diff --git a/Dockerfiles/web-apache-mysql/README.md b/Dockerfiles/web-apache-mysql/README.md index a7593a2b9..3492ff54b 100644 --- a/Dockerfiles/web-apache-mysql/README.md +++ b/Dockerfiles/web-apache-mysql/README.md @@ -248,6 +248,10 @@ PHP_FPM_PM_START_SERVERS=5 PHP_FPM_PM_MIN_SPARE_SERVERS=5 PHP_FPM_PM_MAX_SPARE_SERVERS=35 PHP_FPM_PM_MAX_REQUESTS=0 + +Allowed Apache configuration options: +WEB_REAL_IP_FROM= +WEB_REAL_IP_HEADER= ``` ## Allowed volumes for the Zabbix web interface container diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf index 61cc676ee..2738d7abb 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh index a504fa0ec..f6ca1affd 100755 --- a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh @@ -180,6 +180,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf index f4b52948b..9fcdb019b 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh index f0cdfef3c..38fd97947 100755 --- a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh @@ -180,6 +180,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf index f4b52948b..9fcdb019b 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh index f0cdfef3c..38fd97947 100755 --- a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh @@ -180,6 +180,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf index 88cbea64c..6eb7a763d 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf @@ -12,3 +12,4 @@ LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so +LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf index fede75993..5a345610b 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh index 28d160d29..15230eb09 100755 --- a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh @@ -180,6 +180,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-pgsql/README.md b/Dockerfiles/web-apache-pgsql/README.md index d5113667a..e6996066d 100644 --- a/Dockerfiles/web-apache-pgsql/README.md +++ b/Dockerfiles/web-apache-pgsql/README.md @@ -248,6 +248,10 @@ PHP_FPM_PM_START_SERVERS=5 PHP_FPM_PM_MIN_SPARE_SERVERS=5 PHP_FPM_PM_MAX_SPARE_SERVERS=35 PHP_FPM_PM_MAX_REQUESTS=0 + +Allowed Apache configuration options: +WEB_REAL_IP_FROM= +WEB_REAL_IP_HEADER= ``` ## Allowed volumes for the Zabbix web interface container diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf index 61cc676ee..2738d7abb 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh index 5b17be021..e7160516f 100755 --- a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh @@ -182,6 +182,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf index f4b52948b..9fcdb019b 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh index 83452cdd2..6db1f88ab 100755 --- a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh @@ -182,6 +182,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf index 2595627c0..89a21169e 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf @@ -15,3 +15,4 @@ LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +LoadModule remoteip_module modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf index f4b52948b..9fcdb019b 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh index 83452cdd2..6db1f88ab 100755 --- a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh @@ -182,6 +182,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf index 88cbea64c..6eb7a763d 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf @@ -12,3 +12,4 @@ LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so +LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf index 231767341..c9e066204 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf @@ -1,6 +1,9 @@ Listen 8080 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + Require all granted diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf index fede75993..5a345610b 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf @@ -14,6 +14,9 @@ SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 + RemoteIPInternalProxy ${WEB_REAL_IP_FROM} + RemoteIPHeader ${WEB_REAL_IP_HEADER} + # Enable/Disable SSL for this virtual host. SSLEngine on diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh index a49c7dff4..2f38961f7 100755 --- a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh @@ -182,6 +182,11 @@ prepare_web_server() { export APACHE_SERVER_SIGNATURE="Off" fi + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_FROM}" ] && sed -i '/WEB_REAL_IP_FROM/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache.conf" + [ -z "${WEB_REAL_IP_HEADER}" ] && sed -i '/WEB_REAL_IP_HEADER/d' "$ZABBIX_CONF_DIR/apache_ssl.conf" + mkdir -p "${APACHE_RUN_DIR}" } diff --git a/Dockerfiles/web-nginx-mysql/README.md b/Dockerfiles/web-nginx-mysql/README.md index b89ffc6c0..c9386699e 100644 --- a/Dockerfiles/web-nginx-mysql/README.md +++ b/Dockerfiles/web-nginx-mysql/README.md @@ -249,6 +249,10 @@ PHP_FPM_PM_START_SERVERS=5 PHP_FPM_PM_MIN_SPARE_SERVERS=5 PHP_FPM_PM_MAX_SPARE_SERVERS=35 PHP_FPM_PM_MAX_REQUESTS=0 + +Allowed Nginx configuration options: +WEB_REAL_IP_FROM= +WEB_REAL_IP_HEADER= ``` ## Allowed volumes for the Zabbix web interface container diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf index 3a59b420a..1b9739373 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -4,6 +4,9 @@ server { http2 on; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh index 68bc6ff38..0d346631d 100755 --- a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php84/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -207,6 +216,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh index cc539655b..cedca3932 100755 --- a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -207,6 +216,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh index cc539655b..cedca3932 100755 --- a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -207,6 +216,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh index cc539655b..cedca3932 100755 --- a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -207,6 +216,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh index a12da94af..d04113b8e 100755 --- a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -207,6 +216,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/README.md b/Dockerfiles/web-nginx-pgsql/README.md index 2664e3180..b08f381a5 100644 --- a/Dockerfiles/web-nginx-pgsql/README.md +++ b/Dockerfiles/web-nginx-pgsql/README.md @@ -248,6 +248,10 @@ PHP_FPM_PM_START_SERVERS=5 PHP_FPM_PM_MIN_SPARE_SERVERS=5 PHP_FPM_PM_MAX_SPARE_SERVERS=35 PHP_FPM_PM_MAX_REQUESTS=0 + +Allowed Nginx configuration options: +WEB_REAL_IP_FROM= +WEB_REAL_IP_HEADER= ``` ## Allowed volumes for the Zabbix web interface container diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf index 3a59b420a..1b9739373 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -4,6 +4,9 @@ server { http2 on; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh index 2d2f2a594..723c9ad80 100755 --- a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php84/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -209,6 +218,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh index ce300b174..9bdaeafb5 100755 --- a/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -209,6 +218,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh index ce300b174..9bdaeafb5 100755 --- a/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -209,6 +218,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh index 94c5b5186..41925fb1f 100755 --- a/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -209,6 +218,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf index eb9cd6c64..0539ae798 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf @@ -2,6 +2,9 @@ server { listen 8080; listen [::]:8080; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; index {HTTP_INDEX_FILE}; diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 047e84455..f41e56397 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -2,6 +2,9 @@ server { listen 8443 ssl http2; listen [::]:8443 ssl http2; + {WEB_REAL_IP_FROM} + {WEB_REAL_IP_HEADER} + server_name zabbix; server_name_in_redirect off; diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh index fc17031da..e3dd15608 100755 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh @@ -32,6 +32,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx" # PHP-FPM configuration file PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf" +escape_spec_char() { + local var_value=$1 + + var_value="${var_value//\\/\\\\}" + var_value="${var_value//./\\.}" + + echo "$var_value" +} + # usage: file_env VAR [DEFAULT] # as example: file_env 'MYSQL_PASSWORD' 'zabbix' # (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file) @@ -209,6 +218,27 @@ prepare_web_server() { sed -i \ -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \ "$NGINX_CONF_FILE" + + [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};" + WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM") + [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};" + WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER") + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx.conf" + + sed -i \ + -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \ + "$ZABBIX_CONF_DIR/nginx_ssl.conf" } prepare_zbx_php_config() { diff --git a/env_vars/.env_web b/env_vars/.env_web index ae7aaa624..a3ecb88ea 100644 --- a/env_vars/.env_web +++ b/env_vars/.env_web @@ -39,3 +39,6 @@ ZBX_SERVER_NAME=Composed installation # PHP_FPM_PM_MIN_SPARE_SERVERS=5 # PHP_FPM_PM_MAX_SPARE_SERVERS=35 # PHP_FPM_PM_MAX_REQUESTS=0 + +#WEB_REAL_IP_FROM= +#WEB_REAL_IP_HEADER=