quico-containers/zabbixserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: quico-containers:7aaa80cd081be706bef6206aa62084b24e499703
Branches Tags
quico-containers:main
...
compare: quico-containers:main
Branches Tags
quico-containers:main

12 Commits
7aaa80cd08 ... main

Author SHA1 Message Date
hygienic-books
7664d0f3f6 fix(zabbixserver): Zabbix server now works without override 
Upstream github.com/zabbix/zabbix-docker/issues/1643 is now fixed.
This previously prevented us from using both HashiCorp Vault and the
default docker-entrypoint.sh file that came with the the
zabbix/zabbix-server-pgsql:alpine-7.2-latest image.

Upstreams commit hash 435e92f made it so that when Vault params are
present both the Zabbix server config params DBUser and DBPassword
are unset.
 2025-03-14 09:54:37 +01:00
hygienic-books
5fb3be9228 fix(zabbixserver): Zabbix server now works without override 
Upstream github.com/zabbix/zabbix-docker/issues/1643 is now fixed.
This previously prevented us from using both HashiCorp Vault and the
default docker-entrypoint.sh file that came with the the
zabbix/zabbix-server-pgsql:alpine-7.2-latest image.

Upstreams commit hash 435e92f made it so that when Vault params are
present both the Zabbix server config params DBUser and DBPassword
are unset.
 2025-03-14 09:51:04 +01:00
hygienic-books
7caf3ce851 fix(zabbixserver): Link common settings file 2025-02-22 07:38:00 +01:00
hygienic-books
120cdc61fd Merge pull request 'feat(zabbixserver): Update to Zabbix 7.2' (#3) from 2-follow-upstream-compose into main 
Reviewed-on: #3
 2025-02-22 06:31:01 +00:00
hygienic-books
47397159ac feat(zabbixserver): Update to Zabbix 7.2 2025-02-22 07:30:04 +01:00
hygienic-books
1c2d33962f fix(compose): Add network settings 2024-06-04 02:07:04 +02:00
hygienic-books
6099e88560 refactor(compose): Refactor for upstream correctness (#1) 2024-06-04 01:43:05 +02:00
hygienic-books
5d4b91f35f refactor(compose): Refactor for upstream correctness (#1) 2024-06-04 01:41:36 +02:00
hygienic-books
2ec27b49f4 refactor(compose): Refactor for upstream correctness (#1) 2024-06-04 01:33:11 +02:00
hygienic-books
7982c081e5 refactor(env): Refactor for upstream correctness (#1) 2024-06-04 01:32:58 +02:00
hygienic-books
6221d6fdb4 refactor(common-settings): Get common settings in line with upstream (#1) 2024-06-04 01:12:54 +02:00
hygienic-books
e3c04768b5 fix(compose): Fix Compose patch for upstream tag 6.4.15+ (#1) 2024-06-04 01:12:26 +02:00
17 changed files with 828 additions and 1262 deletions
Expand all files Collapse all files

79
.gitignore vendored
View File

@@ -1,80 +1 @@
### JetBrains template
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# AWS User-specific
.idea/**/aws.xml
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# SonarLint plugin
.idea/sonarlint/
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
.idea

