diff --git a/agent/alpine/Dockerfile b/agent/alpine/Dockerfile index ea965fa87..18e581dee 100644 --- a/agent/alpine/Dockerfile +++ b/agent/alpine/Dockerfile @@ -24,6 +24,7 @@ RUN set -eux && \ apk add --no-cache --clean-protected \ tini \ bash \ + tzdata \ coreutils \ iputils \ pcre \ diff --git a/agent/centos/Dockerfile b/agent/centos/Dockerfile index 761387668..cceb23962 100644 --- a/agent/centos/Dockerfile +++ b/agent/centos/Dockerfile @@ -25,6 +25,7 @@ RUN set -eux && \ dnf --quiet makecache && \ dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ libcurl-minimal \ + tzdata \ openssl-libs && \ curl -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini" -o /sbin/tini && \ curl -L "https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc" -o /tmp/tini.asc && \ @@ -38,7 +39,7 @@ RUN set -eux && \ gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ done && \ gpg --batch --verify /tmp/tini.asc /sbin/tini && \ - rm -r "$GNUPGHOME" /tmp/tini.asc && \ + rm -rf "$GNUPGHOME" /tmp/tini.asc && \ chmod +x /sbin/tini && \ dnf -y clean all && \ rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ diff --git a/agent/ubuntu/Dockerfile b/agent/ubuntu/Dockerfile index 17c5239fa..feed741df 100644 --- a/agent/ubuntu/Dockerfile +++ b/agent/ubuntu/Dockerfile @@ -26,6 +26,7 @@ RUN set -eux && \ apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ tini \ + tzdata \ ca-certificates \ libssl1.1 \ libcurl4 \ diff --git a/kubernetes.yaml b/kubernetes.yaml index a91cad95d..3f3df6626 100644 --- a/kubernetes.yaml +++ b/kubernetes.yaml @@ -458,6 +458,9 @@ metadata: tier: agent namespace: zabbix spec: + selector: + matchLabels: + name: zabbix-agent updateStrategy: type: RollingUpdate rollingUpdate: diff --git a/proxy-mysql/centos/Dockerfile b/proxy-mysql/centos/Dockerfile index 16674da6e..5a8a03460 100644 --- a/proxy-mysql/centos/Dockerfile +++ b/proxy-mysql/centos/Dockerfile @@ -56,7 +56,7 @@ RUN set -eux && \ gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ done && \ gpg --batch --verify /tmp/tini.asc /sbin/tini && \ - rm -r "$GNUPGHOME" /tmp/tini.asc && \ + rm -rf "$GNUPGHOME" /tmp/tini.asc && \ chmod +x /sbin/tini && \ dnf -y clean all && \ rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ diff --git a/proxy-sqlite3/centos/Dockerfile b/proxy-sqlite3/centos/Dockerfile index 95061ed6f..73c3fc07a 100644 --- a/proxy-sqlite3/centos/Dockerfile +++ b/proxy-sqlite3/centos/Dockerfile @@ -55,7 +55,7 @@ RUN set -eux && \ gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ done && \ gpg --batch --verify /tmp/tini.asc /sbin/tini && \ - rm -r "$GNUPGHOME" /tmp/tini.asc && \ + rm -rf "$GNUPGHOME" /tmp/tini.asc && \ chmod +x /sbin/tini && \ dnf -y clean all && \ rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ diff --git a/server-mysql/alpine/Dockerfile b/server-mysql/alpine/Dockerfile index 42df73f9a..0fa382b70 100644 --- a/server-mysql/alpine/Dockerfile +++ b/server-mysql/alpine/Dockerfile @@ -36,6 +36,7 @@ RUN set -eux && \ tini \ bash \ fping \ + tzdata \ iputils \ libcurl \ libevent \ diff --git a/server-mysql/centos/Dockerfile b/server-mysql/centos/Dockerfile index 489b2be82..88e3e7572 100644 --- a/server-mysql/centos/Dockerfile +++ b/server-mysql/centos/Dockerfile @@ -35,6 +35,7 @@ RUN set -eux && \ dnf --quiet makecache && \ dnf -y install --setopt=tsflags=nodocs http://repo.zabbix.com/non-supported/rhel/8/x86_64/fping-3.16-1.el8.x86_64.rpm && \ dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ + tzdata \ iputils \ traceroute \ libcurl-minimal \ @@ -60,7 +61,7 @@ RUN set -eux && \ gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ done && \ gpg --batch --verify /tmp/tini.asc /sbin/tini && \ - rm -r "$GNUPGHOME" /tmp/tini.asc && \ + rm -rf "$GNUPGHOME" /tmp/tini.asc && \ chmod +x /sbin/tini && \ dnf -y clean all && \ rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ diff --git a/server-mysql/ubuntu/Dockerfile b/server-mysql/ubuntu/Dockerfile index 20db0b749..e09285fbf 100644 --- a/server-mysql/ubuntu/Dockerfile +++ b/server-mysql/ubuntu/Dockerfile @@ -36,6 +36,7 @@ RUN set -eux && \ apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ tini \ + tzdata \ ca-certificates \ iputils-ping \ traceroute \ diff --git a/server-pgsql/alpine/Dockerfile b/server-pgsql/alpine/Dockerfile index 760d291cc..aad2aefc3 100644 --- a/server-pgsql/alpine/Dockerfile +++ b/server-pgsql/alpine/Dockerfile @@ -36,6 +36,7 @@ RUN set -eux && \ tini \ bash \ fping \ + tzdata \ iputils \ libcurl \ libevent \ diff --git a/server-pgsql/centos/Dockerfile b/server-pgsql/centos/Dockerfile index 0ae51faa0..eb68f4a07 100644 --- a/server-pgsql/centos/Dockerfile +++ b/server-pgsql/centos/Dockerfile @@ -36,6 +36,7 @@ RUN set -eux && \ dnf -y install --setopt=tsflags=nodocs https://repo.zabbix.com/non-supported/rhel/8/x86_64/fping-3.16-1.el8.x86_64.rpm && \ dnf -y install --setopt=tsflags=nodocs --setopt=install_weak_deps=False --best \ iputils \ + tzdata \ traceroute \ libcurl-minimal \ libevent \ @@ -61,7 +62,7 @@ RUN set -eux && \ gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ done && \ gpg --batch --verify /tmp/tini.asc /sbin/tini && \ - rm -r "$GNUPGHOME" /tmp/tini.asc && \ + rm -rf "$GNUPGHOME" /tmp/tini.asc && \ chmod +x /sbin/tini && \ dnf -y clean all && \ rm -rf /var/cache/yum /var/lib/yum/yumdb/* /usr/lib/udev/hwdb.d/* && \ diff --git a/server-pgsql/ubuntu/Dockerfile b/server-pgsql/ubuntu/Dockerfile index 69d8ff496..8453c1651 100644 --- a/server-pgsql/ubuntu/Dockerfile +++ b/server-pgsql/ubuntu/Dockerfile @@ -36,6 +36,7 @@ RUN set -eux && \ apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ tini \ + tzdata \ ca-certificates \ iputils-ping \ traceroute \ diff --git a/snmptraps/alpine/Dockerfile b/snmptraps/alpine/Dockerfile index 61e23f8a6..3dd06ddb0 100644 --- a/snmptraps/alpine/Dockerfile +++ b/snmptraps/alpine/Dockerfile @@ -30,6 +30,7 @@ RUN set -eux && \ zabbix && \ apk update && \ apk add --clean-protected --no-cache \ + tzdata \ net-snmp \ supervisor && \ apk add --no-cache --virtual build-dependencies \ diff --git a/snmptraps/centos/Dockerfile b/snmptraps/centos/Dockerfile index fc3c44325..533317ab8 100644 --- a/snmptraps/centos/Dockerfile +++ b/snmptraps/centos/Dockerfile @@ -30,6 +30,7 @@ RUN set -eux && \ yum --quiet makecache && \ yum -y install epel-release && \ yum -y install --setopt=tsflags=nodocs \ + tzdata \ net-snmp \ supervisor && \ yum -y install --setopt=tsflags=nodocs \ diff --git a/snmptraps/ubuntu/Dockerfile b/snmptraps/ubuntu/Dockerfile index 3e95f1be3..c3042492c 100644 --- a/snmptraps/ubuntu/Dockerfile +++ b/snmptraps/ubuntu/Dockerfile @@ -32,6 +32,7 @@ RUN set -eux && \ zabbix && \ apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install \ + tzdata \ snmp-mibs-downloader \ snmptrapd \ supervisor && \ diff --git a/web-apache-mysql/alpine/README.md b/web-apache-mysql/alpine/README.md index d3b8cbdba..5075b064c 100644 --- a/web-apache-mysql/alpine/README.md +++ b/web-apache-mysql/alpine/README.md @@ -166,6 +166,30 @@ The varable is PHP ``max_input_time`` option. By default, value is `300`. The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-mysql/centos/README.md b/web-apache-mysql/centos/README.md index d3b8cbdba..5075b064c 100644 --- a/web-apache-mysql/centos/README.md +++ b/web-apache-mysql/centos/README.md @@ -166,6 +166,30 @@ The varable is PHP ``max_input_time`` option. By default, value is `300`. The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-mysql/ubuntu/README.md b/web-apache-mysql/ubuntu/README.md index d3b8cbdba..5075b064c 100644 --- a/web-apache-mysql/ubuntu/README.md +++ b/web-apache-mysql/ubuntu/README.md @@ -166,6 +166,30 @@ The varable is PHP ``max_input_time`` option. By default, value is `300`. The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-mysql/ubuntu/docker-entrypoint.sh b/web-apache-mysql/ubuntu/docker-entrypoint.sh index f40f53f2a..a77d4ff6d 100755 --- a/web-apache-mysql/ubuntu/docker-entrypoint.sh +++ b/web-apache-mysql/ubuntu/docker-entrypoint.sh @@ -254,6 +254,10 @@ prepare_zbx_web_config() { ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ diff --git a/web-apache-pgsql/alpine/README.md b/web-apache-pgsql/alpine/README.md index 4fa6d0883..6108945d5 100644 --- a/web-apache-pgsql/alpine/README.md +++ b/web-apache-pgsql/alpine/README.md @@ -161,9 +161,29 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. ### `ZBX_SESSION_NAME` - + The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-pgsql/centos/README.md b/web-apache-pgsql/centos/README.md index 4fa6d0883..6108945d5 100644 --- a/web-apache-pgsql/centos/README.md +++ b/web-apache-pgsql/centos/README.md @@ -161,9 +161,29 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. ### `ZBX_SESSION_NAME` - + The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-pgsql/ubuntu/README.md b/web-apache-pgsql/ubuntu/README.md index 4fa6d0883..6108945d5 100644 --- a/web-apache-pgsql/ubuntu/README.md +++ b/web-apache-pgsql/ubuntu/README.md @@ -161,9 +161,29 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. ### `ZBX_SESSION_NAME` - + The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/apache2`` diff --git a/web-apache-pgsql/ubuntu/docker-entrypoint.sh b/web-apache-pgsql/ubuntu/docker-entrypoint.sh index d539e4727..151ae0f63 100755 --- a/web-apache-pgsql/ubuntu/docker-entrypoint.sh +++ b/web-apache-pgsql/ubuntu/docker-entrypoint.sh @@ -250,6 +250,10 @@ prepare_zbx_web_config() { ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ diff --git a/web-nginx-mysql/alpine/README.md b/web-nginx-mysql/alpine/README.md index 0e1f09868..dd4e19910 100644 --- a/web-nginx-mysql/alpine/README.md +++ b/web-nginx-mysql/alpine/README.md @@ -164,14 +164,38 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. ### `ZBX_SESSION_NAME` - + The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` -The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. +The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. diff --git a/web-nginx-mysql/centos/README.md b/web-nginx-mysql/centos/README.md index 0e1f09868..47cbabda6 100644 --- a/web-nginx-mysql/centos/README.md +++ b/web-nginx-mysql/centos/README.md @@ -163,15 +163,41 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +<<<<<<< HEAD ### `ZBX_SESSION_NAME` The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +======= +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. +>>>>>>> master ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` -The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. +The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. diff --git a/web-nginx-mysql/ubuntu/README.md b/web-nginx-mysql/ubuntu/README.md index 0e1f09868..47cbabda6 100644 --- a/web-nginx-mysql/ubuntu/README.md +++ b/web-nginx-mysql/ubuntu/README.md @@ -163,15 +163,41 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. +<<<<<<< HEAD ### `ZBX_SESSION_NAME` The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +======= +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + +### `ZBX_DB_CIPHER_LIST` + +The variable allows to specify a custom list of valid ciphers. The format of the cipher list must conform to the OpenSSL standard. Available since 5.0.0. +>>>>>>> master ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` -The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. +The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. diff --git