From bd0f3ea08ba688a797536af16f4467f4d8dd0e1c Mon Sep 17 00:00:00 2001 From: hygienic-books Date: Sat, 29 Apr 2023 02:52:38 +0200 Subject: [PATCH] feat(zabbixserver): Add Zabbix setup instructions --- zabbixserver/README.md | 195 ++ .../config/cert/ZBX_PGSQL_TLS_CA_CERT_FILE | 0 .../config/cert/ZBX_PGSQL_TLS_CERT_FILE | 0 .../config/cert/ZBX_PGSQL_TLS_KEY_FILE | 0 .../init-user-db.sh | 21 + .../config/cert/ZBX_SERVER_TLS_CA_CERT_FILE | 0 .../config/cert/ZBX_SERVER_TLS_CERT_FILE | 0 .../config/cert/ZBX_SERVER_TLS_KEY_FILE | 0 .../cert/ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE | 0 .../config/cert/ZBX_WEBNGINX_TLS_KEY_FILE | 0 .../zabbixwebnginx/config/cert/dhparam.pem | 13 + zabbixserver/common-settings.yml | 11 + zabbixserver/env/fqdn_contaxt.env.example | 27 + zabbixserver/zabbix-docker.patch | 2374 +++++++++++++++++ 14 files changed, 2641 insertions(+) create mode 100644 zabbixserver/README.md create mode 100644 zabbixserver/build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CA_CERT_FILE create mode 100644 zabbixserver/build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CERT_FILE create mode 100644 zabbixserver/build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_KEY_FILE create mode 100755 zabbixserver/build-context/docker-data/postgres/config/docker-entrypoint-initdb.d/init-user-db.sh create mode 100644 zabbixserver/build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CA_CERT_FILE create mode 100644 zabbixserver/build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CERT_FILE create mode 100644 zabbixserver/build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_KEY_FILE create mode 100644 zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE create mode 100644 zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_KEY_FILE create mode 100644 zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/dhparam.pem create mode 100644 zabbixserver/common-settings.yml create mode 100644 zabbixserver/env/fqdn_contaxt.env.example create mode 100644 zabbixserver/zabbix-docker.patch diff --git a/zabbixserver/README.md b/zabbixserver/README.md new file mode 100644 index 0000000..3a7727c --- /dev/null +++ b/zabbixserver/README.md @@ -0,0 +1,195 @@ +# Upstream repo + +We use the [official Zabbix Docker GitHub repo](https://github.com/zabbix/zabbix-docker) for Docker Compose deployment, we add a few local changes. + +Create dir +``` +mkdir -p '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' +``` + +Pull repo +``` +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' clone 'https://github.com/zabbix/zabbix-docker' . +``` + +# Docker Compose + +## Base setup + +When everything's ready start Zabbix with Docker Compose, otherwise head down to [Initial setup](#initial-setup) or [Upgrade an existing repo](#upgrade-an-existing-repo) first. + +Define variables assuming the official Zabbix Docker repo lives at `/opt/git/github.com/zabbix/zabbix-docker/branches/latest`: +``` +export COMPOSE_DIR='/opt/git/github.com/zabbix/zabbix-docker/branches/latest' +export COMPOSE_FILE="${COMPOSE_DIR}"'/docker-compose_v3_alpine_pgsql_latest.yaml' +export COMPOSE_ENV_FILE= +``` + +Run Zabbix like so +``` +docker compose --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV_FILE}" up +``` + +## Additional files + +- `common-settings.yml` + + This file will be auto-created as part of the patch. Use it as an example in case patching fails + +- `env/fqdn_contaxt.env.example` + + An example env file with all currently used variables after `docker-compose_v3_alpine_pgsql_latest.yaml` is patched + +- Directory tree underneath `build-context` + ``` + build-context/ + └── docker-data + ├── postgres + │   └── config + │   ├── cert + │   │   ├── ZBX_PGSQL_TLS_CA_CERT_FILE + │   │   ├── ZBX_PGSQL_TLS_CERT_FILE + │   │   └── ZBX_PGSQL_TLS_KEY_FILE + │   └── docker-entrypoint-initdb.d + │   └── init-user-db.sh + ├── zabbixserver + │   └── config + │   └── cert + │   ├── ZBX_SERVER_TLS_CA_CERT_FILE + │   ├── ZBX_SERVER_TLS_CERT_FILE + │   └── ZBX_SERVER_TLS_KEY_FILE + └── zabbixwebnginx + └── config + └── cert + ├── dhparam.pem + ├── ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE + └── ZBX_WEBNGINX_TLS_KEY_FILE + ``` + Example data you're going to want to physically place on your deployment machine. SSL certs and keys are blank files each of which has the exact same name used in the env file `fqdn_contaxt.env.example`. + + A PostgreSQL initialization script - when this container is run on a completely empty data directory - will create an additional read-only user `ZBX_DB_USERNAME_RO` with password `ZBX_DB_USERNAME_PW`. The example's intended to grant a Grafana daemon direct PostgreSQL database read access. + +# Upgrade an existing repo + +Check [Initial setup](#initial-setup) below for first time steps. On consecutive upgrades proceed as follows. + +## Revert unpushed local changes + +Return repo state to exactly the upstream repo's original branch state throwing away the commits you added. +``` +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' reset --hard origin +``` + +Switch to `trunk` branch, get newest commits from upstream +``` +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout trunk +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' pull +``` + +Pick and checkout new tag +``` +while IFS= read -r tag; do printf -- '%s %s\n' "$(git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' rev-list -n 1 'refs/tags/'"${tag}")" "${tag}"; done < <(git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' --no-pager tag --list --sort=v:refname) + +# Output goes like: +... +89511f06ad4de6b373f10b06604dc5d8e1da02df 6.2.7 +2025ec8ad74f59981ad6598e9f6cd2a5c9c99f6b 6.2.8 +59a91bfbb6e46885f201e50f9197a7a44d3ba3ac 6.2.9 +9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0 +9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1 +0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2 +... + +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/x.y.z' +``` + +Lastly [apply patch](#apply-patch). If patch does not apply cleanly read on in the next section [Create new patch](#create-new-patch) to find out how to fix your patch. + +# Create new patch + +## Add your changes as commits + +Get `zabbix-docker` repo into a state with which you're happy then +``` +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' format-patch 7665739620ba6d99090838d502ab76d2f5a47e96^..a17380598ca66153ddc2a42eb618d906d4f582e6 --stdout > '/opt/containers/zabbixserver/zabbix-docker.patch' +``` + +Where the first commit hash is our first commit and the other commit hash is our last commit. Note the caret (`^`) right after the first commit hash. + +## Investigation + +You may have to try and find out how a known good base commit differs from a newer one in case the newer one does no longer cleanly accept the patch. + +Get commit hashes from both affected tags, e.g. +``` +while IFS= read -r tag; do printf -- '%s %s\n' "$(git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' rev-list -n 1 'refs/tags/'"${tag}")" "${tag}"; done < <(git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' --no-pager tag --list --sort=v:refname) + +# Output goes like: +... +89511f06ad4de6b373f10b06604dc5d8e1da02df 6.2.7 +2025ec8ad74f59981ad6598e9f6cd2a5c9c99f6b 6.2.8 +59a91bfbb6e46885f201e50f9197a7a44d3ba3ac 6.2.9 +9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0 +9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1 +0fa87156974e799e04bf +# Run +99e5300bad6830d754ab 6.4.2 +... +``` + +Diff them +``` +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' diff 9f16f6d773a2a46f1595c86077899d1e040db283 0fa87156974e799e04bf99e5300bad6830d754ab 'docker-compose_v3_alpine_pgsql_latest.yaml' +``` + +Output will be empty in case no difference exists in `docker-compose_v3_alpine_pgsql_latest.yaml` between both commit hashes. + +Commit your updated patch file into _this_ repo. With a new working patch in hand head back up to [Upgrade an existing repo](#upgrade-an-existing-repo). + +# Initial setup + +## Prep + +Get desired tag e.g. from version-sorted tags list +``` +while IFS= read -r tag; do printf -- '%s %s\n' "$(git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' rev-list -n 1 'refs/tags/'"${tag}")" "${tag}"; done < <(git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' --no-pager tag --list --sort=v:refname) + +# Output goes like: +... +89511f06ad4de6b373f10b06604dc5d8e1da02df 6.2.7 +2025ec8ad74f59981ad6598e9f6cd2a5c9c99f6b 6.2.8 +59a91bfbb6e46885f201e50f9197a7a44d3ba3ac 6.2.9 +9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0 +9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1 +0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2 +... +``` + +Switch to desired tag +``` +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/6.4.2' +``` + +## Apply patch + +Identify yourself to the local `zabbix-docker` repo +``` +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.name "hygienic-books" +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.email "hygienic-books@tentic.net" +``` + +Apply `zabbix-docker.patch` to Docker Compose file. We use Zabbix' `docker-compose_v3_alpine_pgsql_latest.yaml` Compose file. Assuming this repo lives at `/opt/containers/zabbixserver`: +``` +git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' am '/opt/containers/zabbixserver/zabbix-docker.patch' + +# Output will be: +Applying: refactor(compose): Remove trailing whitespace +Applying: refactor(compose): 4 leading spaces +Applying: refactor(compose): Indent comments +Applying: refactor(zabbix-server): Set correct libs paths +Applying: refactor(zabbix-server): Set TLS cert file names +Applying: feat(zabbix-server): Replace env files with variables +... +``` + +And now back up to [Docker Compose](#docker-compose). diff --git a/zabbixserver/build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CA_CERT_FILE b/zabbixserver/build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CA_CERT_FILE new file mode 100644 index 0000000..e69de29 diff --git a/zabbixserver/build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CERT_FILE b/zabbixserver/build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CERT_FILE new file mode 100644 index 0000000..e69de29 diff --git a/zabbixserver/build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_KEY_FILE b/zabbixserver/build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_KEY_FILE new file mode 100644 index 0000000..e69de29 diff --git a/zabbixserver/build-context/docker-data/postgres/config/docker-entrypoint-initdb.d/init-user-db.sh b/zabbixserver/build-context/docker-data/postgres/config/docker-entrypoint-initdb.d/init-user-db.sh new file mode 100755 index 0000000..8a2ef6d --- /dev/null +++ b/zabbixserver/build-context/docker-data/postgres/config/docker-entrypoint-initdb.d/init-user-db.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -e + +sleep 20 +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + DO + \$block\$ + BEGIN + IF EXISTS ( + SELECT FROM pg_catalog.pg_roles WHERE rolname = '${ZBX_DB_USERNAME_RO}' + ) + THEN + RAISE NOTICE 'Role ''${ZBX_DB_USERNAME_RO}'' already exists. Skipping ...'; + ELSE + CREATE ROLE "${ZBX_DB_USERNAME_RO}" WITH PASSWORD '${ZBX_DB_USERNAME_PW}'; + GRANT CONNECT ON DATABASE "${POSTGRES_DB}" TO "${ZBX_DB_USERNAME_RO}"; + GRANT SELECT ON ALL TABLES IN SCHEMA public TO "${ZBX_DB_USERNAME_RO}"; + END IF; + END + \$block\$; +EOSQL diff --git a/zabbixserver/build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CA_CERT_FILE b/zabbixserver/build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CA_CERT_FILE new file mode 100644 index 0000000..e69de29 diff --git a/zabbixserver/build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CERT_FILE b/zabbixserver/build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CERT_FILE new file mode 100644 index 0000000..e69de29 diff --git a/zabbixserver/build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_KEY_FILE b/zabbixserver/build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_KEY_FILE new file mode 100644 index 0000000..e69de29 diff --git a/zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE b/zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE new file mode 100644 index 0000000..e69de29 diff --git a/zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_KEY_FILE b/zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_KEY_FILE new file mode 100644 index 0000000..e69de29 diff --git a/zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/dhparam.pem b/zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/dhparam.pem new file mode 100644 index 0000000..161945f --- /dev/null +++ b/zabbixserver/build-context/docker-data/zabbixwebnginx/config/cert/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA1shg4Gf/2rG+kllZ1qE2or0BHGqhDdjw0DlwNlPL9qVaiqmU/TRq +LCxr0ZloKa8dwImvEtwxy8bJROMW7gcVfYebsOwTnNbQGePkQ3OSKyyBBG+A04rx +QAT6mxgG84ydQOicu42mK0lRwWeFUzZFauZa8CWEcaLcKBUxYQWN6QXOAk7pUQ32 +3vAjUKL8+dYUINCna5QXOPmNgnSmXJfjPEnLwveDUTj6IaXFLvWmJm4yRgi7AvXF +r85aAKl9FgT7e5+BntpJAP4Mj7TYxVyHHq7BLZAke7slwe6bkFLxQ6H3INlTYWgp +QEmALgW+KjiARTTh12NJgJvT0ti4ck7VA6P9eN5kw4FCEg1hZbMLFQg7asUWq9tV +7usrDC971W46YsrBstQg851Vbs64ZMf5+knHYJIWaUF5ZTQ1cHihKhEfGJOdRvxU +Py2q192knNzXwroqi/q22iUe9zu4kPRI3qLjR1brVcf8mkUGnMtkIZsO6cdHdvf9 ++2De05V57/yCp8R1QUY/UErdDSO+ey+gNFVfpIBdUIoy8+bG1Dcz70X8DDHXD+4+ +DJXeajEWS4xkHEB8kaoYGHS6dDJpQk/nsk2H4Mdb1M/uYDedLdMh3FVjH40lzQzR +oRYpzgieag0RPJcaxi6z8PN0HEuVpPA8EbOvxwDMR2zp4zJxHuA0inMCAQI= +-----END DH PARAMETERS----- diff --git a/zabbixserver/common-settings.yml b/zabbixserver/common-settings.yml new file mode 100644 index 0000000..c377067 --- /dev/null +++ b/zabbixserver/common-settings.yml @@ -0,0 +1,11 @@ +services: + common-settings: + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "10" + compress: "true" + environment: + TZ: Europe/Berlin + restart: unless-stopped diff --git a/zabbixserver/env/fqdn_contaxt.env.example b/zabbixserver/env/fqdn_contaxt.env.example new file mode 100644 index 0000000..c7de297 --- /dev/null +++ b/zabbixserver/env/fqdn_contaxt.env.example @@ -0,0 +1,27 @@ +# This file is maintained by remco and populated with data from HashiCorp +# Vault. Changes not done in Vault will be reverted when file gets rendered. + +CTX= +PHP_TZ= +POSTGRES_DB= +POSTGRES_PASSWORD= +POSTGRES_USER= +VAULT_TOKEN= +ZBX_DB_USERNAME_PW= +ZBX_DB_USERNAME_RO= +ZBX_PGSQL_TLS_CA_CERT_FILE= +ZBX_PGSQL_TLS_CERT_FILE= +ZBX_PGSQL_TLS_KEY_FILE= +ZBX_SERVER_HOST= +ZBX_SERVER_NAME= +ZBX_SERVER_TLS_CA_CERT_FILE= +ZBX_SERVER_TLS_CERT_FILE= +ZBX_SERVER_TLS_KEY_FILE= +ZBX_VAULTDBPATH= +ZBX_VAULTURL= +ZBX_WEBNGINX_EXPOSED_HTTPS_PORT= +ZBX_WEBNGINX_EXPOSED_HTTP_PORT= +ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE= +ZBX_WEBNGINX_TLS_KEY_FILE= +# When needed for temporary debugging +# ZBX_DEBUGLEVEL=4 diff --git a/zabbixserver/zabbix-docker.patch b/zabbixserver/zabbix-docker.patch new file mode 100644 index 0000000..5931be4 --- /dev/null +++ b/zabbixserver/zabbix-docker.patch @@ -0,0 +1,2374 @@ +From ff21b68dac12dc42d192fb59868c57b63e78624b Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:57:59 +0200 +Subject: [PATCH 01/32] refactor(compose): Remove trailing whitespace + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index de4ed58cd..97d59c4ac 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -6,7 +6,7 @@ services: + - "10051:10051" + volumes: + - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro ++ - /etc/timezone:/etc/timezone:ro + - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro + - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro + - ./zbx_env/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro +@@ -71,7 +71,7 @@ services: + - "10061:10051" + volumes: + - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro ++ - /etc/timezone:/etc/timezone:ro + - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro + - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro + - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +@@ -120,7 +120,7 @@ services: + - "10071:10051" + volumes: + - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro ++ - /etc/timezone:/etc/timezone:ro + - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro + - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro + - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +-- +2.39.1 + + +From aecfc17b400a6e9e924adc7590c1f1b6b62b0700 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Mon, 24 Apr 2023 18:08:56 +0200 +Subject: [PATCH 02/32] refactor(compose): 4 leading spaces + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 994 ++++++++++----------- + 1 file changed, 497 insertions(+), 497 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 97d59c4ac..7bb6e60be 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -1,518 +1,518 @@ + version: '3.5' + services: +- zabbix-server: +- image: zabbix/zabbix-server-pgsql:alpine-6.4-latest +- ports: +- - "10051:10051" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro +- - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro +- - ./zbx_env/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro +- - ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw +- - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro +- - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro +- - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro +-# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +-# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +-# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro +- ulimits: +- nproc: 65535 +- nofile: +- soft: 20000 +- hard: 40000 +- deploy: +- resources: +- limits: +- cpus: '0.70' +- memory: 1G +- reservations: +- cpus: '0.5' +- memory: 512M +- env_file: +- - ./env_vars/.env_db_pgsql +- - ./env_vars/.env_srv +- secrets: +- - POSTGRES_USER +- - POSTGRES_PASSWORD +- depends_on: +- - postgres-server +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-server +- - zabbix-server-pgsql +- - zabbix-server-alpine-pgsql +- - zabbix-server-pgsql-alpine +- zbx_net_frontend: +-# devices: +-# - "/dev/ttyUSB0:/dev/ttyUSB0" +- stop_grace_period: 30s +- sysctls: +- - net.ipv4.ip_local_port_range=1024 65000 +- - net.ipv4.conf.all.accept_redirects=0 +- - net.ipv4.conf.all.secure_redirects=0 +- - net.ipv4.conf.all.send_redirects=0 +- labels: +- com.zabbix.description: "Zabbix server with PostgreSQL database support" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-server" +- com.zabbix.dbtype: "pgsql" +- com.zabbix.os: "alpine" ++ zabbix-server: ++ image: zabbix/zabbix-server-pgsql:alpine-6.4-latest ++ ports: ++ - "10051:10051" ++ volumes: ++ - /etc/localtime:/etc/localtime:ro ++ - /etc/timezone:/etc/timezone:ro ++ - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro ++ - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro ++ - ./zbx_env/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro ++ - ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw ++ - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro ++ - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro ++ - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro ++ - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro ++ - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro ++# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro ++# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro ++# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro ++ ulimits: ++ nproc: 65535 ++ nofile: ++ soft: 20000 ++ hard: 40000 ++ deploy: ++ resources: ++ limits: ++ cpus: '0.70' ++ memory: 1G ++ reservations: ++ cpus: '0.5' ++ memory: 512M ++ env_file: ++ - ./env_vars/.env_db_pgsql ++ - ./env_vars/.env_srv ++ secrets: ++ - POSTGRES_USER ++ - POSTGRES_PASSWORD ++ depends_on: ++ - postgres-server ++ networks: ++ zbx_net_backend: ++ aliases: ++ - zabbix-server ++ - zabbix-server-pgsql ++ - zabbix-server-alpine-pgsql ++ - zabbix-server-pgsql-alpine ++ zbx_net_frontend: ++# devices: ++# - "/dev/ttyUSB0:/dev/ttyUSB0" ++ stop_grace_period: 30s ++ sysctls: ++ - net.ipv4.ip_local_port_range=1024 65000 ++ - net.ipv4.conf.all.accept_redirects=0 ++ - net.ipv4.conf.all.secure_redirects=0 ++ - net.ipv4.conf.all.send_redirects=0 ++ labels: ++ com.zabbix.description: "Zabbix server with PostgreSQL database support" ++ com.zabbix.company: "Zabbix LLC" ++ com.zabbix.component: "zabbix-server" ++ com.zabbix.dbtype: "pgsql" ++ com.zabbix.os: "alpine" + +- zabbix-proxy-sqlite3: +- image: zabbix/zabbix-proxy-sqlite3:alpine-6.4-latest +- profiles: +- - all +- ports: +- - "10061:10051" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro +- - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro +- - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro +- - snmptraps:/var/lib/zabbix/snmptraps:rw +- ulimits: +- nproc: 65535 +- nofile: +- soft: 20000 +- hard: 40000 +- deploy: +- resources: +- limits: +- cpus: '0.70' +- memory: 512M +- reservations: +- cpus: '0.3' +- memory: 256M +- env_file: +- - ./env_vars/.env_prx +- - ./env_vars/.env_prx_sqlite3 +- depends_on: +- - zabbix-java-gateway +- - zabbix-snmptraps +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-proxy-sqlite3 +- - zabbix-proxy-alpine-sqlite3 +- - zabbix-proxy-sqlite3-alpine +- zbx_net_frontend: +- stop_grace_period: 30s +- labels: +- com.zabbix.description: "Zabbix proxy with SQLite3 database support" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-proxy" +- com.zabbix.dbtype: "sqlite3" +- com.zabbix.os: "alpine" ++ zabbix-proxy-sqlite3: ++ image: zabbix/zabbix-proxy-sqlite3:alpine-6.4-latest ++ profiles: ++ - all ++ ports: ++ - "10061:10051" ++ volumes: ++ - /etc/localtime:/etc/localtime:ro ++ - /etc/timezone:/etc/timezone:ro ++ - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro ++ - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro ++ - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro ++ - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro ++ - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro ++ - snmptraps:/var/lib/zabbix/snmptraps:rw ++ ulimits: ++ nproc: 65535 ++ nofile: ++ soft: 20000 ++ hard: 40000 ++ deploy: ++ resources: ++ limits: ++ cpus: '0.70' ++ memory: 512M ++ reservations: ++ cpus: '0.3' ++ memory: 256M ++ env_file: ++ - ./env_vars/.env_prx ++ - ./env_vars/.env_prx_sqlite3 ++ depends_on: ++ - zabbix-java-gateway ++ - zabbix-snmptraps ++ networks: ++ zbx_net_backend: ++ aliases: ++ - zabbix-proxy-sqlite3 ++ - zabbix-proxy-alpine-sqlite3 ++ - zabbix-proxy-sqlite3-alpine ++ zbx_net_frontend: ++ stop_grace_period: 30s ++ labels: ++ com.zabbix.description: "Zabbix proxy with SQLite3 database support" ++ com.zabbix.company: "Zabbix LLC" ++ com.zabbix.component: "zabbix-proxy" ++ com.zabbix.dbtype: "sqlite3" ++ com.zabbix.os: "alpine" + +- zabbix-proxy-mysql: +- image: zabbix/zabbix-proxy-mysql:alpine-6.4-latest +- profiles: +- - all +- ports: +- - "10071:10051" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro +- - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro +- - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro +- - snmptraps:/var/lib/zabbix/snmptraps:rw +- ulimits: +- nproc: 65535 +- nofile: +- soft: 20000 +- hard: 40000 +- deploy: +- resources: +- limits: +- cpus: '0.70' +- memory: 512M +- reservations: +- cpus: '0.3' +- memory: 256M +- env_file: +- - ./env_vars/.env_db_mysql_proxy +- - ./env_vars/.env_prx +- - ./env_vars/.env_prx_mysql +- secrets: +- - MYSQL_USER +- - MYSQL_PASSWORD +- - MYSQL_ROOT_USER +- - MYSQL_ROOT_PASSWORD +- depends_on: +- - mysql-server +- - zabbix-java-gateway +- - zabbix-snmptraps +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-proxy-mysql +- - zabbix-proxy-alpine-mysql +- - zabbix-proxy-mysql-alpine +- zbx_net_frontend: +- stop_grace_period: 30s +- labels: +- com.zabbix.description: "Zabbix proxy with MySQL database support" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-proxy" +- com.zabbix.dbtype: "mysql" +- com.zabbix.os: "alpine" ++ zabbix-proxy-mysql: ++ image: zabbix/zabbix-proxy-mysql:alpine-6.4-latest ++ profiles: ++ - all ++ ports: ++ - "10071:10051" ++ volumes: ++ - /etc/localtime:/etc/localtime:ro ++ - /etc/timezone:/etc/timezone:ro ++ - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro ++ - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro ++ - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro ++ - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro ++ - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro ++ - snmptraps:/var/lib/zabbix/snmptraps:rw ++ ulimits: ++ nproc: 65535 ++ nofile: ++ soft: 20000 ++ hard: 40000 ++ deploy: ++ resources: ++ limits: ++ cpus: '0.70' ++ memory: 512M ++ reservations: ++ cpus: '0.3' ++ memory: 256M ++ env_file: ++ - ./env_vars/.env_db_mysql_proxy ++ - ./env_vars/.env_prx ++ - ./env_vars/.env_prx_mysql ++ secrets: ++ - MYSQL_USER ++ - MYSQL_PASSWORD ++ - MYSQL_ROOT_USER ++ - MYSQL_ROOT_PASSWORD ++ depends_on: ++ - mysql-server ++ - zabbix-java-gateway ++ - zabbix-snmptraps ++ networks: ++ zbx_net_backend: ++ aliases: ++ - zabbix-proxy-mysql ++ - zabbix-proxy-alpine-mysql ++ - zabbix-proxy-mysql-alpine ++ zbx_net_frontend: ++ stop_grace_period: 30s ++ labels: ++ com.zabbix.description: "Zabbix proxy with MySQL database support" ++ com.zabbix.company: "Zabbix LLC" ++ com.zabbix.component: "zabbix-proxy" ++ com.zabbix.dbtype: "mysql" ++ com.zabbix.os: "alpine" + +- zabbix-web-apache-pgsql: +- image: zabbix/zabbix-web-apache-pgsql:alpine-6.4-latest +- profiles: +- - all +- ports: +- - "8081:8080" +- - "8443:8443" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro +- - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +-# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +-# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +-# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro +- deploy: +- resources: +- limits: +- cpus: '0.70' +- memory: 512M +- reservations: +- cpus: '0.5' +- memory: 256M +- env_file: +- - ./env_vars/.env_db_pgsql +- - ./env_vars/.env_web +- secrets: +- - POSTGRES_USER +- - POSTGRES_PASSWORD +- depends_on: +- - postgres-server +- - zabbix-server +- healthcheck: +- test: ["CMD", "curl", "-f", "http://localhost:8080/"] +- interval: 10s +- timeout: 5s +- retries: 3 +- start_period: 30s +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-web-apache-pgsql +- - zabbix-web-apache-alpine-pgsql +- - zabbix-web-apache-pgsql-alpine +- zbx_net_frontend: +- stop_grace_period: 10s +- sysctls: +- - net.core.somaxconn=65535 +- labels: +- com.zabbix.description: "Zabbix frontend on Apache web-server with PostgreSQL database support" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-frontend" +- com.zabbix.webserver: "apache2" +- com.zabbix.dbtype: "pgsql" +- com.zabbix.os: "alpine" ++ zabbix-web-apache-pgsql: ++ image: zabbix/zabbix-web-apache-pgsql:alpine-6.4-latest ++ profiles: ++ - all ++ ports: ++ - "8081:8080" ++ - "8443:8443" ++ volumes: ++ - /etc/localtime:/etc/localtime:ro ++ - /etc/timezone:/etc/timezone:ro ++ - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro ++ - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro ++# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro ++# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro ++# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro ++ deploy: ++ resources: ++ limits: ++ cpus: '0.70' ++ memory: 512M ++ reservations: ++ cpus: '0.5' ++ memory: 256M ++ env_file: ++ - ./env_vars/.env_db_pgsql ++ - ./env_vars/.env_web ++ secrets: ++ - POSTGRES_USER ++ - POSTGRES_PASSWORD ++ depends_on: ++ - postgres-server ++ - zabbix-server ++ healthcheck: ++ test: ["CMD", "curl", "-f", "http://localhost:8080/"] ++ interval: 10s ++ timeout: 5s ++ retries: 3 ++ start_period: 30s ++ networks: ++ zbx_net_backend: ++ aliases: ++ - zabbix-web-apache-pgsql ++ - zabbix-web-apache-alpine-pgsql ++ - zabbix-web-apache-pgsql-alpine ++ zbx_net_frontend: ++ stop_grace_period: 10s ++ sysctls: ++ - net.core.somaxconn=65535 ++ labels: ++ com.zabbix.description: "Zabbix frontend on Apache web-server with PostgreSQL database support" ++ com.zabbix.company: "Zabbix LLC" ++ com.zabbix.component: "zabbix-frontend" ++ com.zabbix.webserver: "apache2" ++ com.zabbix.dbtype: "pgsql" ++ com.zabbix.os: "alpine" + +- zabbix-web-nginx-pgsql: +- image: zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest +- ports: +- - "80:8080" +- - "443:8443" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro +- - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +-# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +-# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +-# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro +- deploy: +- resources: +- limits: +- cpus: '0.70' +- memory: 512M +- reservations: +- cpus: '0.5' +- memory: 256M +- env_file: +- - ./env_vars/.env_db_pgsql +- - ./env_vars/.env_web +- secrets: +- - POSTGRES_USER +- - POSTGRES_PASSWORD +- depends_on: +- - postgres-server +- - zabbix-server +- healthcheck: +- test: ["CMD", "curl", "-f", "http://localhost:8080/ping"] +- interval: 10s +- timeout: 5s +- retries: 3 +- start_period: 30s +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-web-nginx-pgsql +- - zabbix-web-nginx-alpine-pgsql +- - zabbix-web-nginx-pgsql-alpine +- zbx_net_frontend: +- stop_grace_period: 10s +- sysctls: +- - net.core.somaxconn=65535 +- labels: +- com.zabbix.description: "Zabbix frontend on Nginx web-server with PostgreSQL database support" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-frontend" +- com.zabbix.webserver: "nginx" +- com.zabbix.dbtype: "pgsql" +- com.zabbix.os: "alpine" ++ zabbix-web-nginx-pgsql: ++ image: zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest ++ ports: ++ - "80:8080" ++ - "443:8443" ++ volumes: ++ - /etc/localtime:/etc/localtime:ro ++ - /etc/timezone:/etc/timezone:ro ++ - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro ++ - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro ++# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro ++# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro ++# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro ++ deploy: ++ resources: ++ limits: ++ cpus: '0.70' ++ memory: 512M ++ reservations: ++ cpus: '0.5' ++ memory: 256M ++ env_file: ++ - ./env_vars/.env_db_pgsql ++ - ./env_vars/.env_web ++ secrets: ++ - POSTGRES_USER ++ - POSTGRES_PASSWORD ++ depends_on: ++ - postgres-server ++ - zabbix-server ++ healthcheck: ++ test: ["CMD", "curl", "-f", "http://localhost:8080/ping"] ++ interval: 10s ++ timeout: 5s ++ retries: 3 ++ start_period: 30s ++ networks: ++ zbx_net_backend: ++ aliases: ++ - zabbix-web-nginx-pgsql ++ - zabbix-web-nginx-alpine-pgsql ++ - zabbix-web-nginx-pgsql-alpine ++ zbx_net_frontend: ++ stop_grace_period: 10s ++ sysctls: ++ - net.core.somaxconn=65535 ++ labels: ++ com.zabbix.description: "Zabbix frontend on Nginx web-server with PostgreSQL database support" ++ com.zabbix.company: "Zabbix LLC" ++ com.zabbix.component: "zabbix-frontend" ++ com.zabbix.webserver: "nginx" ++ com.zabbix.dbtype: "pgsql" ++ com.zabbix.os: "alpine" + +- zabbix-agent: +- image: zabbix/zabbix-agent:alpine-6.4-latest +- profiles: +- - full +- - all +- ports: +- - "10050:10050" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro +- - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro +- deploy: +- resources: +- limits: +- cpus: '0.2' +- memory: 128M +- reservations: +- cpus: '0.1' +- memory: 64M +- mode: global +- env_file: +- - ./env_vars/.env_agent +- privileged: true +- pid: "host" +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-agent +- - zabbix-agent-passive +- - zabbix-agent-alpine +- stop_grace_period: 5s +- labels: +- com.zabbix.description: "Zabbix agent" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-agentd" +- com.zabbix.os: "alpine" ++ zabbix-agent: ++ image: zabbix/zabbix-agent:alpine-6.4-latest ++ profiles: ++ - full ++ - all ++ ports: ++ - "10050:10050" ++ volumes: ++ - /etc/localtime:/etc/localtime:ro ++ - /etc/timezone:/etc/timezone:ro ++ - ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro ++ - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro ++ - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro ++ - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro ++ deploy: ++ resources: ++ limits: ++ cpus: '0.2' ++ memory: 128M ++ reservations: ++ cpus: '0.1' ++ memory: 64M ++ mode: global ++ env_file: ++ - ./env_vars/.env_agent ++ privileged: true ++ pid: "host" ++ networks: ++ zbx_net_backend: ++ aliases: ++ - zabbix-agent ++ - zabbix-agent-passive ++ - zabbix-agent-alpine ++ stop_grace_period: 5s ++ labels: ++ com.zabbix.description: "Zabbix agent" ++ com.zabbix.company: "Zabbix LLC" ++ com.zabbix.component: "zabbix-agentd" ++ com.zabbix.os: "alpine" + +- zabbix-java-gateway: +- image: zabbix/zabbix-java-gateway:alpine-6.4-latest +- profiles: +- - full +- - all +- ports: +- - "10052:10052" +- deploy: +- resources: +- limits: +- cpus: '0.5' +- memory: 512M +- reservations: +- cpus: '0.25' +- memory: 256M +- env_file: +- - ./env_vars/.env_java +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-java-gateway +- - zabbix-java-gateway-alpine +- stop_grace_period: 5s +- labels: +- com.zabbix.description: "Zabbix Java Gateway" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "java-gateway" +- com.zabbix.os: "alpine" ++ zabbix-java-gateway: ++ image: zabbix/zabbix-java-gateway:alpine-6.4-latest ++ profiles: ++ - full ++ - all ++ ports: ++ - "10052:10052" ++ deploy: ++ resources: ++ limits: ++ cpus: '0.5' ++ memory: 512M ++ reservations: ++ cpus: '0.25' ++ memory: 256M ++ env_file: ++ - ./env_vars/.env_java ++ networks: ++ zbx_net_backend: ++ aliases: ++ - zabbix-java-gateway ++ - zabbix-java-gateway-alpine ++ stop_grace_period: 5s ++ labels: ++ com.zabbix.description: "Zabbix Java Gateway" ++ com.zabbix.company: "Zabbix LLC" ++ com.zabbix.component: "java-gateway" ++ com.zabbix.os: "alpine" + +- zabbix-snmptraps: +- image: zabbix/zabbix-snmptraps:alpine-6.4-latest +- profiles: +- - full +- - all +- ports: +- - "162:1162/udp" +- volumes: +- - snmptraps:/var/lib/zabbix/snmptraps:rw +- deploy: +- resources: +- limits: +- cpus: '0.5' +- memory: 256M +- reservations: +- cpus: '0.25' +- memory: 128M +- networks: +- zbx_net_frontend: +- aliases: +- - zabbix-snmptraps +- zbx_net_backend: +- stop_grace_period: 5s +- labels: +- com.zabbix.description: "Zabbix snmptraps" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "snmptraps" +- com.zabbix.os: "alpine" ++ zabbix-snmptraps: ++ image: zabbix/zabbix-snmptraps:alpine-6.4-latest ++ profiles: ++ - full ++ - all ++ ports: ++ - "162:1162/udp" ++ volumes: ++ - snmptraps:/var/lib/zabbix/snmptraps:rw ++ deploy: ++ resources: ++ limits: ++ cpus: '0.5' ++ memory: 256M ++ reservations: ++ cpus: '0.25' ++ memory: 128M ++ networks: ++ zbx_net_frontend: ++ aliases: ++ - zabbix-snmptraps ++ zbx_net_backend: ++ stop_grace_period: 5s ++ labels: ++ com.zabbix.description: "Zabbix snmptraps" ++ com.zabbix.company: "Zabbix LLC" ++ com.zabbix.component: "snmptraps" ++ com.zabbix.os: "alpine" + +- zabbix-web-service: +- image: zabbix/zabbix-web-service:alpine-6.4-latest +- profiles: +- - full +- - all +- ports: +- - "10053:10053" +- volumes: +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- security_opt: +- - seccomp:./env_vars/chrome_dp.json +- deploy: +- resources: +- limits: +- cpus: '0.5' +- memory: 512M +- reservations: +- cpus: '0.25' +- memory: 256M +- env_file: +- - ./env_vars/.env_web_service +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-web-service +- - zabbix-web-service-alpine +- stop_grace_period: 5s +- labels: +- com.zabbix.description: "Zabbix web service" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "web-service" +- com.zabbix.os: "alpine" ++ zabbix-web-service: ++ image: zabbix/zabbix-web-service:alpine-6.4-latest ++ profiles: ++ - full ++ - all ++ ports: ++ - "10053:10053" ++ volumes: ++ - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro ++ security_opt: ++ - seccomp:./env_vars/chrome_dp.json ++ deploy: ++ resources: ++ limits: ++ cpus: '0.5' ++ memory: 512M ++ reservations: ++ cpus: '0.25' ++ memory: 256M ++ env_file: ++ - ./env_vars/.env_web_service ++ networks: ++ zbx_net_backend: ++ aliases: ++ - zabbix-web-service ++ - zabbix-web-service-alpine ++ stop_grace_period: 5s ++ labels: ++ com.zabbix.description: "Zabbix web service" ++ com.zabbix.company: "Zabbix LLC" ++ com.zabbix.component: "web-service" ++ com.zabbix.os: "alpine" + +- mysql-server: +- image: mysql:8.0-oracle +- profiles: +- - all +- command: +- - mysqld +- - --character-set-server=utf8mb4 +- - --collation-server=utf8mb4_bin +- - --skip-character-set-client-handshake +- - --default-authentication-plugin=mysql_native_password +- volumes: +- - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw +- env_file: +- - ./env_vars/.env_db_mysql +- secrets: +- - MYSQL_USER +- - MYSQL_PASSWORD +- - MYSQL_ROOT_PASSWORD +- stop_grace_period: 1m +- networks: +- zbx_net_backend: +- aliases: +- - mysql-server +- - zabbix-database +- - mysql-database ++ mysql-server: ++ image: mysql:8.0-oracle ++ profiles: ++ - all ++ command: ++ - mysqld ++ - --character-set-server=utf8mb4 ++ - --collation-server=utf8mb4_bin ++ - --skip-character-set-client-handshake ++ - --default-authentication-plugin=mysql_native_password ++ volumes: ++ - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw ++ env_file: ++ - ./env_vars/.env_db_mysql ++ secrets: ++ - MYSQL_USER ++ - MYSQL_PASSWORD ++ - MYSQL_ROOT_PASSWORD ++ stop_grace_period: 1m ++ networks: ++ zbx_net_backend: ++ aliases: ++ - mysql-server ++ - zabbix-database ++ - mysql-database + +- postgres-server: +- image: postgres:14-alpine +-# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem +- volumes: +- - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw +- - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +- - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro +- - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro +- env_file: +- - ./env_vars/.env_db_pgsql +- secrets: +- - POSTGRES_USER +- - POSTGRES_PASSWORD +- stop_grace_period: 1m +- networks: +- zbx_net_backend: +- aliases: +- - postgres-server +- - pgsql-server +- - pgsql-database ++ postgres-server: ++ image: postgres:14-alpine ++# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem ++ volumes: ++ - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw ++ - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro ++ - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro ++ - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro ++ env_file: ++ - ./env_vars/.env_db_pgsql ++ secrets: ++ - POSTGRES_USER ++ - POSTGRES_PASSWORD ++ stop_grace_period: 1m ++ networks: ++ zbx_net_backend: ++ aliases: ++ - postgres-server ++ - pgsql-server ++ - pgsql-database + +- db_data_mysql: +- image: busybox +- profiles: +- - all +- volumes: +- - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw ++ db_data_mysql: ++ image: busybox ++ profiles: ++ - all ++ volumes: ++ - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw + +- db_data_pgsql: +- image: busybox +- volumes: +- - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw ++ db_data_pgsql: ++ image: busybox ++ volumes: ++ - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + +-# elasticsearch: +-# image: elasticsearch +-# profiles: +-# - full +-# - all +-# environment: +-# - transport.host=0.0.0.0 +-# - discovery.zen.minimum_master_nodes=1 +-# networks: +-# zbx_net_backend: +-# aliases: +-# - elasticsearch ++# elasticsearch: ++# image: elasticsearch ++# profiles: ++# - full ++# - all ++# environment: ++# - transport.host=0.0.0.0 ++# - discovery.zen.minimum_master_nodes=1 ++# networks: ++# zbx_net_backend: ++# aliases: ++# - elasticsearch + + networks: +- zbx_net_frontend: +- driver: bridge +- driver_opts: +- com.docker.network.enable_ipv6: "false" +- ipam: +- driver: default +- config: +- - subnet: 172.16.238.0/24 +- zbx_net_backend: +- driver: bridge +- driver_opts: +- com.docker.network.enable_ipv6: "false" +- internal: true +- ipam: +- driver: default +- config: +- - subnet: 172.16.239.0/24 ++ zbx_net_frontend: ++ driver: bridge ++ driver_opts: ++ com.docker.network.enable_ipv6: "false" ++ ipam: ++ driver: default ++ config: ++ - subnet: 172.16.238.0/24 ++ zbx_net_backend: ++ driver: bridge ++ driver_opts: ++ com.docker.network.enable_ipv6: "false" ++ internal: true ++ ipam: ++ driver: default ++ config: ++ - subnet: 172.16.239.0/24 + + volumes: +- snmptraps: ++ snmptraps: + + secrets: +- MYSQL_USER: +- file: ./env_vars/.MYSQL_USER +- MYSQL_PASSWORD: +- file: ./env_vars/.MYSQL_PASSWORD +- MYSQL_ROOT_USER: +- file: ./env_vars/.MYSQL_ROOT_USER +- MYSQL_ROOT_PASSWORD: +- file: ./env_vars/.MYSQL_ROOT_PASSWORD +- POSTGRES_USER: +- file: ./env_vars/.POSTGRES_USER +- POSTGRES_PASSWORD: +- file: ./env_vars/.POSTGRES_PASSWORD ++ MYSQL_USER: ++ file: ./env_vars/.MYSQL_USER ++ MYSQL_PASSWORD: ++ file: ./env_vars/.MYSQL_PASSWORD ++ MYSQL_ROOT_USER: ++ file: ./env_vars/.MYSQL_ROOT_USER ++ MYSQL_ROOT_PASSWORD: ++ file: ./env_vars/.MYSQL_ROOT_PASSWORD ++ POSTGRES_USER: ++ file: ./env_vars/.POSTGRES_USER ++ POSTGRES_PASSWORD: ++ file: ./env_vars/.POSTGRES_PASSWORD +-- +2.39.1 + + +From 2a1521eba7b99494868462e06af17022ff3dfaf0 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Mon, 24 Apr 2023 18:21:25 +0200 +Subject: [PATCH 03/32] refactor(compose): Indent comments + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 24 +++++++++++----------- + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 7bb6e60be..d08a1d307 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -16,9 +16,9 @@ services: + - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro + - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro + - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro +-# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +-# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +-# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro ++ # - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro ++ # - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro ++ # - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro + ulimits: + nproc: 65535 + nofile: +@@ -48,8 +48,8 @@ services: + - zabbix-server-alpine-pgsql + - zabbix-server-pgsql-alpine + zbx_net_frontend: +-# devices: +-# - "/dev/ttyUSB0:/dev/ttyUSB0" ++ # devices: ++ # - "/dev/ttyUSB0:/dev/ttyUSB0" + stop_grace_period: 30s + sysctls: + - net.ipv4.ip_local_port_range=1024 65000 +@@ -180,9 +180,9 @@ services: + - /etc/timezone:/etc/timezone:ro + - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +-# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +-# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +-# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro ++ # - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro ++ # - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro ++ # - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro + deploy: + resources: + limits: +@@ -234,9 +234,9 @@ services: + - /etc/timezone:/etc/timezone:ro + - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro + - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +-# - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +-# - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +-# - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro ++ # - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro ++ # - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro ++ # - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro + deploy: + resources: + limits: +@@ -437,7 +437,7 @@ services: + + postgres-server: + image: postgres:14-alpine +-# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem ++ # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem + volumes: + - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +-- +2.39.1 + + +From a5859e93d6ac47e82dc7c3edba0403a948292353 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Mon, 24 Apr 2023 18:27:56 +0200 +Subject: [PATCH 04/32] refactor(zabbix-server): Set correct libs paths + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index d08a1d307..aab6baabd 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -7,15 +7,15 @@ services: + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro +- - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro +- - ./zbx_env/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro +- - ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw +- - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro +- - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro +- - ./zbx_env/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro + # - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro + # - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro + # - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro +-- +2.39.1 + + +From 5eb39ec2c5351899c96c4e263e59c89990920aad Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Mon, 24 Apr 2023 18:35:45 +0200 +Subject: [PATCH 05/32] refactor(zabbix-server): Set TLS cert