quico-containers/zabbixserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
hygienic-books 2024-05-13 21:16:16 +02:00
parent cc176376af
commit 7aaa80cd08
16 changed files with 1353 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
.gitignore vendored Normal file
View File

@ -0,0 +1,80 @@
### JetBrains template
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# AWS User-specific
.idea/**/aws.xml
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# SonarLint plugin
.idea/sonarlint/
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
.idea

2
LICENSE
View File

@ -1,6 +1,6 @@
MIT License
Copyright (c) 2024 quico-containers
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

235
README.md
View File

@ -1,3 +1,234 @@
# zabbixserver
# Upstream repo
Zabbix monitoring in Docker
We use the [official Zabbix Docker GitHub repo](https://github.com/zabbix/zabbix-docker) for Docker Compose deployment, we add a few local changes.
Create dir
```
mkdir -p '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
```
Pull repo
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' clone 'https://github.com/zabbix/zabbix-docker' .
```
# Docker Compose
## Base setup
When everything's ready start Zabbix with Docker Compose, otherwise head down to [Initial setup](#initial-setup) or [Upgrade an existing repo](#upgrade-an-existing-repo) first.
Define variables assuming the official Zabbix Docker repo lives at `/opt/git/github.com/zabbix/zabbix-docker/branches/latest`:
```
export UPSTREAM_REPO_DIR='/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
export UPSTREAM_REPO_TAG='6.4.4'
export UPSTREAM_COMPOSE_FILE="${UPSTREAM_REPO_DIR%/}"'/docker-compose_v3_alpine_pgsql_latest.yaml'
export COMPOSE_CTX='bi_colombo'
export COMPOSE_PROJECT_NAME='zabbixserver-'"${COMPOSE_CTX}"
export COMPOSE_ENV_FILE=<add accordingly>
```
## Context
On your deployment machine create the necessary Docker context to connect to and control the Docker daemon on whatever target host you'll be using, for example:
```
docker context create fully.qualified.domain.name --docker 'host=ssh://root@fully.qualified.domain.name'
```
## Pull
Pull newest image versions:
```
docker compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --env-file "${COMPOSE_ENV_FILE}" pull
```
## Copy to target
Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub. Copying in its simplest form involves a local `docker save` and a remote `docker load`. Consider the helper mini-project [quico.space/Quico/copy-docker](https://quico.space/Quico/copy-docker) where [copy-docker.sh](https://quico.space/Quico/copy-docker/src/branch/main/copy-docker.sh) allows the following workflow:
```
source "${COMPOSE_ENV_FILE}"
while IFS= read -r image; do
copy-docker.sh "${image}" fully.qualified.domain.name
done < <(grep -Pi -- '^[^#]*image:' "${UPSTREAM_COMPOSE_FILE}" | awk '{print $2}')
```
This first `grep`s a list of images and their tags from Zabbix' official Docker Compose file:
```
# grep -Pi -- '^[^#]*image:' "${UPSTREAM_COMPOSE_FILE}" | awk '{print $2}'
zabbix/zabbix-server-pgsql:alpine-6.4-latest
zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest
postgres:14-alpine
busybox
```
It then pushes each image to your remote host where the image is needed. Note that `busybox` implies `busybox:latest` by convention.
## Start
Run Zabbix like so
```
docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --env-file "${COMPOSE_ENV_FILE}" up --detach
```
## Additional files
- [common-settings.yml](common-settings.yml)
This file will be auto-created as part of the patch. Use it as an example in case patching fails
- [env/fqdn_context.env.example](env/fqdn_context.env.example)
An example env file with all currently used variables after `docker-compose_v3_alpine_pgsql_latest.yaml` is patched
- Directory tree underneath [build-context](build-context)
```
build-context/
└── docker-data
├── postgres
│   └── config
│   ├── cert
│   │   ├── ZBX_PGSQL_TLS_CA_CERT_FILE
│   │   ├── ZBX_PGSQL_TLS_CERT_FILE
│   │   └── ZBX_PGSQL_TLS_KEY_FILE
│   └── docker-entrypoint-initdb.d
│   └── init-user-db.sh
├── zabbixserver
│   └── config
│   └── cert
│   ├── ZBX_SERVER_TLS_CA_CERT_FILE
│   ├── ZBX_SERVER_TLS_CERT_FILE
│   └── ZBX_SERVER_TLS_KEY_FILE
└── zabbixwebnginx
└── config
└── cert
├── dhparam.pem
├── ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE
└── ZBX_WEBNGINX_TLS_KEY_FILE
```
Example data you're going to want to physically place on your deployment machine. SSL certs and keys are blank files each of which has the exact same name used in env file `fqdn_context.env.example`.
