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then + sed -i \ + -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \ + "$HTTPD_CONF_FILE" + else + EXPOSE_WEB_SERVER_INFO="on" + fi + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \ + "$HTTPD_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/php-fpm.d/zabbix.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh index 31ebc46f7..9158c0f7c 100755 --- a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Apache main configuration file +HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -242,8 +244,22 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ - "/etc/httpd/conf/httpd.conf" + "$HTTPD_CONF_FILE" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then + sed -i \ + -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \ + "$HTTPD_CONF_FILE" + else + EXPOSE_WEB_SERVER_INFO="on" + fi + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \ + "$HTTPD_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini index 5dfff39cd..e180720b9 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini @@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME} ; always_populate_raw_post_data=-1 max_input_vars = 10000 date.timezone = ${PHP_TZ} +; https://www.php.net/manual/en/security.hiding.php +expose_php = ${EXPOSE_WEB_SERVER_INFO} diff --git a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh index ac22f53ae..a1b8c393e 100755 --- a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Apache main configuration file +HTTPD_CONF_FILE="/etc/apache2/apache2.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -226,11 +228,25 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ - "/etc/apache2/apache2.conf" + "$HTTPD_CONF_FILE" sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ "/etc/apache2/conf-available/other-vhosts-access-log.conf" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then + sed -i \ + -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \ + "$HTTPD_CONF_FILE" + else + EXPOSE_WEB_SERVER_INFO="on" + fi + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \ + "$HTTPD_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-apache-pgsql/README.md b/Dockerfiles/web-apache-pgsql/README.md index 745fc1c11..eca02da6b 100644 --- a/Dockerfiles/web-apache-pgsql/README.md +++ b/Dockerfiles/web-apache-pgsql/README.md @@ -138,12 +138,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av ### `ENABLE_WEB_ACCESS_LOG` -The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output. +The variable sets the Access Log directive for Web server. By default, value corresponds to standard output. ### `HTTP_INDEX_FILE` The variable controls default index page. By default, `index.php`. +### `EXPOSE_WEB_SERVER_INFO` + +The variable allows to hide Web server and PHP versions. By default, `on`. + ### `ZBX_MAXEXECUTIONTIME` The varable is PHP ``max_execution_time`` option. By default, value is `300`. diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/conf.d/99-zabbix.ini b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/conf.d/99-zabbix.ini index 5dfff39cd..e180720b9 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/conf.d/99-zabbix.ini +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/conf.d/99-zabbix.ini @@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME} ; always_populate_raw_post_data=-1 max_input_vars = 10000 date.timezone = ${PHP_TZ} +; https://www.php.net/manual/en/security.hiding.php +expose_php = ${EXPOSE_WEB_SERVER_INFO} diff --git a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh index 34a252855..b7113ab5e 100755 --- a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Apache main configuration file +HTTPD_CONF_FILE="/etc/apache2/httpd.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -213,8 +215,22 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ - "/etc/apache2/httpd.conf" + "$HTTPD_CONF_FILE" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then + sed -i \ + -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \ + "$HTTPD_CONF_FILE" + else + EXPOSE_WEB_SERVER_INFO="on" + fi + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \ + "$HTTPD_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh index ff5e7936e..2debf7f83 100755 --- a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Apache main configuration file +HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -229,8 +231,22 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ - "/etc/httpd/conf/httpd.conf" + "$HTTPD_CONF_FILE" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then + sed -i \ + -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \ + "$HTTPD_CONF_FILE" + else + EXPOSE_WEB_SERVER_INFO="on" + fi + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \ + "$HTTPD_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh index ff5e7936e..2debf7f83 100755 --- a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Apache main configuration file +HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -229,8 +231,22 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ - "/etc/httpd/conf/httpd.conf" + "$HTTPD_CONF_FILE" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then + sed -i \ + -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \ + "$HTTPD_CONF_FILE" + else + EXPOSE_WEB_SERVER_INFO="on" + fi + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \ + "$HTTPD_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini index 5dfff39cd..e180720b9 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.1/apache2/conf.d/99-zabbix.ini @@ -6,3 +6,5 @@ max_input_time = ${ZBX_MAXINPUTTIME} ; always_populate_raw_post_data=-1 max_input_vars = 10000 date.timezone = ${PHP_TZ} +; https://www.php.net/manual/en/security.hiding.php +expose_php = ${EXPOSE_WEB_SERVER_INFO} diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh index ef4932a94..7b471a408 100755 --- a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Apache main configuration file +HTTPD_CONF_FILE="/etc/apache2/apache2.