381
README.md
View File

@@ -1,31 +1,34 @@
# Upstream repo
# Zabbix Docker Compose files
We use the [official Zabbix Docker GitHub repo](https://github.com/zabbix/zabbix-docker) for Docker Compose deployment, we add a few local changes.
Docker Compose files to spin up an instance of Zabbix.
Create dir
```
mkdir -p '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
```
# How to run
Pull repo
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' clone 'https://github.com/zabbix/zabbix-docker' .
```
Add a `COMPOSE_ENV_FILE` and save its location as a shell variable along with the location where this repo lives, here for example `/opt/containers/zabbixserver` plus all other variables. At [env/fqdn_context.env.example](env/fqdn_context.env.example) you'll find an example environment file.
# Docker Compose
When everything's ready start Zabbix with Docker Compose, otherwise head down to [Initial setup](#initial-setup) first.
## Base setup
## Environment
When everything's ready start Zabbix with Docker Compose, otherwise head down to [Initial setup](#initial-setup) or [Upgrade an existing repo](#upgrade-an-existing-repo) first.
Make sure that Zabbix' upstream repo at [github.com/zabbix/zabbix-docker](https://github.com/zabbix/zabbix-docker) is checked out locally. We're going with example dir `/opt/git/github.com/zabbix/zabbix-docker/branches/latest`. We're also assuming that **_this_** repo exists at `/opt/containers/zabbixserver`.
Define variables assuming the official Zabbix Docker repo lives at `/opt/git/github.com/zabbix/zabbix-docker/branches/latest`:
```
export UPSTREAM_REPO_DIR='/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
export UPSTREAM_REPO_TAG='6.4.4'
export UPSTREAM_COMPOSE_FILE="${UPSTREAM_REPO_DIR%/}"'/docker-compose_v3_alpine_pgsql_latest.yaml'
export COMPOSE_CTX='bi_colombo'
export UPSTREAM_ENV_FILE="${UPSTREAM_REPO_DIR%/}"'/.env'
export COMPOSE_CTX='ux_vilnius'
export COMPOSE_PROJECT_NAME='zabbixserver-'"${COMPOSE_CTX}"
export COMPOSE_ENV_FILE=<add accordingly>
export COMPOSE_OVERRIDE='/opt/containers/zabbixserver/compose.override.yaml'
```
In Zabbix' Git repo check out latest tag for whatever version you want to use, we're going with the latest `7.2.*` version.
```
git -C "${UPSTREAM_REPO_DIR}" reset --hard origin/trunk
git -C "${UPSTREAM_REPO_DIR}" checkout trunk
git -C "${UPSTREAM_REPO_DIR}" pull
git -C "${UPSTREAM_REPO_DIR}" checkout "$(git --no-pager -C "${UPSTREAM_REPO_DIR}" tag -l --sort -version:refname | grep -Fi -- '7.2.' | head -n 1)"
```
## Context
@@ -37,198 +40,226 @@ docker context create fully.qualified.domain.name --docker 'host=ssh://root@full
## Pull
Pull newest image versions:
Pull images from Docker Hub verbatim.
```
docker compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --env-file "${COMPOSE_ENV_FILE}" pull
docker compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${UPSTREAM_ENV_FILE}" --env-file "${COMPOSE_ENV_FILE}" pull
```
## Copy to target
Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub. Copying in its simplest form involves a local `docker save` and a remote `docker load`. Consider the helper mini-project [quico.space/Quico/copy-docker](https://quico.space/Quico/copy-docker) where [copy-docker.sh](https://quico.space/Quico/copy-docker/src/branch/main/copy-docker.sh) allows the following workflow:
Copy images to target Docker host, that is assuming you deploy to a machine that itself has no network route to reach Docker Hub or your private registry of choice. Copying in its simplest form involves a local `docker save` and a remote `docker load`. Consider the helper mini-project [quico.space/Quico/copy-docker](https://quico.space/Quico/copy-docker) where [copy-docker.sh](https://quico.space/Quico/copy-docker/src/branch/main/copy-docker.sh) allows the following workflow.
```
source "${COMPOSE_ENV_FILE}"
while IFS= read -r image; do
copy-docker.sh "${image}" fully.qualified.domain.name
done < <(grep -Pi -- '^[^#]*image:' "${UPSTREAM_COMPOSE_FILE}" | awk '{print $2}')
images="$(docker compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${UPSTREAM_ENV_FILE}" --env-file "${COMPOSE_ENV_FILE}" config | grep -Pi -- 'image:' | awk '{print $2}' | sort | uniq)"
while IFS= read -u 10 -r image; do
copy-docker "${image}" fully.qualified.domain.name
done 10<<<"${images}"
```
This first `grep`s a list of images and their tags from Zabbix' official Docker Compose file:
```
# grep -Pi -- '^[^#]*image:' "${UPSTREAM_COMPOSE_FILE}" | awk '{print $2}'
zabbix/zabbix-server-pgsql:alpine-6.4-latest
zabbix/zabbix-web-nginx-pgsql:alpine-6.4-latest
postgres:14-alpine
busybox
```
This will for example copy over:
It then pushes each image to your remote host where the image is needed. Note that `busybox` implies `busybox:latest` by convention.
```
REPOSITORY TAG
postgres 16-alpine
zabbix/zabbix-web-nginx-pgsql alpine-7.2-latest
zabbix/zabbix-server-pgsql alpine-7.2-latest
busybox latest
```
## Start
Run Zabbix like so
```
docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --env-file "${COMPOSE_ENV_FILE}" up --detach
docker --context 'fully.qualified.domain.name' compose --project-name "${COMPOSE_PROJECT_NAME}" --file "${UPSTREAM_COMPOSE_FILE}" --file "${COMPOSE_OVERRIDE}" --env-file "${UPSTREAM_ENV_FILE}" --env-file "${COMPOSE_ENV_FILE}" up --detach
```
## Additional files
## Clean up
- [common-settings.yml](common-settings.yml)
This file will be auto-created as part of the patch. Use it as an example in case patching fails
- [env/fqdn_context.env.example](env/fqdn_context.env.example)
An example env file with all currently used variables after `docker-compose_v3_alpine_pgsql_latest.yaml` is patched
- Directory tree underneath [build-context](build-context)
```
build-context/
└── docker-data
├── postgres
│   └── config
│   ├── cert
│   │   ├── ZBX_PGSQL_TLS_CA_CERT_FILE
│   │   ├── ZBX_PGSQL_TLS_CERT_FILE
│   │   └── ZBX_PGSQL_TLS_KEY_FILE
│   └── docker-entrypoint-initdb.d
│   └── init-user-db.sh
├── zabbixserver
│   └── config
│   └── cert
│   ├── ZBX_SERVER_TLS_CA_CERT_FILE
│   ├── ZBX_SERVER_TLS_CERT_FILE
│   └── ZBX_SERVER_TLS_KEY_FILE
└── zabbixwebnginx
└── config
└── cert
├── dhparam.pem
├── ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE
└── ZBX_WEBNGINX_TLS_KEY_FILE
```
Example data you're going to want to physically place on your deployment machine. SSL certs and keys are blank files each of which has the exact same name used in env file `fqdn_context.env.example`.
In [postgres/config/docker-entrypoint-initdb.d](build-context/docker-data/postgres/config/docker-entrypoint-initdb.d) a PostgreSQL initialization script - when this container is run on a completely empty data directory - will create an additional read-only user `ZBX_DB_USERNAME_RO` with password `ZBX_DB_USERNAME_PW`. The example's intended to grant a Grafana daemon direct PostgreSQL database read access.
# Upgrade an existing repo
Check [Initial setup](#initial-setup) below for first time steps. On consecutive upgrades proceed as follows.
## Revert unpushed local changes
Return repo state to exactly the upstream repo's original branch state throwing away the commits you added.
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' reset --hard origin
docker --context 'fully.qualified.domain.name' system prune -af
docker system prune -af
```
Switch to `trunk` branch, get newest commits from upstream
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout trunk
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' pull
```
Pick and checkout new tag
```
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2023-03-07-191829 9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0
2023-04-03-105513 9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1
2023-04-25-133446 0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2
2023-05-30-151931 d7b0eab80723a2c562a13ee866c4cd384af96d3b 6.4.3
2023-06-27-133008 482e21c7803c2878e522aba0325bf04533efa61a 6.4.4
...
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/x.y.z'
```
Lastly [apply patch](#apply-patch). If patch does not apply cleanly read on in the next section [Create new patch](#create-new-patch) to find out how to fix your patch.
# Create new patch
## Add your changes as commits
Get `zabbix-docker` repo into a state with which you're happy then
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' format-patch 7665739620ba6d99090838d502ab76d2f5a47e96^..a17380598ca66153ddc2a42eb618d906d4f582e6 --stdout > '/opt/containers/zabbixserver/zabbix-docker.patch'
```
Where the first commit hash is our first commit and the other commit hash is our last commit. Note the caret (`^`) right after the first commit hash.
## Investigation
You may have to try and find out how a known good base commit differs from a newer one in case the newer one does no longer cleanly accept the patch.
Get commit hashes from both affected tags, e.g.
```
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2023-03-07-191829 9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0
2023-04-03-105513 9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1
2023-04-25-133446 0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2
2023-05-30-151931 d7b0eab80723a2c562a13ee866c4cd384af96d3b 6.4.3
2023-06-27-133008 482e21c7803c2878e522aba0325bf04533efa61a 6.4.4
...
```
Diff them
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' diff d7b0eab80723a2c562a13ee866c4cd384af96d3b 482e21c7803c2878e522aba0325bf04533efa61a 'docker-compose_v3_alpine_pgsql_latest.yaml'
```
Output will be empty in case no difference exists in `docker-compose_v3_alpine_pgsql_latest.yaml` between both commit hashes.
Commit your updated patch file into _this_ repo. With a new working patch in hand head back up to [Upgrade an existing repo](#upgrade-an-existing-repo).
# Initial setup
## Prep
We're assuming you run Docker Compose workloads with ZFS-based bind mounts. ZFS management, creating a zpool and setting adequate properties for its datasets is out of scope of this document.
## Datasets
Create ZFS datasets and set permissions as needed.
* Parent dateset
```