In [postgres/config/docker-entrypoint-initdb.d](build-context/docker-data/postgres/config/docker-entrypoint-initdb.d) a PostgreSQL initialization script - when this container is run on a completely empty data directory - will create an additional read-only user `ZBX_DB_USERNAME_RO` with password `ZBX_DB_USERNAME_PW`. The example's intended to grant a Grafana daemon direct PostgreSQL database read access.
# Upgrade an existing repo
Check [Initial setup](#initial-setup) below for first time steps. On consecutive upgrades proceed as follows.
## Revert unpushed local changes
Return repo state to exactly the upstream repo's original branch state throwing away the commits you added.
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' reset --hard origin
```
Switch to `trunk` branch, get newest commits from upstream
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout trunk
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' pull
```
Pick and checkout new tag
```
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2023-03-07-191829 9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0
2023-04-03-105513 9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1
2023-04-25-133446 0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2
2023-05-30-151931 d7b0eab80723a2c562a13ee866c4cd384af96d3b 6.4.3
2023-06-27-133008 482e21c7803c2878e522aba0325bf04533efa61a 6.4.4
...
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/x.y.z'
```
Lastly [apply patch](#apply-patch). If patch does not apply cleanly read on in the next section [Create new patch](#create-new-patch) to find out how to fix your patch.
# Create new patch
## Add your changes as commits
Get `zabbix-docker` repo into a state with which you're happy then
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' format-patch 7665739620ba6d99090838d502ab76d2f5a47e96^..a17380598ca66153ddc2a42eb618d906d4f582e6 --stdout > '/opt/containers/zabbixserver/zabbix-docker.patch'
```
Where the first commit hash is our first commit and the other commit hash is our last commit. Note the caret (`^`) right after the first commit hash.
## Investigation
You may have to try and find out how a known good base commit differs from a newer one in case the newer one does no longer cleanly accept the patch.
Get commit hashes from both affected tags, e.g.
```
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2023-03-07-191829 9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0
2023-04-03-105513 9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1
2023-04-25-133446 0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2
2023-05-30-151931 d7b0eab80723a2c562a13ee866c4cd384af96d3b 6.4.3
2023-06-27-133008 482e21c7803c2878e522aba0325bf04533efa61a 6.4.4
...
```
Diff them
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' diff d7b0eab80723a2c562a13ee866c4cd384af96d3b 482e21c7803c2878e522aba0325bf04533efa61a 'docker-compose_v3_alpine_pgsql_latest.yaml'
```
Output will be empty in case no difference exists in `docker-compose_v3_alpine_pgsql_latest.yaml` between both commit hashes.
Commit your updated patch file into _this_ repo. With a new working patch in hand head back up to [Upgrade an existing repo](#upgrade-an-existing-repo).
# Initial setup
## Prep
Get desired tag e.g. from version-sorted tags list
```
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2023-03-07-191829 9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0
2023-04-03-105513 9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1
2023-04-25-133446 0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2
2023-05-30-151931 d7b0eab80723a2c562a13ee866c4cd384af96d3b 6.4.3
2023-06-27-133008 482e21c7803c2878e522aba0325bf04533efa61a 6.4.4
...
```
Switch to desired tag
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/6.4.4'
```
## Apply patch
Identify yourself to the local `zabbix-docker` repo. Obviously substitute your own name. An e-mail address is optional here. You don't want to contribute upstream, you just want to locally apply a patch file.
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.name "hygienic-books"
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.email ""
```
Apply `zabbix-docker.patch` to Docker Compose file. We use Zabbix' `docker-compose_v3_alpine_pgsql_latest.yaml` Compose file. Assuming this repo lives at `/opt/containers/zabbixserver`:
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' am '/opt/containers/zabbixserver/zabbix-docker.patch'
# Output will be:
Applying: refactor(compose): Remove trailing whitespace
Applying: refactor(compose): 4 leading spaces
Applying: refactor(compose): Indent comments
Applying: refactor(zabbix-server): Set correct libs paths
Applying: refactor(zabbix-server): Set TLS cert file names
Applying: feat(zabbix-server): Replace env files with variables
...
```
And now back up to [Docker Compose](#docker-compose).