file names + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index aab6baabd..c996317d0 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -16,9 +16,9 @@ services: + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro +- # - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +- # - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +- # - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro + ulimits: + nproc: 65535 + nofile: +-- +2.39.1 + + +From bd58fe5292e5912d4e3e117a44604d745138c263 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 00:41:48 +0200 +Subject: [PATCH 06/32] feat(zabbix-server): Replace env files with variables + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index c996317d0..671776adb 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -32,9 +32,13 @@ services: + reservations: + cpus: '0.5' + memory: 512M +- env_file: +- - ./env_vars/.env_db_pgsql +- - ./env_vars/.env_srv ++ environment: ++ POSTGRES_USER: ${POSTGRES_USER} ++ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} ++ ZBX_VAULTURL: ${ZBX_VAULTURL} ++ VAULT_TOKEN: ${VAULT_TOKEN} ++ ZBX_VAULTDBPATH: ${ZBX_VAULTDBPATH} ++ ZBX_DEBUGLEVEL: ${ZBX_DEBUGLEVEL:-3} + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD +-- +2.39.1 + + +From b180b2361739b3e15e311b00da0224daed13867a Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 00:42:15 +0200 +Subject: [PATCH 07/32] refactor(zabbix-server): Remove PostgreSQL secrets use + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 671776adb..411ce6149 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -39,9 +39,6 @@ services: + VAULT_TOKEN: ${VAULT_TOKEN} + ZBX_VAULTDBPATH: ${ZBX_VAULTDBPATH} + ZBX_DEBUGLEVEL: ${ZBX_DEBUGLEVEL:-3} +- secrets: +- - POSTGRES_USER +- - POSTGRES_PASSWORD + depends_on: + - postgres-server + networks: +-- +2.39.1 + + +From 8845932dac0207334ed9c4eaa375cb8ee143c4ab Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 00:47:17 +0200 +Subject: [PATCH 08/32] refactor(zabbix-web-nginx): Replace exposed ports with + a local one from our registry + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 411ce6149..4d80dacf7 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -228,8 +228,8 @@ services: + zabbix-web-nginx-pgsql: + image: zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest + ports: +- - "80:8080" +- - "443:8443" ++ - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080" ++ - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443" + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro +-- +2.39.1 + + +From b156be97efd084bd6c9aa695f57da7785f9a3616 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 00:55:25 +0200 +Subject: [PATCH 09/32] refactor(zabbix-web-nginx): Set named volumes + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 4d80dacf7..a90d04c87 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -233,11 +233,10 @@ services: + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro +- - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +- # - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +- # - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +- # - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro ++ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro ++ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro ++ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro ++ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro + deploy: + resources: + limits: +-- +2.39.1 + + +From ca6340c9a4ec422827c4f9de3c6ed9ddc45e0ba8 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 00:56:02 +0200 +Subject: [PATCH 10/32] refactor(zabbix-web-nginx): Replace env files with vars + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index a90d04c87..b347b0ae6 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -245,9 +245,12 @@ services: + reservations: + cpus: '0.5' + memory: 256M +- env_file: +- - ./env_vars/.env_db_pgsql +- - ./env_vars/.env_web ++ environment: ++ PHP_TZ: ${PHP_TZ} ++ ZBX_SERVER_NAME: ${ZBX_SERVER_NAME} ++ ZBX_SERVER_HOST: ${ZBX_SERVER_HOST} ++ POSTGRES_USER: ${POSTGRES_USER} ++ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD +-- +2.39.1 + + +From 1bf9e5393c865b7deaa932254b42bfb29871a761 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 00:56:19 +0200 +Subject: [PATCH 11/32] refactor(zabbix-web-nginx): Remove secrets + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index b347b0ae6..07dce0440 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -251,9 +251,6 @@ services: + ZBX_SERVER_HOST: ${ZBX_SERVER_HOST} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} +- secrets: +- - POSTGRES_USER +- - POSTGRES_PASSWORD + depends_on: + - postgres-server + - zabbix-server +-- +2.39.1 + + +From a8467ddad604567d7e9b31e3d9f50af06c8cd8d3 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:01:03 +0200 +Subject: [PATCH 12/32] refactor(postgresql): Use static username ID + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 07dce0440..6ed1387ed 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -438,6 +438,7 @@ services: + postgres-server: + image: postgres:14-alpine + # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem ++ user: 70:70 + volumes: + - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +-- +2.39.1 + + +From 6bb790bf90b8af394fa272cb0f4994e79e2bf587 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:01:52 +0200 +Subject: [PATCH 13/32] refactor(postgresql): Set custom container name + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 6ed1387ed..0f3cd4551 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -437,6 +437,7 @@ services: + + postgres-server: + image: postgres:14-alpine ++ container_name: zabbixserver-postgres-${CTX} + # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem + user: 70:70 + volumes: +-- +2.39.1 + + +From a0a2fd6f60a8a8dbf7321cb246816765b0dbef93 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:02:28 +0200 +Subject: [PATCH 14/32] refactor(zabbix-web-nginx): Set custom container name + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 0f3cd4551..08f68e5fb 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -171,6 +171,7 @@ services: + + zabbix-web-apache-pgsql: + image: zabbix/zabbix-web-apache-pgsql:alpine-6.4-latest ++ container_name: zabbixserver-zabbixwebnginx-${CTX} + profiles: + - all + ports: +-- +2.39.1 + + +From 5d9a63a8c05aee7c2df5ccb553f01c3fcb9bb9c9 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:02:57 +0200 +Subject: [PATCH 15/32] refactor(zabbix-server): Set custom container name + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 08f68e5fb..12f0a89a5 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -2,6 +2,7 @@ version: '3.5' + services: + zabbix-server: + image: zabbix/zabbix-server-pgsql:alpine-6.4-latest ++ container_name: zabbixserver-zabbixserver-${CTX} + ports: + - "10051:10051" + volumes: +-- +2.39.1 + + +From ff73814d46448d621aef82b35073e7ed904bf7e0 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:03:46 +0200 +Subject: [PATCH 16/32] refactor(postgresql): Publicly expose so that other + tools can access the database + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 12f0a89a5..e6d3e029c 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -442,6 +442,8 @@ services: + container_name: zabbixserver-postgres-${CTX} + # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem + user: 70:70 ++ ports: ++ - "5432:5432" + volumes: + - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +-- +2.39.1 + + +From 454e2fd72b3a9b6b1c0bbd3c9a6b7b843abfe573 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:07:54 +0200 +Subject: [PATCH 17/32] refactor(postgresql): Replace static file names with + vars + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index e6d3e029c..d9468bcb2 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -445,10 +445,10 @@ services: + ports: + - "5432:5432" + volumes: +- - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw +- - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +- - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro +- - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro ++ - /opt/docker-data/zabbixserver/postgres/data:/var/lib/postgresql/data:rw ++ - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro ++ - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro ++ - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro + env_file: + - ./env_vars/.env_db_pgsql + secrets: +-- +2.39.1 + + +From b5dfe5ebe751623e8045ac3acb662c166a489a4f Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:09:36 +0200 +Subject: [PATCH 18/32] refactor(compose): Extend existing default configs + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index d9468bcb2..a846f89cb 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -3,6 +3,9 @@ services: + zabbix-server: + image: zabbix/zabbix-server-pgsql:alpine-6.4-latest + container_name: zabbixserver-zabbixserver-${CTX} ++ extends: ++ file: common-settings.yml ++ service: common-settings + ports: + - "10051:10051" + volumes: +@@ -229,6 +232,9 @@ services: + + zabbix-web-nginx-pgsql: + image: zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest ++ extends: ++ file: common-settings.yml ++ service: common-settings + ports: + - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080" + - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443" +@@ -444,6 +450,9 @@ services: + user: 70:70 + ports: + - "5432:5432" ++ extends: ++ file: common-settings.yml ++ service: common-settings + volumes: + - /opt/docker-data/zabbixserver/postgres/data:/var/lib/postgresql/data:rw + - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro +-- +2.39.1 + + +From fb8a67ddda7bf643e60be2c52acf1e1121e5b940 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:10:33 +0200 +Subject: [PATCH 19/32] refactor(postgresql): Start with SSL cert + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index a846f89cb..32e5ddc3c 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -446,7 +446,7 @@ services: + postgres-server: + image: postgres:14-alpine + container_name: zabbixserver-postgres-${CTX} +- # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem ++ command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem + user: 70:70 + ports: + - "5432:5432" +-- +2.39.1 + + +From 7632d7ba546f695f9edcf488c93d98067a353b60 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:11:13 +0200 +Subject: [PATCH 20/32] refactor(compose): Add context string to path + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 32e5ddc3c..2ea5dfb5c 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -241,10 +241,10 @@ services: + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro +- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro +- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro +- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro +- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro + deploy: + resources: + limits: +@@ -454,10 +454,10 @@ services: + file: common-settings.yml + service: common-settings + volumes: +- - /opt/docker-data/zabbixserver/postgres/data:/var/lib/postgresql/data:rw +- - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro +- - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro +- - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw ++ - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro + env_file: + - ./env_vars/.env_db_pgsql + secrets: +-- +2.39.1 + + +From a9c2bf02c1666418ebc6ab96a6a3d328c16a01b3 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:12:22 +0200 +Subject: [PATCH 21/32] refactor(postgresql): Rename config dir + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 2ea5dfb5c..e8a395748 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -241,10 +241,10 @@ services: + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro +- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro +- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro +- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro +- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/modules:/usr/share/zabbix/modules/:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro ++ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro + deploy: + resources: + limits: +-- +2.39.1 + + +From 97c9c98eada41f53fdb15d472683227df76cf454 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:16:16 +0200 +Subject: [PATCH 22/32] refactor(postgresql): Replace env files with vars + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index e8a395748..88f4b378b 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -458,8 +458,12 @@ services: + - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro +- env_file: +- - ./env_vars/.env_db_pgsql ++ environment: ++ POSTGRES_USER: ${POSTGRES_USER} ++ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} ++ POSTGRES_DB: ${POSTGRES_DB} ++ ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO} ++ ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW} + secrets: + - POSTGRES_USER + - POSTGRES_PASSWORD +-- +2.39.1 + + +From 1e5285c2e73fa8080252ec8c2703ea784b6b952d Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:16:31 +0200 +Subject: [PATCH 23/32] refactor(postgresql): Remove secrets + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 88f4b378b..c553103fe 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -464,9 +464,6 @@ services: + POSTGRES_DB: ${POSTGRES_DB} + ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO} + ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW} +- secrets: +- - POSTGRES_USER +- - POSTGRES_PASSWORD + stop_grace_period: 1m + networks: + zbx_net_backend: +-- +2.39.1 + + +From af22272e449f8d77bf73fb3739869bbc61a2d775 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:18:32 +0200 +Subject: [PATCH 24/32] refactor(postgresql): Add named volume + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index c553103fe..e63e35d40 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -482,7 +482,7 @@ services: + db_data_pgsql: + image: busybox + volumes: +- - ./zbx_env/var/lib/postgresql/data:/var/lib/postgresql/data:rw ++ - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw + + # elasticsearch: + # image: elasticsearch +-- +2.39.1 + + +From 1313efaed31fa7fa6ed4beb01d54fd5ec1a072d5 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:20:57 +0200 +Subject: [PATCH 25/32] refactor(zbx_net_backend): Make external + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index e63e35d40..ab319b042 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -510,7 +510,12 @@ networks: + driver: bridge + driver_opts: + com.docker.network.enable_ipv6: "false" +- internal: true ++ # Should not be Zabbix' official default 'internal: true' because in our ++ # case we want external entities such as a Grafana instance to be able ++ # to directly access this PostgreSQL. Here 'internal: true' would render ++ # our 'ports: ["5432:5432"]' irrelevant, ports would just never get ++ # exposed. ++ # internal: true + ipam: + driver: default + config: +-- +2.39.1 + + +From c18b3e090a3b2745bb0395c0f8cbaaee9f7bb70f Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:21:32 +0200 +Subject: [PATCH 26/32] refactor(compose): Remove secrets and unneeded volume + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 17 ----------------- + 1 file changed, 17 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index ab319b042..fbe708c08 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -520,20 +520,3 @@ networks: + driver: default + config: + - subnet: 172.16.239.0/24 +- +-volumes: +- snmptraps: +- +-secrets: +- MYSQL_USER: +- file: ./env_vars/.MYSQL_USER +- MYSQL_PASSWORD: +- file: ./env_vars/.MYSQL_PASSWORD +- MYSQL_ROOT_USER: +- file: ./env_vars/.MYSQL_ROOT_USER +- MYSQL_ROOT_PASSWORD: +- file: ./env_vars/.MYSQL_ROOT_PASSWORD +- POSTGRES_USER: +- file: ./env_vars/.POSTGRES_USER +- POSTGRES_PASSWORD: +- file: ./env_vars/.POSTGRES_PASSWORD +-- +2.39.1 + + +From 0bbe90782e01a4f2be3265c989401c8ed2cd6ade Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 01:22:19 +0200 +Subject: [PATCH 27/32] refactor(compose): Add common settings + +--- + common-settings.yml | 11 +++++++++++ + 1 file changed, 11 insertions(+) + create mode 100644 common-settings.yml + +diff --git a/common-settings.yml b/common-settings.yml +new file mode 100644 +index 000000000..c377067a8 +--- /dev/null ++++ b/common-settings.yml +@@ -0,0 +1,11 @@ ++services: ++ common-settings: ++ logging: ++ driver: "json-file" ++ options: ++ max-size: "10m" ++ max-file: "10" ++ compress: "true" ++ environment: ++ TZ: Europe/Berlin ++ restart: unless-stopped +-- +2.39.1 + + +From befc64dd477f3e7ca8684db54a9693e6cbe72cf7 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 02:34:15 +0200 +Subject: [PATCH 28/32] refactor(zabbix-web-nginx): Set custom container name + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index fbe708c08..482928547 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -232,6 +232,7 @@ services: + + zabbix-web-nginx-pgsql: + image: zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest ++ container_name: zabbixserver-zabbixwebnginx-${CTX} + extends: + file: common-settings.yml + service: common-settings +-- +2.39.1 + + +From 4b6b166f8c721b8aaf9e673e96ce90406d85cc19 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 02:34:35 +0200 +Subject: [PATCH 29/32] refactor(compose): remove unneeded components + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 326 --------------------- + 1 file changed, 326 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 482928547..0f2989983 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -68,168 +68,6 @@ services: + com.zabbix.dbtype: "pgsql" + com.zabbix.os: "alpine" + +- zabbix-proxy-sqlite3: +- image: zabbix/zabbix-proxy-sqlite3:alpine-6.4-latest +- profiles: +- - all +- ports: +- - "10061:10051" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro +- - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro +- - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro +- - snmptraps:/var/lib/zabbix/snmptraps:rw +- ulimits: +- nproc: 