export "$(grep -Pi -- '^CONTEXT=' "${COMPOSE_ENV_FILE}")"
zfs create -o canmount=off zpool/data/opt
zfs create -o mountpoint=/opt/docker-data zpool/data/opt/docker-data
```
* Container-specific datasets
```
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/postgres/config'
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/postgres/data'
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixserver/config'
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixserver/data'
zfs create -p 'zpool/data/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixwebnginx/config'
```
* Change ownership
```
chown -R 70:70 '/opt/docker-data/zabbixserver-'"${CONTEXT}"'/postgres/'*
chown -R 101:101 '/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixwebnginx/config/'*
```
The PostgreSQL container will run its processes as user ID 70, the Zabbix web frontend container will be using user ID 101.
## Additional files
Per [Datasets](#datasets) your Docker files will live at `'/opt/docker-data/zabbixserver-'"${CONTEXT}"`. Over in [build-context](build-context) you'll find a subdirectory `docker-data` that has an example file and directory structure that explains the layout you'll want to create at `'/opt/docker-data/zabbixserver-'"${CONTEXT}"`. Match the `postgres` to your `postgres` dir, the `zabbixserver` dir to your `zabbixserver` dir and lastly the `zabbixwebnginx` dir to yours.
Get desired tag e.g. from version-sorted tags list
```
pushd '/opt/git/github.com/zabbix/zabbix-docker/branches/latest'
while IFS= read -r; do commitDate=$(grep -Pio '^.+?(?=[[:space:]])' <<< "${REPLY}"); commitDate=$(date --date='@'"${commitDate}" +%F-%H%M%S); tagRef="$(cut -d $'\t' -f2 <<< "${REPLY}")"; tagName="$(grep -Pio '(?<=refs/tags/)[^\r\n\f]+' <<<"${tagRef}")"; commitHash="$(git rev-list -n 1 "${tagRef}")"; echo "${commitDate} ${commitHash} ${tagName}"; done < <(git for-each-ref --sort=v:refname --format='%(*creatordate:raw)%00%(creatordate:raw)%00%(refname)' refs/tags | awk -F"\0" 'BEGIN {ORS=""} $1 == "" {print $2} $1 != "" {print $1} {print "\t"$3"\n"}')
# Output goes like:
...
2023-03-07-191829 9f2e726e554b23595489eb66c8e11e5d114b573f 6.4.0
2023-04-03-105513 9f16f6d773a2a46f1595c86077899d1e040db283 6.4.1
2023-04-25-133446 0fa87156974e799e04bf99e5300bad6830d754ab 6.4.2
2023-05-30-151931 d7b0eab80723a2c562a13ee866c4cd384af96d3b 6.4.3
2023-06-27-133008 482e21c7803c2878e522aba0325bf04533efa61a 6.4.4
...
docker-data/
├── postgres
│ ├── cert
│ │ ├── .ZBX_DB_CA_FILE
│ │ ├── .ZBX_DB_CERT_FILE
│ │ └── .ZBX_DB_KEY_FILE
│ └── docker-entrypoint-initdb.d
│ └── init-user-db.sh
├── zabbixserver
│ ├── config
│ │ └── cert
│ │ ├── .ZBX_SERVER_CA_FILE
│ │ ├── .ZBX_SERVER_CERT_FILE
│ │ └── .ZBX_SERVER_KEY_FILE
│ └── data
│ ├── usr
│ │ └── lib
│ │ └── zabbix
│ │ ├── alertscripts
│ │ └── externalscripts
│ └── var
│ └── lib
│ └── zabbix
│ ├── dbscripts
│ ├── enc
│ ├── export
│ ├── mibs
│ ├── modules
│ ├── snmptraps
│ ├── ssh_keys
│ └── ssl
│ ├── certs
│ ├── keys
│ └── ssl_ca
└── zabbixwebnginx
└── config
├── cert
│ ├── dhparam.pem
│ ├── ssl.crt
│ └── ssl.key
└── modules
```
Switch to desired tag
### postgres (PostgreSQL)
In `postgres/cert` place SSL certificate files that Postgres should serve to TLS-capable database clients for encrypted database connections such as for a domain `db.zabbix.example.com`. `.ZBX_DB_CA_FILE` is a certificate authority (CA) certificate, `.ZBX_DB_CERT_FILE` is a "full chain" certificate as in your domain's certificate followed by any intermediate certs concatenated one after the other. Lastly `.ZBX_DB_KEY_FILE` is your cert's unencrypted key file.
In `postgres/config/docker-entrypoint-initdb.d/init-user-db.sh` you'll find an example script file that - when your Postgres database is uninitialized - will create a second Postgres account in your database. Check out the example environment variables file [env/fqdn_context.env.example](env/fqdn_context.env.example) and specifically `ZBX_DB_USERNAME_PW` and `ZBX_DB_USERNAME_RO` to define a password and a username.
Zabbix' PostgreSQL instance by default doesn't expose a TCP port outside of its container. This setup, however, assumes that you have for example a Grafana instance or a similar entity that wants to directly connect to Postgres. Dedicated read-only database credentials come in handy in that situation.
### zabbixserver (main Zabbix server daemon)
In `zabbixserver/config/cert` place your SSL cert files. These are what the Zabbix server process serves to clients that connect to it such as `server.zabbix.example.com`. As with [PostgreSQL](#postgres-postgresql) you'll need a CA cert, a domain cert and a key file; file names are `.ZBX_SERVER_CA_FILE`, `.ZBX_SERVER_CERT_FILE` and `.ZBX_SERVER_KEY_FILE`.
There's also `zabbixserver/data` with what looks like a daunting amount of subdirectories. In our example they are all empty and they all belong to bind mounts that are configured with `create_host_path: true`.
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' checkout 'tags/6.4.4'
- type: bind
source: /opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/alertscripts
target: /usr/lib/zabbix/alertscripts
read_only: true
bind:
--> create_host_path: true
```
## Apply patch
If you don't want to mount any files into your Zabbix instance you can leave `zabbixserver/data` alone and Docker will create the necessary subdirs on your Docker host on container start.
If you do want all subdirs feel free to go like this:
Identify yourself to the local `zabbix-docker` repo. Obviously substitute your own name. An e-mail address is optional here. You don't want to contribute upstream, you just want to locally apply a patch file.
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.name "hygienic-books"
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' config user.email ""
cd '/opt/docker-data/zabbixserver-'"${CONTEXT}"'/zabbixserver/data'
mkdir -p {'./usr/lib/zabbix/'{'alert','external'}'scripts','./var/lib/zabbix/'{'dbscripts','enc','export','mibs','modules','snmptraps','ssh_keys','ssl/'{'certs','keys','ssl_ca'}}}
```
Apply `zabbix-docker.patch` to Docker Compose file. We use Zabbix' `docker-compose_v3_alpine_pgsql_latest.yaml` Compose file. Assuming this repo lives at `/opt/containers/zabbixserver`:
```
git -C '/opt/git/github.com/zabbix/zabbix-docker/branches/latest' am '/opt/containers/zabbixserver/zabbix-docker.patch'
This will create the entire directory tree underneath `zabbixserver/data`:
# Output will be:
Applying: refactor(compose): Remove trailing whitespace
Applying: refactor(compose): 4 leading spaces
Applying: refactor(compose): Indent comments
Applying: refactor(zabbix-server): Set correct libs paths
Applying: refactor(zabbix-server): Set TLS cert file names
Applying: feat(zabbix-server): Replace env files with variables
...
```
data/
├── usr
│ └── lib
│ └── zabbix
│ ├── alertscripts
│ └── externalscripts
└── var
└── lib
└── zabbix
├── dbscripts
├── enc
├── export
├── mibs
├── modules
├── snmptraps
├── ssh_keys
└── ssl
├── certs
├── keys
└── ssl_ca
```
And now back up to [Docker Compose](#docker-compose).
### zabbixwebnginx (Nginx web server)
First things first, directory `zabbixwebnginx/config/modules` is empty and due to `create_host_path: true` will be created anyway if you don't create it yourself so no worries there. In `zabbixwebnginx/config/cert` - as the name suggests - you'll place frontend SSL cert files. That's the domain certificate you want to get served when visiting Zabbix frontend with a web browser. In line with our earlier examples this might be a cert for example for `zabbix.example.com`.
Note that the file names here look relatively normal as opposed to `.ZBX_SERVER_CERT_FILE` and `.ZBX_DB_CERT_FILE` from before. We will be bind-mounting the entire `cert` directory like so:
```
- type: bind
source: /opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/cert
target: /etc/ssl/nginx
read_only: true
bind:
create_host_path: true
```
The `cert` dir ends up getting bind-mounted into `/etc/ssl/nginx` inside the container. Since Zabbix uses a standard Nginx setup we stick to the Nginx way of calling a default cert and key file. Store your full certificate chain as `ssl.crt` and the corresponding unencrypted key as `ssl.key`. Make sure to also save a `dhparam.pem` parameters file. You can get one such file the quick and dirty way for example from Mozilla at [https://ssl-config.mozilla.org/ffdhe2048.txt](https://ssl-config.mozilla.org/ffdhe2048.txt) - just save it as `dhparam.pem` if you're so inclined. You can alternatively render a file yourself. Assuming the `parallel` binary exists on your machine you can follow [unix.stackexchange.com/a/749156](https://unix.stackexchange.com/a/749156) like so:
```
seq 10000 | parallel -N0 --halt now,success=1 openssl dhparam -out dhparam.pem 4096
```
This starts as many parallel `openssl dhparam` processes as you have CPU cores (assuming you have at most 10,000 cores). Processes essentially race each other which typically lowers waiting time for a finished parameters file by an order of magnitude since you only need one random process to finish. On a moderately modern desktop CPU with four cores this will take about 30 seconds.
When done head back up to [How to run](#how-to-run).
# Development
## Conventional commits
This project uses [Conventional Commits](https://www.conventionalcommits.org/) for its commit messages.
### Commit types
Commit _types_ besides `fix` and `feat` are:
- `refactor`: Keeping functionality while streamlining or otherwise improving function flow
- `docs`: Documentation for project or components
### Commit scopes
The following _scopes_ are known for this project. A Conventional Commits commit message may optionally use one of the following scopes or none:
- `zabbixserver`: A change to how the `zabbixserver` service component works
- `build`: Build-related changes such as `Dockerfile` fixes and features.
- `mount`: Volume or bind mount-related changes.
- `net`: Networking, IP addressing, routing changes
- `meta`: Affects the project's repo layout, file names etc.