a/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/web-nginx-mysql/ubuntu/docker-entrypoint.sh index f33a294c7..b0730bebd 100755 --- a/web-nginx-mysql/ubuntu/docker-entrypoint.sh +++ b/web-nginx-mysql/ubuntu/docker-entrypoint.sh @@ -281,6 +281,10 @@ prepare_zbx_web_config() { ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \ diff --git a/web-nginx-pgsql/alpine/README.md b/web-nginx-pgsql/alpine/README.md index 5473c3781..82fa63502 100644 --- a/web-nginx-pgsql/alpine/README.md +++ b/web-nginx-pgsql/alpine/README.md @@ -161,14 +161,34 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. ### `ZBX_SESSION_NAME` - + The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` -The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. +The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. diff --git a/web-nginx-pgsql/centos/README.md b/web-nginx-pgsql/centos/README.md index 5473c3781..82fa63502 100644 --- a/web-nginx-pgsql/centos/README.md +++ b/web-nginx-pgsql/centos/README.md @@ -161,14 +161,34 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. ### `ZBX_SESSION_NAME` - + The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` -The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. +The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. diff --git a/web-nginx-pgsql/ubuntu/README.md b/web-nginx-pgsql/ubuntu/README.md index 5473c3781..82fa63502 100644 --- a/web-nginx-pgsql/ubuntu/README.md +++ b/web-nginx-pgsql/ubuntu/README.md @@ -161,14 +161,34 @@ The varable is PHP ``upload_max_filesize`` option. By default, value is `2M`. The varable is PHP ``max_input_time`` option. By default, value is `300`. ### `ZBX_SESSION_NAME` - + The variable is Zabbix frontend [definition](https://www.zabbix.com/documentation/4.2/manual/web_interface/definitions). String used as the name of the Zabbix frontend session cookie. By default, value is `zbx_sessionid`. +### `ZBX_DB_ENCRYPTION` + +The variable allows to activate encryption for connections to Zabbix database. Even if no other environment variables are specified, connections will be TLS-encrypted if `ZBX_DB_ENCRYPTION=true` specified. Available since 5.0.0. Disabled by default. + +### `ZBX_DB_KEY_FILE` + +The variable allows to specify the full path to a valid TLS key file. Available since 5.0.0. + +### `ZBX_DB_CERT_FILE` + +The variable allows to specify the full path to a valid TLS certificate file. Available since 5.0.0. + +### `ZBX_DB_CA_FILE` + +The variable allows to specify the full path to a valid TLS certificate authority file. Available since 5.0.0. + +### `ZBX_DB_VERIFY_HOST` + +The variable allows to activate host verification. Available since 5.0.0. + ## Allowed volumes for the Zabbix web interface container ### ``/etc/ssl/nginx`` -The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains two files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. +The volume allows to enable HTTPS for the Zabbix web interface. The volume must contains three files ``ssl.crt``, ``ssl.key`` and ``dhparam.pem`` prepared for Nginx SSL connections. Please follow official Nginx [documentation](http://nginx.org/en/docs/http/configuring_https_servers.html) to get more details about how to create certificate files. diff --git a/web-nginx-pgsql/ubuntu/docker-entrypoint.sh b/web-nginx-pgsql/ubuntu/docker-entrypoint.sh index dad9542a5..162852189 100755 --- a/web-nginx-pgsql/ubuntu/docker-entrypoint.sh +++ b/web-nginx-pgsql/ubuntu/docker-entrypoint.sh @@ -271,6 +271,10 @@ prepare_zbx_web_config() { ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + ZBX_DB_KEY_FILE=$(escape_spec_char "${ZBX_DB_KEY_FILE}") + ZBX_DB_CERT_FILE=$(escape_spec_char "${ZBX_DB_CERT_FILE}") + ZBX_DB_CA_FILE=$(escape_spec_char "${ZBX_DB_CA_FILE}") + sed -i \ -e "s/{DB_SERVER_HOST}/${DB_SERVER_HOST}/g" \ -e "s/{DB_SERVER_PORT}/${DB_SERVER_PORT}/g" \