Compare commits
3 Commits
120cdc61fd
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 7664d0f3f6 | |||
| 5fb3be9228 | |||
| 7caf3ce851 |
40
README.md
40
README.md
@@ -126,11 +126,10 @@ docker-data/
|
||||
│ └── init-user-db.sh
|
||||
├── zabbixserver
|
||||
│ ├── config
|
||||
│ │ ├── cert
|
||||
│ │ │ ├── .ZBX_SERVER_CA_FILE
|
||||
│ │ │ ├── .ZBX_SERVER_CERT_FILE
|
||||
│ │ │ └── .ZBX_SERVER_KEY_FILE
|
||||
│ │ └── docker-entrypoint.sh
|
||||
│ │ └── cert
|
||||
│ │ ├── .ZBX_SERVER_CA_FILE
|
||||
│ │ ├── .ZBX_SERVER_CERT_FILE
|
||||
│ │ └── .ZBX_SERVER_KEY_FILE
|
||||
│ └── data
|
||||
│ ├── usr
|
||||
│ │ └── lib
|
||||
@@ -172,36 +171,7 @@ Zabbix' PostgreSQL instance by default doesn't expose a TCP port outside of its
|
||||
|
||||
In `zabbixserver/config/cert` place your SSL cert files. These are what the Zabbix server process serves to clients that connect to it such as `server.zabbix.example.com`. As with [PostgreSQL](#postgres-postgresql) you'll need a CA cert, a domain cert and a key file; file names are `.ZBX_SERVER_CA_FILE`, `.ZBX_SERVER_CERT_FILE` and `.ZBX_SERVER_KEY_FILE`.
|
||||
|
||||
In `config` there's also `docker-entrypoint.sh`. This is largely identical to the Zabbix container's internal file as seen in the official upstream GitHub repo at [github.com/zabbix/zabbix-docker commit hash 4236b6d for Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh](https://github.com/zabbix/zabbix-docker/blob/4236b6d502a03ee9a4ab0a3699e740cc45f687a4/Dockerfiles/server-pgsql/alpine/docker-entrypoint.sh) (last retrieved on February 22, 2025).
|
||||
|
||||
Our version comments out two Bash `export` commands like so:
|
||||
|
||||
```
|
||||
--- <unnamed>
|
||||
+++ <unnamed>
|
||||
@@ -394,8 +394,8 @@
|
||||
|
||||
export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
|
||||
export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}"
|
||||
- export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
|
||||
- export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
+ # export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
|
||||
+ # export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
|
||||
|
||||
: ${ZBX_ENABLE_SNMP_TRAPS:="false"}
|
||||
[[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
|
||||
```
|
||||
|
||||
This is a sloppy workaround to an issue that's present in newest 7.2 tags (7.2.2 and 7.2.3) where the default `docker-entrypoint.sh` will unconditionally `export` both `ZBX_DB_USER` and `ZBX_DB_PASSWORD` variables which are then unconditionally rendered into `/etc/zabbix/zabbix_server_db.conf` inside the container even when HashiCorp Vault is in use:
|
||||
|
||||
```
|
||||
DBUser=${ZBX_DB_USER}
|
||||
DBPassword=${ZBX_DB_PASSWORD}
|
||||
```
|
||||
|
||||
If HashiCorp Vault is in use neither `DBUser` nor `DBPassword` must have a value otherwise Zabbix server will complain and exit. If you have no need for Vault - or Zabbix' official Docker containers are fixed by the time you read this - feel free to skip `docker-entrypoint.sh`.
|
||||
|
||||
Besides `zabbixserver/config` there's also `zabbixserver/data` with what looks like a daunting amount of subdirectories. In our example they are all empty and they all belong to bind mounts that are configured with `create_host_path: true`.
|
||||
There's also `zabbixserver/data` with what looks like a daunting amount of subdirectories. In our example they are all empty and they all belong to bind mounts that are configured with `create_host_path: true`.
|
||||
|
||||
```
|
||||
- type: bind
|
||||
|
||||
@@ -2,13 +2,13 @@ services:
|
||||
db-data-pgsql:
|
||||
container_name: "zabbixserver-pgsqlbusybox-${CONTEXT}"
|
||||
extends:
|
||||
file: "/opt/containers/zabbixserver/common-settings.yml"
|
||||
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
||||
service: "common-settings"
|
||||
postgres-server:
|
||||
command: "-c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem"
|
||||
container_name: "zabbixserver-postgres-${CONTEXT}"
|
||||
extends:
|
||||
file: "/opt/containers/zabbixserver/common-settings.yml"
|
||||
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
||||
service: "common-settings"
|
||||
ports:
|
||||
- "${POSTGRES_PORT_EXTERNAL}:${POSTGRES_PORT_INTERNAL}"
|
||||
@@ -30,7 +30,7 @@ services:
|
||||
server-db-init:
|
||||
container_name: "zabbixserver-dbinit-${CONTEXT}"
|
||||
extends:
|
||||
file: "/opt/containers/zabbixserver/common-settings.yml"
|
||||
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
||||
service: "common-settings"
|
||||
volumes:
|
||||
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro"
|
||||
@@ -50,7 +50,7 @@ services:
|
||||
zabbix-server:
|
||||
container_name: "zabbixserver-zabbixserver-${CONTEXT}"
|
||||
extends:
|
||||
file: "/opt/containers/zabbixserver/common-settings.yml"
|
||||
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
||||
service: "common-settings"
|
||||
volumes:
|
||||
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro"
|
||||
@@ -68,7 +68,6 @@ services:
|
||||
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE:${ZBX_TLSCERTFILE}:ro"
|
||||
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE:${ZBX_TLSKEYFILE}:ro"
|
||||
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
|
||||
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/docker-entrypoint.sh:/usr/bin/docker-entrypoint.sh:ro"
|
||||
env_file: !reset []
|
||||
environment:
|
||||
POSTGRES_DB: "${POSTGRES_DB}"
|
||||
@@ -86,7 +85,7 @@ services:
|
||||
zabbix-web-nginx-pgsql:
|
||||
container_name: "zabbixserver-zabbixwebnginx-${CONTEXT}"
|
||||
extends:
|
||||
file: "/opt/containers/zabbixserver/common-settings.yml"
|
||||
file: "/opt/containers/zabbixserver/common-settings.yaml"
|
||||
service: "common-settings"
|
||||
volumes:
|
||||
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/cert:/etc/ssl/nginx:ro"
|
||||
|
||||
Reference in New Issue
Block a user