0
build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CA_CERT_FILE → build-context/docker-data/postgres/cert/.ZBX_DB_CA_FILE
View File

0
build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_CERT_FILE → build-context/docker-data/postgres/cert/.ZBX_DB_CERT_FILE
View File

0
build-context/docker-data/postgres/config/cert/ZBX_PGSQL_TLS_KEY_FILE → build-context/docker-data/postgres/cert/.ZBX_DB_KEY_FILE
View File

0
build-context/docker-data/postgres/config/docker-entrypoint-initdb.d/init-user-db.sh → build-context/docker-data/postgres/docker-entrypoint-initdb.d/init-user-db.sh
View File

0
build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CA_CERT_FILE → build-context/docker-data/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE
View File

0
build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_CERT_FILE → build-context/docker-data/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE
View File

0
build-context/docker-data/zabbixserver/config/cert/ZBX_SERVER_TLS_KEY_FILE → build-context/docker-data/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE
View File

475
build-context/docker-data/zabbixserver/config/docker-entrypoint.sh Executable file
View File

@@ -0,0 +1,475 @@
#!/bin/bash
set -o pipefail
set +e
# Script trace mode
if [ "${DEBUG_MODE,,}" == "true" ]; then
set -o xtrace
fi
#Enable PostgreSQL timescaleDB feature:
: ${ENABLE_TIMESCALEDB:="false"}
# Default directories
# Internal directory for TLS related files, used when TLS*File specified as plain text values
ZABBIX_INTERNAL_ENC_DIR="${ZABBIX_USER_HOME_DIR}/enc_internal"
# usage: file_env VAR [DEFAULT]
# as example: file_env 'MYSQL_PASSWORD' 'zabbix'
# (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file)
# unsets the VAR_FILE afterwards and just leaving VAR
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local defaultValue="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo "**** Both variables $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$defaultValue"
if [ "${!var:-}" ]; then
val="${!var}"
echo "** Using ${var} variable from ENV"
elif [ "${!fileVar:-}" ]; then
if [ ! -f "${!fileVar}" ]; then
echo "**** Secret file \"${!fileVar}\" is not found"
exit 1
fi
val="$(< "${!fileVar}")"
echo "** Using ${var} variable from secret file"
fi
export "$var"="$val"
unset "$fileVar"
}
escape_spec_char() {
local var_value=$1
var_value="${var_value//\\/\\\\}"
var_value="${var_value//[$'\n']/}"
var_value="${var_value//\//\\/}"
var_value="${var_value//./\\.}"
var_value="${var_value//\*/\\*}"
var_value="${var_value//^/\\^}"
var_value="${var_value//\$/\\\$}"
var_value="${var_value//\&/\\\&}"
var_value="${var_value//\[/\\[}"
var_value="${var_value//\]/\\]}"
echo "$var_value"
}
update_config_var() {
local config_path=$1
local var_name=$2
local var_value=$3
local is_multiple=$4
local masklist=("DBPassword TLSPSKIdentity")
if [ ! -f "$config_path" ]; then
echo "**** Configuration file '$config_path' does not exist"
return
fi
if [[ " ${masklist[@]} " =~ " $var_name " ]] && [ ! -z "$var_value" ]; then
echo -n "** Updating '$config_path' parameter \"$var_name\": '****'. Enable DEBUG_MODE to view value ..."
else
echo -n "** Updating '$config_path' parameter \"$var_name\": '$var_value'..."
fi
# Remove configuration parameter definition in case of unset or empty parameter value
if [ -z "$var_value" ]; then
sed -i -e "/^$var_name=/d" "$config_path"
echo "removed"
return
fi
# Remove value from configuration parameter in case of set to double quoted parameter value
if [[ "$var_value" == '""' ]]; then
if [ "$(grep -E "^$var_name=" $config_path)" ]; then
sed -i -e "/^$var_name=/s/=.*/=/" "$config_path"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=/" "$config_path"
fi
echo "undefined"
return
fi
# Use full path to a file for TLS related configuration parameters
if [[ $var_name =~ ^TLS.*File$ ]] && [[ ! $var_value =~ ^/.+$ ]]; then
var_value=$ZABBIX_USER_HOME_DIR/enc/$var_value
fi
# Escaping characters in parameter value and name
var_value=$(escape_spec_char "$var_value")
var_name=$(escape_spec_char "$var_name")
if [ "$(grep -E "^$var_name=$var_value$" $config_path)" ]; then
echo "exists"
elif [ "$(grep -E "^$var_name=" $config_path)" ] && [ "$is_multiple" != "true" ]; then
sed -i -e "/^$var_name=/s/=.*/=$var_value/" "$config_path"
echo "updated"
elif [ "$(grep -Ec "^# $var_name=" $config_path)" -gt 1 ]; then
sed -i -e "/^[#;] $var_name=$/i\\$var_name=$var_value" "$config_path"
echo "added first occurrence"
else
sed -i -e "/^[#;] $var_name=/s/.*/&\n$var_name=$var_value/" "$config_path"
echo "added"
fi
}
update_config_multiple_var() {
local config_path=$1
local var_name=$2
local var_value=$3
var_value="${var_value%\"}"
var_value="${var_value#\"}"
local IFS=,
local OPT_LIST=($var_value)
for value in "${OPT_LIST[@]}"; do
update_config_var $config_path $var_name $value true
done
}
file_process_from_env() {
local var_name=$1
local file_name=$2
local var_value=$3
if [ ! -z "$var_value" ]; then
echo -n "$var_value" > "${ZABBIX_INTERNAL_ENC_DIR}/$var_name"
file_name="${ZABBIX_INTERNAL_ENC_DIR}/${var_name}"
fi
if [ -n "$var_value" ]; then
export "$var_name"="$file_name"
fi
# Remove variable with plain text data
unset "${var_name%%FILE}"
}
# Check prerequisites for PostgreSQL database
check_variables_postgresql() {
: ${DB_SERVER_HOST="postgres-server"}
: ${DB_SERVER_PORT:="5432"}
file_env POSTGRES_USER
file_env POSTGRES_PASSWORD
DB_SERVER_ROOT_USER=${POSTGRES_USER:-"postgres"}
DB_SERVER_ROOT_PASS=${POSTGRES_PASSWORD:-""}
DB_SERVER_ZBX_USER=${POSTGRES_USER:-"zabbix"}
DB_SERVER_ZBX_PASS=${POSTGRES_PASSWORD:-"zabbix"}
: ${DB_SERVER_SCHEMA:="public"}
DB_SERVER_DBNAME=${POSTGRES_DB:-"zabbix"}
: ${POSTGRES_USE_IMPLICIT_SEARCH_PATH:="false"}
if [ -n "${DB_SERVER_HOST}" ]; then
psql_connect_args="--host ${DB_SERVER_HOST} --port ${DB_SERVER_PORT}"
else
psql_connect_args="--port ${DB_SERVER_PORT}"
fi
}
check_db_connect_postgresql() {
echo "********************"
if [ -n "${DB_SERVER_HOST}" ]; then
echo "* DB_SERVER_HOST: ${DB_SERVER_HOST}"
echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}"
else
echo "* DB_SERVER_HOST: Using DB socket"
echo "* DB_SERVER_PORT: ${DB_SERVER_PORT}"
fi
echo "* DB_SERVER_DBNAME: ${DB_SERVER_DBNAME}"
echo "* DB_SERVER_SCHEMA: ${DB_SERVER_SCHEMA}"
if [ "${DEBUG_MODE,,}" == "true" ]; then
echo "* DB_SERVER_ZBX_USER: ${DB_SERVER_ZBX_USER}"
echo "* DB_SERVER_ZBX_PASS: ${DB_SERVER_ZBX_PASS}"
fi
echo "********************"