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -217,11 +219,25 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ - "/etc/apache2/apache2.conf" + "$HTTPD_CONF_FILE" sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \ "/etc/apache2/conf-available/other-vhosts-access-log.conf" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then + sed -i \ + -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \ + "$HTTPD_CONF_FILE" + else + EXPOSE_WEB_SERVER_INFO="on" + fi + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \ + "$HTTPD_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-nginx-mysql/README.md b/Dockerfiles/web-nginx-mysql/README.md index 6951c025b..93b394993 100644 --- a/Dockerfiles/web-nginx-mysql/README.md +++ b/Dockerfiles/web-nginx-mysql/README.md @@ -135,12 +135,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av ### `ENABLE_WEB_ACCESS_LOG` -The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output. +The variable sets the Access Log directive for Web server. By default, value corresponds to standard output. ### `HTTP_INDEX_FILE` The variable controls default index page. By default, `index.php`. +### `EXPOSE_WEB_SERVER_INFO` + +The variable allows to hide Web server and PHP versions. By default, `on`. + ### `ZBX_MAXEXECUTIONTIME` The varable is PHP ``max_execution_time`` option. By default, value is `300`. diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/nginx/nginx.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/nginx/nginx.conf index 75f0f9a1b..f40a71604 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/nginx/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/nginx/nginx.conf @@ -65,7 +65,7 @@ http { ignore_invalid_headers on; index index.php; - server_tokens off; + server_tokens {EXPOSE_WEB_SERVER_INFO}; include /etc/nginx/http.d/*.conf; } diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh index e1b653fee..19c28883c 100755 --- a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Nginx main configuration file +NGINX_CONF_FILE="/etc/nginx/nginx.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -214,7 +216,7 @@ prepare_zbx_web_config() { export VAULT_TOKEN=${VAULT_TOKEN} export ZBX_VAULTCERTFILE=${ZBX_VAULTCERTFILE} export ZBX_VAULTKEYFILE=${ZBX_VAULTKEYFILE} - + : ${DB_DOUBLE_IEEE754:="true"} export DB_DOUBLE_IEEE754=${DB_DOUBLE_IEEE754,,} @@ -257,14 +259,23 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/nginx/nginx.conf" + "$NGINX_CONF_FILE" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx.conf" + "$ZABBIX_ETC_DIR/nginx.conf" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx_ssl.conf" + "$ZABBIX_ETC_DIR/nginx_ssl.conf" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + + [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on" + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ + "$NGINX_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/nginx/nginx.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/nginx/nginx.conf index 6bc8c1739..7c96929b0 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/nginx/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/nginx/nginx.conf @@ -65,7 +65,7 @@ http { ignore_invalid_headers on; index index.php; - server_tokens off; + server_tokens {EXPOSE_WEB_SERVER_INFO}; include /etc/nginx/conf.d/*.conf; } diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.d/zabbix.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh index 29a9e1af9..5912feb4f 100755 --- a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Nginx main configuration file +NGINX_CONF_FILE="/etc/nginx/nginx.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -257,14 +259,23 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/nginx/nginx.conf" + "$NGINX_CONF_FILE" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx.conf" + "$ZABBIX_ETC_DIR/nginx.conf" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx_ssl.conf" + "$ZABBIX_ETC_DIR/nginx_ssl.conf" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + + [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on" + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ + "$NGINX_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/nginx/nginx.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/nginx/nginx.conf index 6bc8c1739..7c96929b0 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/nginx/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/nginx/nginx.conf @@ -65,7 +65,7 @@ http { ignore_invalid_headers on; index index.php; - server_tokens off; + server_tokens {EXPOSE_WEB_SERVER_INFO}; include /etc/nginx/conf.d/*.conf; } diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.d/zabbix.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh index 29a9e1af9..5912feb4f 100755 --- a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Nginx main configuration file +NGINX_CONF_FILE="/etc/nginx/nginx.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -257,14 +259,23 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/nginx/nginx.conf" + "$NGINX_CONF_FILE" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx.conf" + "$ZABBIX_ETC_DIR/nginx.conf" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx_ssl.conf" + "$ZABBIX_ETC_DIR/nginx_ssl.conf" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + + [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on" + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ + "$NGINX_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/nginx/nginx.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/nginx/nginx.conf index 6bc8c1739..7c96929b0 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/nginx/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/nginx/nginx.conf @@ -65,7 +65,7 @@ http { ignore_invalid_headers on; index index.php; - server_tokens off; + server_tokens {EXPOSE_WEB_SERVER_INFO}; include /etc/nginx/conf.d/*.conf; } diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh index b0ec7e6f0..8e471b6be 100755 --- a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Nginx main configuration file +NGINX_CONF_FILE="/etc/nginx/nginx.