0
build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CA_CERT_FILE Normal file
View File

0
build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CERT_FILE Normal file
View File

0
build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_KEY_FILE Normal file
View File

21
build-context/docker-data/postgres/config/docker-entrypoint-initdb.d/init-user-db.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
set -e
sleep 20
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
DO
\$block\$
BEGIN
IF EXISTS (
SELECT FROM pg_catalog.pg_roles WHERE rolname = '${ZBX_DB_USERNAME_RO}'
)
THEN
RAISE NOTICE 'Role ''${ZBX_DB_USERNAME_RO}'' already exists. Skipping ...';
ELSE
CREATE ROLE "${ZBX_DB_USERNAME_RO}" WITH PASSWORD '${ZBX_DB_USERNAME_PW}';
GRANT CONNECT ON DATABASE "${POSTGRES_DB}" TO "${ZBX_DB_USERNAME_RO}";
GRANT SELECT ON ALL TABLES IN SCHEMA public TO "${ZBX_DB_USERNAME_RO}";
END IF;
END
\$block\$;
EOSQL

0
build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CA_CERT_FILE Normal file
View File

0
build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CERT_FILE Normal file
View File

0
build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_KEY_FILE Normal file
View File

0
build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE Normal file
View File

0
build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_KEY_FILE Normal file
View File

13
build-context/docker-data/zabbixwebnginx/config/cert/dhparam.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA1shg4Gf/2rG+kllZ1qE2or0BHGqhDdjw0DlwNlPL9qVaiqmU/TRq
LCxr0ZloKa8dwImvEtwxy8bJROMW7gcVfYebsOwTnNbQGePkQ3OSKyyBBG+A04rx
QAT6mxgG84ydQOicu42mK0lRwWeFUzZFauZa8CWEcaLcKBUxYQWN6QXOAk7pUQ32
3vAjUKL8+dYUINCna5QXOPmNgnSmXJfjPEnLwveDUTj6IaXFLvWmJm4yRgi7AvXF
r85aAKl9FgT7e5+BntpJAP4Mj7TYxVyHHq7BLZAke7slwe6bkFLxQ6H3INlTYWgp
QEmALgW+KjiARTTh12NJgJvT0ti4ck7VA6P9eN5kw4FCEg1hZbMLFQg7asUWq9tV
7usrDC971W46YsrBstQg851Vbs64ZMf5+knHYJIWaUF5ZTQ1cHihKhEfGJOdRvxU
Py2q192knNzXwroqi/q22iUe9zu4kPRI3qLjR1brVcf8mkUGnMtkIZsO6cdHdvf9
+2De05V57/yCp8R1QUY/UErdDSO+ey+gNFVfpIBdUIoy8+bG1Dcz70X8DDHXD+4+
DJXeajEWS4xkHEB8kaoYGHS6dDJpQk/nsk2H4Mdb1M/uYDedLdMh3FVjH40lzQzR
oRYpzgieag0RPJcaxi6z8PN0HEuVpPA8EbOvxwDMR2zp4zJxHuA0inMCAQI=
-----END DH PARAMETERS-----

11
common-settings.yml Normal file
View File

@ -0,0 +1,11 @@
services:
common-settings:
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "10"
compress: "true"
environment:
TZ: Europe/Berlin
restart: unless-stopped

27
env/fqdn_context.env.example vendored Normal file
View File

@ -0,0 +1,27 @@
# This file is maintained by remco and populated with data from HashiCorp
# Vault. Changes not done in Vault will be reverted when file gets rendered.
CTX=
PHP_TZ=
POSTGRES_DB=
POSTGRES_PASSWORD=
POSTGRES_USER=
VAULT_TOKEN=
ZBX_DB_USERNAME_PW=
ZBX_DB_USERNAME_RO=
ZBX_PGSQL_TLS_CA_CERT_FILE=
ZBX_PGSQL_TLS_CERT_FILE=
ZBX_PGSQL_TLS_KEY_FILE=
ZBX_SERVER_HOST=
ZBX_SERVER_NAME=
ZBX_SERVER_TLS_CA_CERT_FILE=
ZBX_SERVER_TLS_CERT_FILE=
ZBX_SERVER_TLS_KEY_FILE=
ZBX_VAULTDBPATH=
ZBX_VAULTURL=
ZBX_WEBNGINX_EXPOSED_HTTPS_PORT=
ZBX_WEBNGINX_EXPOSED_HTTP_PORT=
ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE=
ZBX_WEBNGINX_TLS_KEY_FILE=
# When needed for temporary debugging
# ZBX_DEBUGLEVEL=4