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
fi
WAIT_TIMEOUT=5
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
export PGOPTIONS
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLMODE=${PGSSLMODE//required/require}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
while true :
do
psql $psql_connect_args --username ${DB_SERVER_ROOT_USER} --list --quiet 1>/dev/null 2>&1 && break
psql $psql_connect_args --username ${DB_SERVER_ROOT_USER} --list --dbname ${DB_SERVER_DBNAME} --quiet 1>/dev/null 2>&1 && break
echo "**** PostgreSQL server is not available. Waiting $WAIT_TIMEOUT seconds..."
sleep $WAIT_TIMEOUT
done
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
psql_query() {
query=$1
db=$2
local result=""
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
fi
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
export PGOPTIONS
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLMODE=${PGSSLMODE//required/require}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
result=$(psql --no-align --quiet --tuples-only $psql_connect_args \
--username "${DB_SERVER_ROOT_USER}" --command "$query" --dbname "$db" 2>/dev/null);
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
echo $result
}
exec_sql_file() {
sql_script=$1
local command="cat"
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
fi
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
export PGOPTIONS
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLMODE=${PGSSLMODE//required/require}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
if [ "${sql_script: -3}" == ".gz" ]; then
command="zcat"
fi
$command $sql_script | psql --quiet \
$psql_connect_args \
--username "${DB_SERVER_ZBX_USER}" --dbname "${DB_SERVER_DBNAME}" 1>/dev/null || exit 1
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
}
create_db_database_postgresql() {
DB_EXISTS=$(psql_query "SELECT 1 AS result FROM pg_database WHERE datname='${DB_SERVER_DBNAME}'" "${DB_SERVER_DBNAME}")
if [ -z ${DB_EXISTS} ]; then
echo "** Database '${DB_SERVER_DBNAME}' does not exist. Creating..."
if [ -n "${DB_SERVER_ZBX_PASS}" ]; then
export PGPASSWORD="${DB_SERVER_ZBX_PASS}"
fi
if [ "${POSTGRES_USE_IMPLICIT_SEARCH_PATH,,}" == "false" ] && [ -n "${DB_SERVER_SCHEMA}" ]; then
PGOPTIONS="--search_path=${DB_SERVER_SCHEMA}"
export PGOPTIONS
fi
if [ -n "${ZBX_DBTLSCONNECT}" ]; then
PGSSLMODE=${ZBX_DBTLSCONNECT//_/-}
export PGSSLMODE=${PGSSLMODE//required/require}
export PGSSLROOTCERT=${ZBX_DBTLSCAFILE}
export PGSSLCERT=${ZBX_DBTLSCERTFILE}
export PGSSLKEY=${ZBX_DBTLSKEYFILE}
fi
createdb $psql_connect_args --username "${DB_SERVER_ROOT_USER}" \
--owner "${DB_SERVER_ZBX_USER}" --lc-ctype "en_US.utf8" --lc-collate "en_US.utf8" "${DB_SERVER_DBNAME}"
unset PGPASSWORD
unset PGOPTIONS
unset PGSSLMODE
unset PGSSLROOTCERT
unset PGSSLCERT
unset PGSSLKEY
else
echo "** Database '${DB_SERVER_DBNAME}' already exists. Please be careful with database owner!"
fi
psql_query "CREATE SCHEMA IF NOT EXISTS ${DB_SERVER_SCHEMA}" "${DB_SERVER_DBNAME}" 1>/dev/null
}
apply_db_scripts() {
db_scripts=$1
for sql_script in $db_scripts; do
[ -e "$sql_script" ] || continue
echo "** Processing additional '$sql_script' SQL script"
exec_sql_file "$sql_script"
done
}
create_db_schema_postgresql() {
DBVERSION_TABLE_EXISTS=$(psql_query "SELECT 1 FROM pg_catalog.pg_class c JOIN pg_catalog.pg_namespace n ON n.oid =
c.relnamespace WHERE n.nspname = '$DB_SERVER_SCHEMA' AND c.relname = 'dbversion'" "${DB_SERVER_DBNAME}")
if [ -n "${DBVERSION_TABLE_EXISTS}" ]; then
echo "** Table '${DB_SERVER_DBNAME}.dbversion' already exists."
ZBX_DB_VERSION=$(psql_query "SELECT mandatory FROM ${DB_SERVER_SCHEMA}.dbversion" "${DB_SERVER_DBNAME}")
fi
if [ -z "${ZBX_DB_VERSION}" ]; then
echo "** Creating '${DB_SERVER_DBNAME}' schema in PostgreSQL"
if [ "${ENABLE_TIMESCALEDB,,}" == "true" ]; then
psql_query "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" "${DB_SERVER_DBNAME}"
fi
exec_sql_file "/usr/share/doc/zabbix-server-postgresql/create.sql.gz"
if [ "${ENABLE_TIMESCALEDB,,}" == "true" ]; then
exec_sql_file "/usr/share/doc/zabbix-server-postgresql/timescaledb.sql"
fi
apply_db_scripts "${ZABBIX_USER_HOME_DIR}/dbscripts/*.sql"
fi
}
update_zbx_config() {
export ZBX_DB_HOST="${DB_SERVER_HOST}"
export ZBX_DB_PORT="${DB_SERVER_PORT}"
export ZBX_DB_NAME="${DB_SERVER_DBNAME}"
export ZBX_DB_SCHEMA="${DB_SERVER_SCHEMA}"
# export ZBX_DB_USER="${DB_SERVER_ZBX_USER}"
# export ZBX_DB_PASSWORD="${DB_SERVER_ZBX_PASS}"
: ${ZBX_ENABLE_SNMP_TRAPS:="false"}
[[ "${ZBX_ENABLE_SNMP_TRAPS,,}" == "true" ]] && export ZBX_STARTSNMPTRAPPER=1
unset ZBX_ENABLE_SNMP_TRAPS
update_config_multiple_var "${ZABBIX_CONF_DIR}/zabbix_server_modules.conf" "LoadModule" "${ZBX_LOADMODULE}"
file_process_from_env "ZBX_TLSCAFILE" "${ZBX_TLSCAFILE}" "${ZBX_TLSCA}"
file_process_from_env "ZBX_TLSCRLFILE" "${ZBX_TLSCRLFILE}" "${ZBX_TLSCRL}"
file_process_from_env "ZBX_TLSCERTFILE" "${ZBX_TLSCERTFILE}" "${ZBX_TLSCERT}"
file_process_from_env "ZBX_TLSKEYFILE" "${ZBX_TLSKEYFILE}" "${ZBX_TLSKEY}"
if [ "${ZBX_AUTOHANODENAME}" == 'fqdn' ] && [ ! -n "${ZBX_HANODENAME}" ]; then
export ZBX_HANODENAME="$(hostname -f)"
elif [ "${ZBX_AUTOHANODENAME}" == 'hostname' ] && [ ! -n "${ZBX_HANODENAME}" ]; then
export ZBX_HANODENAME="$(hostname)"
fi
: ${ZBX_NODEADDRESSPORT:="10051"}
if [ "${ZBX_AUTONODEADDRESS}" == 'fqdn' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then
export ZBX_NODEADDRESS="$(hostname -f):${ZBX_NODEADDRESSPORT}"
elif [ "${ZBX_AUTONODEADDRESS}" == 'hostname' ] && [ ! -n "${ZBX_NODEADDRESS}" ]; then
export ZBX_NODEADDRESS="$(hostname):${ZBX_NODEADDRESSPORT}"
fi
if [ "$(id -u)" != '0' ]; then
export ZBX_USER="$(whoami)"
else
export ZBX_ALLOWROOT=1
fi
command -v openssl >/dev/null 2>&1 && openssl rehash -v "${ZBX_SSLCALOCATION}" 1>/dev/null
}
clear_zbx_env() {
[[ "${ZBX_CLEAR_ENV}" == "false" ]] && return
for env_var in $(env | grep -E "^(ZABBIX|DB|POSTGRES)_"); do
unset "${env_var%%=*}"
done
}
prepare_db() {
echo "** Preparing database"
check_variables_postgresql
check_db_connect_postgresql
create_db_database_postgresql
create_db_schema_postgresql
}
prepare_server() {
echo "** Preparing Zabbix server"
prepare_db
update_zbx_config
clear_zbx_env
}
#################################################
if [ "${1#-}" != "$1" ]; then
set -- /usr/sbin/zabbix_server "$@"
fi
if [ "$1" == '/usr/sbin/zabbix_server' ]; then
prepare_server
fi
if [ "$1" == "init_db_only" ]; then
prepare_db
else
exec "$@"
fi
#################################################