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -257,14 +259,23 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/nginx/nginx.conf" + "$NGINX_CONF_FILE" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx.conf" + "$ZABBIX_ETC_DIR/nginx.conf" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx_ssl.conf" + "$ZABBIX_ETC_DIR/nginx_ssl.conf" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + + [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on" + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ + "$NGINX_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/nginx/nginx.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/nginx/nginx.conf index 6bc8c1739..7c96929b0 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/nginx/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/nginx/nginx.conf @@ -65,7 +65,7 @@ http { ignore_invalid_headers on; index index.php; - server_tokens off; + server_tokens {EXPOSE_WEB_SERVER_INFO}; include /etc/nginx/conf.d/*.conf; } diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh index b947dc9d1..d30da6262 100755 --- a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Nginx main configuration file +NGINX_CONF_FILE="/etc/nginx/nginx.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -257,14 +259,23 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/nginx/nginx.conf" + "$NGINX_CONF_FILE" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx.conf" + "$ZABBIX_ETC_DIR/nginx.conf" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx_ssl.conf" + "$ZABBIX_ETC_DIR/nginx_ssl.conf" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + + [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on" + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ + "$NGINX_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-nginx-pgsql/README.md b/Dockerfiles/web-nginx-pgsql/README.md index 5f4de91ec..ef31b63e1 100644 --- a/Dockerfiles/web-nginx-pgsql/README.md +++ b/Dockerfiles/web-nginx-pgsql/README.md @@ -138,12 +138,16 @@ Use IEEE754 compatible value range for 64-bit Numeric (float) history values. Av ### `ENABLE_WEB_ACCESS_LOG` -The variable sets the Access Log directive for Web-server. By default, value corresponds to standard output. +The variable sets the Access Log directive for Web server. By default, value corresponds to standard output. ### `HTTP_INDEX_FILE` The variable controls default index page. By default, `index.php`. +### `EXPOSE_WEB_SERVER_INFO` + +The variable allows to hide Web server and PHP versions. By default, `on`. + ### `ZBX_MAXEXECUTIONTIME` The varable is PHP ``max_execution_time`` option. By default, value is `300`. diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/nginx/nginx.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/nginx/nginx.conf index 75f0f9a1b..f40a71604 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/nginx/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/nginx/nginx.conf @@ -65,7 +65,7 @@ http { ignore_invalid_headers on; index index.php; - server_tokens off; + server_tokens {EXPOSE_WEB_SERVER_INFO}; include /etc/nginx/http.d/*.conf; } diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh index 5a1bd04fb..5754a7641 100755 --- a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh @@ -23,6 +23,8 @@ fi ZABBIX_ETC_DIR="/etc/zabbix" # Web interface www-root directory ZABBIX_WWW_ROOT="/usr/share/zabbix" +# Nginx main configuration file +NGINX_CONF_FILE="/etc/nginx/nginx.conf" # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' @@ -244,14 +246,23 @@ prepare_zbx_web_config() { if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/nginx/nginx.conf" + "$NGINX_CONF_FILE" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx.conf" + "$ZABBIX_ETC_DIR/nginx.conf" sed -ri \ -e 's!^(\s*access_log).+\;!\1 off\;!g' \ - "/etc/zabbix/nginx_ssl.conf" + "$ZABBIX_ETC_DIR/nginx_ssl.conf" fi + + : ${EXPOSE_WEB_SERVER_INFO:="on"} + + [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on" + + export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO} + sed -i \ + -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ + "$NGINX_CONF_FILE" } ################################################# diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/nginx/nginx.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/nginx/nginx.conf index 6bc8c1739..7c96929b0 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/nginx/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/nginx/nginx.conf @@ -65,7 +65,7 @@ http { ignore_invalid_headers on; index index.php; - server_tokens off; + server_tokens {EXPOSE_WEB_SERVER_INFO}; include /etc/nginx/conf.d/*.conf; } diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/nginx/nginx.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/nginx/nginx.conf index 6bc8c1739..7c96929b0 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/nginx/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/nginx/nginx.conf @@ -65,7 +65,7 @@ http { ignore_invalid_headers on; index index.php; - server_tokens off; + server_tokens {EXPOSE_WEB_SERVER_INFO}; include /etc/nginx/conf.d/*.conf; } diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/php-fpm.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/nginx/nginx.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/nginx/nginx.conf index 6bc8c1739..7c96929b0 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/nginx/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/nginx/nginx.conf @@ -65,7 +65,7 @@ http { ignore_invalid_headers on; index index.php; - server_tokens off; + server_tokens {EXPOSE_WEB_SERVER_INFO}; include /etc/nginx/conf.d/*.conf; } diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf index 8b2e1d9e1..05dc3ec2b 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/php/8.1/fpm/pool.d/zabbix.conf @@ -1,5 +1,8 @@ [zabbix] +; https://www.php.net/manual/en/security.hiding.php +php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO} + listen = /tmp/php-fpm.sock clear_env = no diff --git a/env_vars/.env_web b/env_vars/.env_web index f2d3f50bb..8f6585ad0 100644 --- a/env_vars/.env_web +++ b/env_vars/.env_web @@ -30,6 +30,7 @@ ZBX_SERVER_NAME=Composed installation # ZBX_GUI_ACCESS_IP_RANGE=['127.0.0.1'] # ZBX_GUI_WARNING_MSG=Zabbix is under maintenance. # HTTP_INDEX_FILE=index.php +# EXPOSE_WEB_SERVER_INFO=on # PHP_FPM_PM=dynamic # PHP_FPM_PM_MAX_CHILDREN=50