65535 +- nofile: +- soft: 20000 +- hard: 40000 +- deploy: +- resources: +- limits: +- cpus: '0.70' +- memory: 512M +- reservations: +- cpus: '0.3' +- memory: 256M +- env_file: +- - ./env_vars/.env_prx +- - ./env_vars/.env_prx_sqlite3 +- depends_on: +- - zabbix-java-gateway +- - zabbix-snmptraps +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-proxy-sqlite3 +- - zabbix-proxy-alpine-sqlite3 +- - zabbix-proxy-sqlite3-alpine +- zbx_net_frontend: +- stop_grace_period: 30s +- labels: +- com.zabbix.description: "Zabbix proxy with SQLite3 database support" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-proxy" +- com.zabbix.dbtype: "sqlite3" +- com.zabbix.os: "alpine" +- +- zabbix-proxy-mysql: +- image: zabbix/zabbix-proxy-mysql:alpine-6.4-latest +- profiles: +- - all +- ports: +- - "10071:10051" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro +- - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro +- - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro +- - snmptraps:/var/lib/zabbix/snmptraps:rw +- ulimits: +- nproc: 65535 +- nofile: +- soft: 20000 +- hard: 40000 +- deploy: +- resources: +- limits: +- cpus: '0.70' +- memory: 512M +- reservations: +- cpus: '0.3' +- memory: 256M +- env_file: +- - ./env_vars/.env_db_mysql_proxy +- - ./env_vars/.env_prx +- - ./env_vars/.env_prx_mysql +- secrets: +- - MYSQL_USER +- - MYSQL_PASSWORD +- - MYSQL_ROOT_USER +- - MYSQL_ROOT_PASSWORD +- depends_on: +- - mysql-server +- - zabbix-java-gateway +- - zabbix-snmptraps +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-proxy-mysql +- - zabbix-proxy-alpine-mysql +- - zabbix-proxy-mysql-alpine +- zbx_net_frontend: +- stop_grace_period: 30s +- labels: +- com.zabbix.description: "Zabbix proxy with MySQL database support" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-proxy" +- com.zabbix.dbtype: "mysql" +- com.zabbix.os: "alpine" +- +- zabbix-web-apache-pgsql: +- image: zabbix/zabbix-web-apache-pgsql:alpine-6.4-latest +- container_name: zabbixserver-zabbixwebnginx-${CTX} +- profiles: +- - all +- ports: +- - "8081:8080" +- - "8443:8443" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro +- - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro +- # - ./env_vars/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro +- # - ./env_vars/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro +- # - ./env_vars/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro +- deploy: +- resources: +- limits: +- cpus: '0.70' +- memory: 512M +- reservations: +- cpus: '0.5' +- memory: 256M +- env_file: +- - ./env_vars/.env_db_pgsql +- - ./env_vars/.env_web +- secrets: +- - POSTGRES_USER +- - POSTGRES_PASSWORD +- depends_on: +- - postgres-server +- - zabbix-server +- healthcheck: +- test: ["CMD", "curl", "-f", "http://localhost:8080/"] +- interval: 10s +- timeout: 5s +- retries: 3 +- start_period: 30s +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-web-apache-pgsql +- - zabbix-web-apache-alpine-pgsql +- - zabbix-web-apache-pgsql-alpine +- zbx_net_frontend: +- stop_grace_period: 10s +- sysctls: +- - net.core.somaxconn=65535 +- labels: +- com.zabbix.description: "Zabbix frontend on Apache web-server with PostgreSQL database support" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-frontend" +- com.zabbix.webserver: "apache2" +- com.zabbix.dbtype: "pgsql" +- com.zabbix.os: "alpine" +- + zabbix-web-nginx-pgsql: + image: zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest + container_name: zabbixserver-zabbixwebnginx-${CTX} +@@ -287,163 +125,6 @@ services: + com.zabbix.dbtype: "pgsql" + com.zabbix.os: "alpine" + +- zabbix-agent: +- image: zabbix/zabbix-agent:alpine-6.4-latest +- profiles: +- - full +- - all +- ports: +- - "10050:10050" +- volumes: +- - /etc/localtime:/etc/localtime:ro +- - /etc/timezone:/etc/timezone:ro +- - ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro +- - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro +- deploy: +- resources: +- limits: +- cpus: '0.2' +- memory: 128M +- reservations: +- cpus: '0.1' +- memory: 64M +- mode: global +- env_file: +- - ./env_vars/.env_agent +- privileged: true +- pid: "host" +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-agent +- - zabbix-agent-passive +- - zabbix-agent-alpine +- stop_grace_period: 5s +- labels: +- com.zabbix.description: "Zabbix agent" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "zabbix-agentd" +- com.zabbix.os: "alpine" +- +- zabbix-java-gateway: +- image: zabbix/zabbix-java-gateway:alpine-6.4-latest +- profiles: +- - full +- - all +- ports: +- - "10052:10052" +- deploy: +- resources: +- limits: +- cpus: '0.5' +- memory: 512M +- reservations: +- cpus: '0.25' +- memory: 256M +- env_file: +- - ./env_vars/.env_java +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-java-gateway +- - zabbix-java-gateway-alpine +- stop_grace_period: 5s +- labels: +- com.zabbix.description: "Zabbix Java Gateway" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "java-gateway" +- com.zabbix.os: "alpine" +- +- zabbix-snmptraps: +- image: zabbix/zabbix-snmptraps:alpine-6.4-latest +- profiles: +- - full +- - all +- ports: +- - "162:1162/udp" +- volumes: +- - snmptraps:/var/lib/zabbix/snmptraps:rw +- deploy: +- resources: +- limits: +- cpus: '0.5' +- memory: 256M +- reservations: +- cpus: '0.25' +- memory: 128M +- networks: +- zbx_net_frontend: +- aliases: +- - zabbix-snmptraps +- zbx_net_backend: +- stop_grace_period: 5s +- labels: +- com.zabbix.description: "Zabbix snmptraps" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "snmptraps" +- com.zabbix.os: "alpine" +- +- zabbix-web-service: +- image: zabbix/zabbix-web-service:alpine-6.4-latest +- profiles: +- - full +- - all +- ports: +- - "10053:10053" +- volumes: +- - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro +- security_opt: +- - seccomp:./env_vars/chrome_dp.json +- deploy: +- resources: +- limits: +- cpus: '0.5' +- memory: 512M +- reservations: +- cpus: '0.25' +- memory: 256M +- env_file: +- - ./env_vars/.env_web_service +- networks: +- zbx_net_backend: +- aliases: +- - zabbix-web-service +- - zabbix-web-service-alpine +- stop_grace_period: 5s +- labels: +- com.zabbix.description: "Zabbix web service" +- com.zabbix.company: "Zabbix LLC" +- com.zabbix.component: "web-service" +- com.zabbix.os: "alpine" +- +- mysql-server: +- image: mysql:8.0-oracle +- profiles: +- - all +- command: +- - mysqld +- - --character-set-server=utf8mb4 +- - --collation-server=utf8mb4_bin +- - --skip-character-set-client-handshake +- - --default-authentication-plugin=mysql_native_password +- volumes: +- - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw +- env_file: +- - ./env_vars/.env_db_mysql +- secrets: +- - MYSQL_USER +- - MYSQL_PASSWORD +- - MYSQL_ROOT_PASSWORD +- stop_grace_period: 1m +- networks: +- zbx_net_backend: +- aliases: +- - mysql-server +- - zabbix-database +- - mysql-database +- + postgres-server: + image: postgres:14-alpine + container_name: zabbixserver-postgres-${CTX} +@@ -473,13 +154,6 @@ services: + - pgsql-server + - pgsql-database + +- db_data_mysql: +- image: busybox +- profiles: +- - all +- volumes: +- - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw +- + db_data_pgsql: + image: busybox + volumes: +-- +2.39.1 + + +From 92c25993284d4d5b28d8b806f57f42da32402f4f Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 02:46:24 +0200 +Subject: [PATCH 30/32] fix(postgresql): Fix cert path + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index 0f2989983..d1374c942 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -137,9 +137,9 @@ services: + service: common-settings + volumes: + - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw +- - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro +- - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro +- - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} +-- +2.39.1 + + +From 782ca8f2c676e881909e1424b9d95dddbf1c8ccc Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Wed, 26 Apr 2023 03:26:59 +0200 +Subject: [PATCH 31/32] refactor(zabbix-postgres-busybox): Set custom container + name + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index d1374c942..a526ea0ff 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -156,6 +156,7 @@ services: + + db_data_pgsql: + image: busybox ++ container_name: zabbixserver-pgsqlbusybox-${CTX} + volumes: + - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw + +-- +2.39.1 + + +From b365fb10048acd76dafdb2d76053a37f36abf779 Mon Sep 17 00:00:00 2001 +From: hygienic-books +Date: Sat, 29 Apr 2023 02:39:11 +0200 +Subject: [PATCH 32/32] feat(postgresql): Add initialization scripts dir + +--- + docker-compose_v3_alpine_pgsql_latest.yaml | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml +index a526ea0ff..5c9e65a6c 100644 +--- a/docker-compose_v3_alpine_pgsql_latest.yaml ++++ b/docker-compose_v3_alpine_pgsql_latest.yaml +@@ -140,6 +140,7 @@ services: + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro ++ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} +-- +2.39.1 +