967
zabbix-docker.patch Normal file
View File

@ -0,0 +1,967 @@
From 1437280b298c36e6b54202935e3026470c046d90 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:32:18 +0100
Subject: [PATCH 01/25] refactor(zabbix-server): Set correct libs paths
---
compose_zabbix_components.yaml | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index d46273eef..5653fc00d 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -6,15 +6,15 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - ${DATA_DIRECTORY}/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- - ${DATA_DIRECTORY}/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/export:/var/lib/zabbix/export:rw
- - ${DATA_DIRECTORY}/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- - snmptraps:/var/lib/zabbix/snmptraps:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
tmpfs: /tmp
ulimits:
nproc: 65535
--
2.44.0
From 5a16fc3ec1ce16a2d11d90ec1c91ed568a47f298 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:36:00 +0100
Subject: [PATCH 02/25] refactor(zabbix-server): Set TLS cert file names
---
compose_zabbix_components.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 5653fc00d..2cb2c258c 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -78,10 +78,10 @@ services:
server-pgsql:
extends:
service: server
-# volumes:
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
+ volumes:
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
--
2.44.0
From a0c1235190c4d3e4d68b4cdca64dbd259ba600d7 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:41:48 +0100
Subject: [PATCH 03/25] feat(zabbix-server): Replace env files with variables
---
compose_zabbix_components.yaml | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 2cb2c258c..06dfcbb00 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -29,8 +29,11 @@ services:
reservations:
cpus: '0.5'
memory: 512M
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_srv
+ environment:
+ ZBX_VAULTURL: ${ZBX_VAULTURL}
+ VAULT_TOKEN: ${VAULT_TOKEN}
+ ZBX_VAULTDBPATH: ${ZBX_VAULTDBPATH}
+ ZBX_DEBUGLEVEL: ${ZBX_DEBUGLEVEL:-3}
networks:
zbx_net_database:
aliases:
@@ -82,8 +85,9 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+ environment:
+ POSTGRES_USER: ${POSTGRES_USER}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
--
2.44.0
From d66f78e7c7d6c092c0ba96d8191d470922a75dfb Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:44:11 +0100
Subject: [PATCH 04/25] refactor(zabbix-server): Remove PostgreSQL secrets use
---
compose_zabbix_components.yaml | 3 ---
1 file changed, 3 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 06dfcbb00..2430b3fe1 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -88,9 +88,6 @@ services:
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
networks:
zbx_net_backend:
aliases:
--
2.44.0
From 367f99d237d58e19c6e5207584827cf5d66e4e11 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:47:36 +0100
Subject: [PATCH 05/25] refactor(zabbix-web-nginx): Replace exposed ports with
---
compose_zabbix_components.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 2430b3fe1..5b25a6ec9 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -261,8 +261,8 @@ services:
web-nginx:
ports:
- - "${ZABBIX_WEB_NGINX_HTTP_PORT}:8080"
- - "${ZABBIX_WEB_NGINX_HTTPS_PORT}:8443"
+ - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
+ - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443"
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
--
2.44.0
From 846279a5671804c35afd4a277c4b78fff74ce2fb Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:49:32 +0100
Subject: [PATCH 06/25] refactor(zabbix-web-nginx): Set named volumes
---
compose_zabbix_components.yaml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 5b25a6ec9..8da2ac4ef 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -266,8 +266,10 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - ${DATA_DIRECTORY}/etc/ssl/nginx:/etc/ssl/nginx:ro
- - ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
+ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
+ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
tmpfs: /tmp
deploy:
resources:
--
2.44.0
From 24a7cd67229fd21a0cde323a398d2e9cb744bb87 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:52:51 +0100
Subject: [PATCH 07/25] refactor(zabbix-web-nginx): Replace env files with vars
---
compose_zabbix_components.yaml | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 8da2ac4ef..8dac7dd57 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -279,8 +279,10 @@ services:
reservations:
cpus: '0.5'
memory: 256M
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_web
+ environment:
+ PHP_TZ: ${PHP_TZ}
+ ZBX_SERVER_NAME: ${ZBX_SERVER_NAME}
+ ZBX_SERVER_HOST: ${ZBX_SERVER_HOST}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/ping"]
interval: 10s
@@ -327,8 +329,9 @@ services:
# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+ environment:
+ POSTGRES_USER: ${POSTGRES_USER}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
--
2.44.0