13
build-context/docker-data/zabbixwebnginx/config/cert/dhparam.pem
View File

@@ -1,13 +0,0 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA1shg4Gf/2rG+kllZ1qE2or0BHGqhDdjw0DlwNlPL9qVaiqmU/TRq
LCxr0ZloKa8dwImvEtwxy8bJROMW7gcVfYebsOwTnNbQGePkQ3OSKyyBBG+A04rx
QAT6mxgG84ydQOicu42mK0lRwWeFUzZFauZa8CWEcaLcKBUxYQWN6QXOAk7pUQ32
3vAjUKL8+dYUINCna5QXOPmNgnSmXJfjPEnLwveDUTj6IaXFLvWmJm4yRgi7AvXF
r85aAKl9FgT7e5+BntpJAP4Mj7TYxVyHHq7BLZAke7slwe6bkFLxQ6H3INlTYWgp
QEmALgW+KjiARTTh12NJgJvT0ti4ck7VA6P9eN5kw4FCEg1hZbMLFQg7asUWq9tV
7usrDC971W46YsrBstQg851Vbs64ZMf5+knHYJIWaUF5ZTQ1cHihKhEfGJOdRvxU
Py2q192knNzXwroqi/q22iUe9zu4kPRI3qLjR1brVcf8mkUGnMtkIZsO6cdHdvf9
+2De05V57/yCp8R1QUY/UErdDSO+ey+gNFVfpIBdUIoy8+bG1Dcz70X8DDHXD+4+
DJXeajEWS4xkHEB8kaoYGHS6dDJpQk/nsk2H4Mdb1M/uYDedLdMh3FVjH40lzQzR
oRYpzgieag0RPJcaxi6z8PN0HEuVpPA8EbOvxwDMR2zp4zJxHuA0inMCAQI=
-----END DH PARAMETERS-----

0
build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE → build-context/docker-data/zabbixwebnginx/config/cert/ssl.crt
View File

0
build-context/docker-data/zabbixwebnginx/config/cert/ZBX_WEBNGINX_TLS_KEY_FILE → build-context/docker-data/zabbixwebnginx/config/cert/ssl.key
View File

5
common-settings.yml → common-settings.yaml
View File

@@ -1,11 +1,10 @@
services:
common-settings:
environment:
TZ: "${TIMEZONE:-Etc/UTC}"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "10"
compress: "true"
environment:
TZ: Europe/Berlin
restart: unless-stopped

120
compose.override.yaml Normal file
View File

@@ -0,0 +1,120 @@
services:
db-data-pgsql:
container_name: "zabbixserver-pgsqlbusybox-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yaml"
service: "common-settings"
postgres-server:
command: "-c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem"
container_name: "zabbixserver-postgres-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yaml"
service: "common-settings"
ports:
- "${POSTGRES_PORT_EXTERNAL}:${POSTGRES_PORT_INTERNAL}"
user: "${UID_GID}"
volumes:
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/data:/var/lib/postgresql/data:rw"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro"
env_file: !reset []
environment:
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_USER: "${POSTGRES_USER}"
ZBX_DB_USERNAME_PW: "${ZBX_DB_USERNAME_PW}"
ZBX_DB_USERNAME_RO: "${ZBX_DB_USERNAME_RO}"
secrets: !reset []
server-db-init:
container_name: "zabbixserver-dbinit-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yaml"
service: "common-settings"
volumes:
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE:${ZBX_TLSCAFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE:${ZBX_TLSCERTFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE:${ZBX_TLSKEYFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
env_file: !reset []
environment:
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_USER: "${POSTGRES_USER}"
ZBX_TLSCAFILE: "${ZBX_TLSCAFILE}"
ZBX_TLSCERTFILE: "${ZBX_TLSCERTFILE}"
ZBX_TLSKEYFILE: "${ZBX_TLSKEYFILE}"
secrets: !reset []
zabbix-server:
container_name: "zabbixserver-zabbixserver-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yaml"
service: "common-settings"
volumes:
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/certs:/var/lib/zabbix/ssl/certs:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/keys:/var/lib/zabbix/ssl/keys:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/ssl/ssl_ca:/var/lib/zabbix/ssl/ssl_ca:rw"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:roz"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CA_FILE:${ZBX_TLSCAFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_CERT_FILE:${ZBX_TLSCERTFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixserver/config/cert/.ZBX_SERVER_KEY_FILE:${ZBX_TLSKEYFILE}:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
env_file: !reset []
environment:
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_USER: "${POSTGRES_USER}"
VAULT_TOKEN: "${VAULT_TOKEN}"
ZBX_VAULTDBPATH: "${ZBX_VAULTDBPATH}"
ZBX_VAULTURL: "${ZBX_VAULTURL}"
ZBX_VAULT: "${ZBX_VAULT}"
ZBX_DEBUGLEVEL: "${ZBX_DEBUGLEVEL:-3}"
ZBX_TLSCAFILE: "${ZBX_TLSCAFILE}"
ZBX_TLSCERTFILE: "${ZBX_TLSCERTFILE}"
ZBX_TLSKEYFILE: "${ZBX_TLSKEYFILE}"
secrets: !reset []
zabbix-web-nginx-pgsql:
container_name: "zabbixserver-zabbixwebnginx-${CONTEXT}"
extends:
file: "/opt/containers/zabbixserver/common-settings.yaml"
service: "common-settings"
volumes:
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/cert:/etc/ssl/nginx:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/zabbixwebnginx/config/modules/:/usr/share/zabbix/modules/:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/cert/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro"
- "/opt/docker-data/zabbixserver-${CONTEXT}/postgres/config/socket:/var/run/postgresql"
env_file: !reset []
environment:
POSTGRES_DB: "${POSTGRES_DB}"
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}"
POSTGRES_USER: "${POSTGRES_USER}"
ZBX_SERVER_HOST: "${ZBX_SERVER_HOST}"
ZBX_SERVER_NAME: "${ZBX_SERVER_NAME}"
PHP_TZ: "${PHP_TZ}"
VAULT_TOKEN: "${VAULT_TOKEN}"
ZBX_VAULTDBPATH: "${ZBX_VAULTDBPATH}"
ZBX_VAULTURL: "${ZBX_VAULTURL}"
ZBX_VAULT: "${ZBX_VAULT}"
secrets: !reset []
secrets: !reset []
volumes:
snmptraps: !reset []
networks:
database:
# Should not be Zabbix' official default 'internal: true'
# because in our case we want external entities such as a
# Grafana instance to be able to directly access this
# PostgreSQL. Here 'internal: true' would render our 'ports:'
# irrelevant, ports would just never get exposed.
internal: false

50
env/fqdn_context.env.example vendored
View File

@@ -1,27 +1,27 @@
# This file is maintained by remco and populated with data from HashiCorp
# Vault. Changes not done in Vault will be reverted when file gets rendered.
CONTEXT=ux_vilnius
DEBUG_MODE=true
PHP_TZ=America/Rainy_River
POSTGRES_DB=zabbix
POSTGRES_PASSWORD=my-postgres-password
POSTGRES_PORT_EXTERNAL=5432
POSTGRES_PORT_INTERNAL=5432
POSTGRES_USER=zabbix
RESTART_POLICY=always
TIMEZONE=America/Rainy_River
UID_GID=70:70
VAULT_TOKEN=my-hashicorp-vault-token
ZABBIX_WEB_NGINX_HTTPS_PORT=61001
ZABBIX_WEB_NGINX_HTTP_PORT=61000
ZBX_DB_USERNAME_PW=my-additional-ro-db-user-password
ZBX_DB_USERNAME_RO=my-additional-ro-db-user-name
ZBX_SERVER_HOST=zabbix-server.fully.qualified.domain.name
ZBX_SERVER_NAME=fully.qualified.domain.name
ZBX_TLSCAFILE=/run/secrets/root-ca.pem
ZBX_TLSCERTFILE=/run/secrets/server-cert.pem
ZBX_TLSKEYFILE=/run/secrets/server-key.pem
ZBX_VAULT=HashiCorp
ZBX_VAULTDBPATH=kv/secrets/zabbix
ZBX_VAULTURL=https://vault.fully.qualified.domain.name
CTX=
PHP_TZ=
POSTGRES_DB=
POSTGRES_PASSWORD=
POSTGRES_USER=
VAULT_TOKEN=
ZBX_DB_USERNAME_PW=
ZBX_DB_USERNAME_RO=
ZBX_PGSQL_TLS_CA_CERT_FILE=
ZBX_PGSQL_TLS_CERT_FILE=
ZBX_PGSQL_TLS_KEY_FILE=
ZBX_SERVER_HOST=
ZBX_SERVER_NAME=
ZBX_SERVER_TLS_CA_CERT_FILE=
ZBX_SERVER_TLS_CERT_FILE=
ZBX_SERVER_TLS_KEY_FILE=
ZBX_VAULTDBPATH=
ZBX_VAULTURL=
ZBX_WEBNGINX_EXPOSED_HTTPS_PORT=
ZBX_WEBNGINX_EXPOSED_HTTP_PORT=
ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE=
ZBX_WEBNGINX_TLS_KEY_FILE=
# When needed for temporary debugging
# ZBX_DEBUGLEVEL=4
# ZBX_DEBUGLEVEL=4