From 9d773578e3ac8359fa90e1891176c299c02f9f0c Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:53:28 +0100
Subject: [PATCH 08/25] refactor(zabbix-web-nginx): Remove secrets
---
compose_zabbix_components.yaml | 3 ---
1 file changed, 3 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 8dac7dd57..56796f6ad 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -332,9 +332,6 @@ services:
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
networks:
zbx_net_backend:
aliases:
--
2.44.0
From e0f3e63536e96c6c14336494890b96af6e4fb602 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:54:23 +0100
Subject: [PATCH 09/25] refactor(postgresql): Use static username ID
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 50f5368dd..c6611b05a 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -39,6 +39,7 @@ services:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
+ user: 70:70
volumes:
- ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
--
2.44.0
From 69c99b5a9219d5472889506f6ec56d404b8c35e1 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:55:03 +0100
Subject: [PATCH 10/25] refactor(postgresql): Set custom container name
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index c6611b05a..1aacf6d53 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -37,6 +37,7 @@ services:
postgres-server:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
+ container_name: zabbixserver-postgres-${CTX}
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
--
2.44.0
From 6cc7f437bface0d243551b8e1fb9934c5c0ea238 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:00:51 +0100
Subject: [PATCH 11/25] refactor(zabbix-web-nginx): Set custom container name
---
compose_zabbix_components.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 56796f6ad..aa5234f2d 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -260,6 +260,7 @@ services:
com.zabbix.dbtype: "pgsql"
web-nginx:
+ container_name: zabbixserver-zabbixwebnginx-${CTX}
ports:
- "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
- "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443"
--
2.44.0
From 845b2eb2ef891a73e53b71f5e2fa0bb5721028a0 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:02:00 +0100
Subject: [PATCH 12/25] refactor(zabbix-server): Set custom container name
---
compose_zabbix_components.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index aa5234f2d..5f79cfd77 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -1,6 +1,7 @@
version: '3.8'
services:
server:
+ container_name: zabbixserver-zabbixserver-${CTX}
ports:
- "${ZABBIX_SERVER_PORT}:10051"
restart: "${RESTART_POLICY}"
--
2.44.0
From 5d45ed5af0336134baeb5a5084868d6d15839a3d Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:02:45 +0100
Subject: [PATCH 13/25] refactor(postgresql): Publicly expose so that other
tools can access the database
---
compose_databases.yaml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 1aacf6d53..d566ab432 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -41,6 +41,8 @@ services:
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
+ ports:
+ - "5432:5432"
volumes:
- ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
--
2.44.0
From a61fab959951ede7d4903997b8f5f66ea11547d0 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:03:37 +0100
Subject: [PATCH 14/25] refactor(postgresql): Replace static file names with
vars
---
compose_databases.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index d566ab432..e8a07b427 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -44,10 +44,10 @@ services:
ports:
- "5432:5432"
volumes:
- - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver/postgres/data:/var/lib/postgresql/data:rw
+ - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
+ - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
--
2.44.0
From e0336a1a4fe981d40f48b8a935e98fbe097f9493 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:11:40 +0100
Subject: [PATCH 15/25] refactor(compose): Extend existing default configs
---
docker-compose_v3_alpine_pgsql_latest.yaml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index bc4892246..a78430bab 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -4,6 +4,9 @@ services:
extends:
file: compose_zabbix_components.yaml
service: server-pgsql
+ extends:
+ file: common-settings.yml
+ service: common-settings
image: "${ZABBIX_SERVER_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
volumes:
- /etc/timezone:/etc/timezone:ro
@@ -50,6 +53,9 @@ services:
extends:
file: compose_zabbix_components.yaml
service: web-nginx-pgsql
+ extends:
+ file: common-settings.yml
+ service: common-settings
image: "${ZABBIX_WEB_NGINX_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
volumes:
- /etc/timezone:/etc/timezone:ro
@@ -101,6 +107,9 @@ services:
extends:
file: compose_databases.yaml
service: postgres-server
+ extends:
+ file: common-settings.yml
+ service: common-settings
db-data-mysql:
extends:
--
2.44.0
From 601a8c1a515eddacfdc6434da68b769d667083b7 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:12:15 +0100
Subject: [PATCH 16/25] refactor(postgresql): Start with SSL cert
---
compose_databases.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index e8a07b427..b208f33a8 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -38,7 +38,7 @@ services:
postgres-server:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
container_name: zabbixserver-postgres-${CTX}
-# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
+ command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
ports:
--
2.44.0
From 2aa4e5de3063077c3882be5422665665c4121a05 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:14:11 +0100
Subject: [PATCH 17/25] refactor(compose): Add context string to path
---
compose_databases.yaml | 8 ++++----
compose_zabbix_components.yaml | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index b208f33a8..376ccbf59 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -44,10 +44,10 @@ services:
ports:
- "5432:5432"
volumes:
- - /opt/docker-data/zabbixserver/postgres/data:/var/lib/postgresql/data:rw
- - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 5f79cfd77..f162c267d 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -268,10 +268,10 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro
- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
tmpfs: /tmp
deploy:
resources:
--
2.44.0
From fae328d9ecd838e0fad7bc9e82aa9b0531fae79b Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:15:03 +0100
Subject: [PATCH 18/25] refactor(postgresql): Rename config dir
---
compose_zabbix_components.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index f162c267d..1a8306305 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -268,10 +268,10 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro
- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/modules:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
tmpfs: /tmp
deploy:
resources:
--
2.44.0
From cfac02a90da0581247a4bf0c282bfd175bbe6827 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:17:09 +0100
Subject: [PATCH 19/25] refactor(postgresql): Replace env files with vars
---
compose_databases.yaml | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 376ccbf59..b16cb6a70 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -48,8 +48,12 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+ environment:
+ POSTGRES_USER: ${POSTGRES_USER}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+ POSTGRES_DB: ${POSTGRES_DB}
+ ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO}
+ ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW}
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
--
2.44.0
From 53242dc77c843bdab8f1ab16d105902cda19bfa0 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:17:35 +0100
Subject: [PATCH 20/25] refactor(postgresql): Remove secrets
---
compose_databases.yaml | 3 ---
1 file changed, 3 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index b16cb6a70..0eaa1c7cd 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -54,9 +54,6 @@ services:
POSTGRES_DB: ${POSTGRES_DB}
ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO}
ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW}
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
stop_grace_period: 1m
networks:
zbx_net_database:
--
2.44.0
From 48db500291bf52e39ce59f862dca7c8ec6e5b004 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:18:21 +0100
Subject: [PATCH 21/25] refactor(postgresql): Add named volume
---
compose_databases.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 0eaa1c7cd..4602770e5 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -68,7 +68,7 @@ services:
db-data-pgsql:
image: busybox
volumes:
- - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
elasticsearch:
image: "${ELASTICSEARCH_IMAGE}:${ELASTICSEARCH_IMAGE_TAG}"
--
2.44.0
From 3e96ed7ae9fd4ba76979ee1f91a0d8921d379b7f Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:19:47 +0100
Subject: [PATCH 22/25] refactor(zbx_net_backend): Make external
---
docker-compose_v3_alpine_pgsql_latest.yaml | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index a78430bab..122c625ed 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -148,7 +148,12 @@ networks:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "${DATABASE_NETWORK_ENABLE_IPV6}"
- internal: true
+ # Should not be Zabbix' official default 'internal: true' because in our
+ # case we want external entities such as a Grafana instance to be able
+ # to directly access this PostgreSQL. Here 'internal: true' would render
+ # our 'ports: ["5432:5432"]' irrelevant, ports would just never get
+ # exposed.
+ # internal: true
ipam:
driver: "${DATABASE_NETWORK_DRIVER}"
--
2.44.0
From de09044b00e59256392d47cd1af7a9f284d6034a Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:20:16 +0100
Subject: [PATCH 23/25] refactor(compose): Remove secrets and unneeded volume
---
docker-compose_v3_alpine_pgsql_latest.yaml | 18 ------------------
1 file changed, 18 deletions(-)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index 122c625ed..707cdb1c2 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -156,21 +156,3 @@ networks:
# internal: true
ipam:
driver: "${DATABASE_NETWORK_DRIVER}"
-
-volumes:
- snmptraps:
-# dbsocket:
-
-secrets:
- MYSQL_USER:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_USER
- MYSQL_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_PASSWORD
- MYSQL_ROOT_USER:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_USER
- MYSQL_ROOT_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_PASSWORD
- POSTGRES_USER:
- file: ${ENV_VARS_DIRECTORY}/.POSTGRES_USER
- POSTGRES_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.POSTGRES_PASSWORD
--
2.44.0
From 4b4618b4457ab6db25f4d8e1c8cd721a2dd3a639 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:21:04 +0100
Subject: [PATCH 24/28] refactor(compose): Add common settings
---
common-settings.yml | 11 +++++++++++
1 file changed, 11 insertions(+)
create mode 100644 common-settings.yml
diff --git a/common-settings.yml b/common-settings.yml
new file mode 100644
index 000000000..c377067a8
--- /dev/null
+++ b/common-settings.yml
@@ -0,0 +1,11 @@
+services:
+ common-settings:
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "10m"
+ max-file: "10"
+ compress: "true"
+ environment:
+ TZ: Europe/Berlin
+ restart: unless-stopped
--
2.44.0
From 1785227a138c278c4b97a7d1388629e053d68625 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 16 Apr 2024 15:30:24 +0200
Subject: [PATCH 25/28] refactor(compose): Remove unneeded components
---
docker-compose_v3_alpine_pgsql_latest.yaml | 70 ----------------------
1 file changed, 70 deletions(-)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index 707cdb1c2..a30c4c07d 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -15,40 +15,6 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- zabbix-proxy-sqlite3:
- extends:
- file: compose_zabbix_components.yaml
- service: proxy-sqlite3
- image: "${ZABBIX_PROXY_SQLITE3_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-proxy-mysql:
- extends:
- file: compose_zabbix_components.yaml
- service: proxy-mysql
- image: "${ZABBIX_PROXY_MYSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- depends_on:
- - mysql-server
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-web-apache-pgsql:
- extends:
- file: compose_zabbix_components.yaml
- service: web-apache-pgsql
- image: "${ZABBIX_WEB_APACHE_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- depends_on:
- - postgres-server
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
zabbix-web-nginx-pgsql:
extends:
file: compose_zabbix_components.yaml
@@ -64,32 +30,6 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- zabbix-agent:
- extends:
- file: compose_zabbix_components.yaml
- service: agent
- image: "${ZABBIX_AGENT_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-java-gateway:
- extends:
- file: compose_zabbix_components.yaml
- service: java-gateway
- image: "${ZABBIX_JAVA_GATEWAY_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-snmptraps:
- extends:
- file: compose_zabbix_components.yaml
- service: snmptraps
- image: "${ZABBIX_SNMPTRAPS_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
zabbix-web-service:
extends:
file: compose_zabbix_components.yaml
@@ -98,11 +38,6 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- mysql-server:
- extends:
- file: compose_databases.yaml
- service: mysql-server
-
postgres-server:
extends:
file: compose_databases.yaml
@@ -111,11 +46,6 @@ services:
file: common-settings.yml
service: common-settings
- db-data-mysql:
- extends:
- file: compose_databases.yaml
- service: db-data-mysql
-
db-data-pgsql:
extends:
file: compose_databases.yaml
--
2.44.0
From fab5ba8eb168639775c6ab419a1a4b41ad25338e Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:23:21 +0100
Subject: [PATCH 26/28] fix(postgresql): Fix cert path
---
compose_databases.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 4602770e5..455a87eb3 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -45,9 +45,9 @@ services:
- "5432:5432"
volumes:
- /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
- - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
--
2.42.0
From a70e020794b384cf9ab8b0f7ca43cf2c7ca764c5 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:25:41 +0100
Subject: [PATCH 27/28] refactor(zabbix-postgres-busybox): Set custom container
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 455a87eb3..200701f37 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -67,6 +67,7 @@ services:
db-data-pgsql:
image: busybox
+ container_name: zabbixserver-pgsqlbusybox-${CTX}
volumes:
- /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
--
2.42.0
From c996c248684a11e967d404ab58d87eefbb5a5c5e Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:26:08 +0100
Subject: [PATCH 28/28] feat(postgresql): Add initialization scripts dir
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 200701f37..898c3aa73 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -48,6 +48,7 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
--
2.42.0