967
zabbix-docker.patch
View File

@@ -1,967 +0,0 @@
From 1437280b298c36e6b54202935e3026470c046d90 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:32:18 +0100
Subject: [PATCH 01/25] refactor(zabbix-server): Set correct libs paths
---
compose_zabbix_components.yaml | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index d46273eef..5653fc00d 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -6,15 +6,15 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - ${DATA_DIRECTORY}/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- - ${DATA_DIRECTORY}/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/export:/var/lib/zabbix/export:rw
- - ${DATA_DIRECTORY}/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- - snmptraps:/var/lib/zabbix/snmptraps:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
tmpfs: /tmp
ulimits:
nproc: 65535
--
2.44.0
From 5a16fc3ec1ce16a2d11d90ec1c91ed568a47f298 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:36:00 +0100
Subject: [PATCH 02/25] refactor(zabbix-server): Set TLS cert file names
---
compose_zabbix_components.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 5653fc00d..2cb2c258c 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -78,10 +78,10 @@ services:
server-pgsql:
extends:
service: server
-# volumes:
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
+ volumes:
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
--
2.44.0
From a0c1235190c4d3e4d68b4cdca64dbd259ba600d7 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:41:48 +0100
Subject: [PATCH 03/25] feat(zabbix-server): Replace env files with variables
---
compose_zabbix_components.yaml | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 2cb2c258c..06dfcbb00 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -29,8 +29,11 @@ services:
reservations:
cpus: '0.5'
memory: 512M
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_srv
+ environment:
+ ZBX_VAULTURL: ${ZBX_VAULTURL}
+ VAULT_TOKEN: ${VAULT_TOKEN}
+ ZBX_VAULTDBPATH: ${ZBX_VAULTDBPATH}
+ ZBX_DEBUGLEVEL: ${ZBX_DEBUGLEVEL:-3}
networks:
zbx_net_database:
aliases:
@@ -82,8 +85,9 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+ environment:
+ POSTGRES_USER: ${POSTGRES_USER}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
--
2.44.0
From d66f78e7c7d6c092c0ba96d8191d470922a75dfb Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:44:11 +0100
Subject: [PATCH 04/25] refactor(zabbix-server): Remove PostgreSQL secrets use
---
compose_zabbix_components.yaml | 3 ---
1 file changed, 3 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 06dfcbb00..2430b3fe1 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -88,9 +88,6 @@ services:
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
networks:
zbx_net_backend:
aliases:
--
2.44.0
From 367f99d237d58e19c6e5207584827cf5d66e4e11 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:47:36 +0100
Subject: [PATCH 05/25] refactor(zabbix-web-nginx): Replace exposed ports with
---
compose_zabbix_components.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 2430b3fe1..5b25a6ec9 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -261,8 +261,8 @@ services:
web-nginx:
ports:
- - "${ZABBIX_WEB_NGINX_HTTP_PORT}:8080"
- - "${ZABBIX_WEB_NGINX_HTTPS_PORT}:8443"
+ - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
+ - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443"
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
--
2.44.0
From 846279a5671804c35afd4a277c4b78fff74ce2fb Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:49:32 +0100
Subject: [PATCH 06/25] refactor(zabbix-web-nginx): Set named volumes
---
compose_zabbix_components.yaml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 5b25a6ec9..8da2ac4ef 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -266,8 +266,10 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - ${DATA_DIRECTORY}/etc/ssl/nginx:/etc/ssl/nginx:ro
- - ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
+ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
+ - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
tmpfs: /tmp
deploy:
resources:
--
2.44.0
From 24a7cd67229fd21a0cde323a398d2e9cb744bb87 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:52:51 +0100
Subject: [PATCH 07/25] refactor(zabbix-web-nginx): Replace env files with vars
---
compose_zabbix_components.yaml | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 8da2ac4ef..8dac7dd57 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -279,8 +279,10 @@ services:
reservations:
cpus: '0.5'
memory: 256M
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_web
+ environment:
+ PHP_TZ: ${PHP_TZ}
+ ZBX_SERVER_NAME: ${ZBX_SERVER_NAME}
+ ZBX_SERVER_HOST: ${ZBX_SERVER_HOST}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/ping"]
interval: 10s
@@ -327,8 +329,9 @@ services:
# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+ environment:
+ POSTGRES_USER: ${POSTGRES_USER}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
--
2.44.0
From 9d773578e3ac8359fa90e1891176c299c02f9f0c Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:53:28 +0100
Subject: [PATCH 08/25] refactor(zabbix-web-nginx): Remove secrets
---
compose_zabbix_components.yaml | 3 ---
1 file changed, 3 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 8dac7dd57..56796f6ad 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -332,9 +332,6 @@ services:
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
networks:
zbx_net_backend:
aliases:
--
2.44.0
From e0f3e63536e96c6c14336494890b96af6e4fb602 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:54:23 +0100
Subject: [PATCH 09/25] refactor(postgresql): Use static username ID
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 50f5368dd..c6611b05a 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -39,6 +39,7 @@ services:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
+ user: 70:70
volumes:
- ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
--
2.44.0
From 69c99b5a9219d5472889506f6ec56d404b8c35e1 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 22:55:03 +0100
Subject: [PATCH 10/25] refactor(postgresql): Set custom container name
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index c6611b05a..1aacf6d53 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -37,6 +37,7 @@ services:
postgres-server:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
+ container_name: zabbixserver-postgres-${CTX}
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
--
2.44.0
From 6cc7f437bface0d243551b8e1fb9934c5c0ea238 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:00:51 +0100
Subject: [PATCH 11/25] refactor(zabbix-web-nginx): Set custom container name
---
compose_zabbix_components.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 56796f6ad..aa5234f2d 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -260,6 +260,7 @@ services:
com.zabbix.dbtype: "pgsql"
web-nginx:
+ container_name: zabbixserver-zabbixwebnginx-${CTX}
ports:
- "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
- "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443"
--
2.44.0
From 845b2eb2ef891a73e53b71f5e2fa0bb5721028a0 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:02:00 +0100
Subject: [PATCH 12/25] refactor(zabbix-server): Set custom container name
---
compose_zabbix_components.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index aa5234f2d..5f79cfd77 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -1,6 +1,7 @@
version: '3.8'
services:
server:
+ container_name: zabbixserver-zabbixserver-${CTX}
ports:
- "${ZABBIX_SERVER_PORT}:10051"
restart: "${RESTART_POLICY}"
--
2.44.0
From 5d45ed5af0336134baeb5a5084868d6d15839a3d Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:02:45 +0100
Subject: [PATCH 13/25] refactor(postgresql): Publicly expose so that other
tools can access the database
---
compose_databases.yaml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 1aacf6d53..d566ab432 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -41,6 +41,8 @@ services:
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
+ ports:
+ - "5432:5432"
volumes:
- ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
--
2.44.0
From a61fab959951ede7d4903997b8f5f66ea11547d0 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:03:37 +0100
Subject: [PATCH 14/25] refactor(postgresql): Replace static file names with
vars
---
compose_databases.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index d566ab432..e8a07b427 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -44,10 +44,10 @@ services:
ports:
- "5432:5432"
volumes:
- - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver/postgres/data:/var/lib/postgresql/data:rw
+ - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
+ - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
--
2.44.0
From e0336a1a4fe981d40f48b8a935e98fbe097f9493 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:11:40 +0100
Subject: [PATCH 15/25] refactor(compose): Extend existing default configs
---
docker-compose_v3_alpine_pgsql_latest.yaml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index bc4892246..a78430bab 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -4,6 +4,9 @@ services:
extends:
file: compose_zabbix_components.yaml
service: server-pgsql
+ extends:
+ file: common-settings.yml
+ service: common-settings
image: "${ZABBIX_SERVER_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
volumes:
- /etc/timezone:/etc/timezone:ro
@@ -50,6 +53,9 @@ services:
extends:
file: compose_zabbix_components.yaml
service: web-nginx-pgsql
+ extends:
+ file: common-settings.yml
+ service: common-settings
image: "${ZABBIX_WEB_NGINX_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
volumes:
- /etc/timezone:/etc/timezone:ro
@@ -101,6 +107,9 @@ services:
extends:
file: compose_databases.yaml
service: postgres-server
+ extends:
+ file: common-settings.yml
+ service: common-settings
db-data-mysql:
extends:
--
2.44.0
From 601a8c1a515eddacfdc6434da68b769d667083b7 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:12:15 +0100
Subject: [PATCH 16/25] refactor(postgresql): Start with SSL cert
---
compose_databases.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index e8a07b427..b208f33a8 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -38,7 +38,7 @@ services:
postgres-server:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
container_name: zabbixserver-postgres-${CTX}
-# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
+ command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
ports:
--
2.44.0
From 2aa4e5de3063077c3882be5422665665c4121a05 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:14:11 +0100
Subject: [PATCH 17/25] refactor(compose): Add context string to path
---
compose_databases.yaml | 8 ++++----
compose_zabbix_components.yaml | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index b208f33a8..376ccbf59 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -44,10 +44,10 @@ services:
ports:
- "5432:5432"
volumes:
- - /opt/docker-data/zabbixserver/postgres/data:/var/lib/postgresql/data:rw
- - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 5f79cfd77..f162c267d 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -268,10 +268,10 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro
- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
- - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
tmpfs: /tmp
deploy:
resources:
--
2.44.0
From fae328d9ecd838e0fad7bc9e82aa9b0531fae79b Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:15:03 +0100
Subject: [PATCH 18/25] refactor(postgresql): Rename config dir
---
compose_zabbix_components.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index f162c267d..1a8306305 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -268,10 +268,10 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro
- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
- - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/modules:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
tmpfs: /tmp
deploy:
resources:
--
2.44.0
From cfac02a90da0581247a4bf0c282bfd175bbe6827 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:17:09 +0100
Subject: [PATCH 19/25] refactor(postgresql): Replace env files with vars
---
compose_databases.yaml | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 376ccbf59..b16cb6a70 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -48,8 +48,12 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+ environment:
+ POSTGRES_USER: ${POSTGRES_USER}
+ POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+ POSTGRES_DB: ${POSTGRES_DB}
+ ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO}
+ ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW}
secrets:
- POSTGRES_USER
- POSTGRES_PASSWORD
--
2.44.0
From 53242dc77c843bdab8f1ab16d105902cda19bfa0 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:17:35 +0100
Subject: [PATCH 20/25] refactor(postgresql): Remove secrets
---
compose_databases.yaml | 3 ---
1 file changed, 3 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index b16cb6a70..0eaa1c7cd 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -54,9 +54,6 @@ services:
POSTGRES_DB: ${POSTGRES_DB}
ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO}
ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW}
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
stop_grace_period: 1m
networks:
zbx_net_database:
--
2.44.0
From 48db500291bf52e39ce59f862dca7c8ec6e5b004 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:18:21 +0100
Subject: [PATCH 21/25] refactor(postgresql): Add named volume
---
compose_databases.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 0eaa1c7cd..4602770e5 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -68,7 +68,7 @@ services:
db-data-pgsql:
image: busybox
volumes:
- - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
elasticsearch:
image: "${ELASTICSEARCH_IMAGE}:${ELASTICSEARCH_IMAGE_TAG}"
--
2.44.0
From 3e96ed7ae9fd4ba76979ee1f91a0d8921d379b7f Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:19:47 +0100
Subject: [PATCH 22/25] refactor(zbx_net_backend): Make external
---
docker-compose_v3_alpine_pgsql_latest.yaml | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index a78430bab..122c625ed 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -148,7 +148,12 @@ networks:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "${DATABASE_NETWORK_ENABLE_IPV6}"
- internal: true
+ # Should not be Zabbix' official default 'internal: true' because in our
+ # case we want external entities such as a Grafana instance to be able
+ # to directly access this PostgreSQL. Here 'internal: true' would render
+ # our 'ports: ["5432:5432"]' irrelevant, ports would just never get
+ # exposed.
+ # internal: true
ipam:
driver: "${DATABASE_NETWORK_DRIVER}"
--
2.44.0
From de09044b00e59256392d47cd1af7a9f284d6034a Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:20:16 +0100
Subject: [PATCH 23/25] refactor(compose): Remove secrets and unneeded volume
---
docker-compose_v3_alpine_pgsql_latest.yaml | 18 ------------------
1 file changed, 18 deletions(-)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index 122c625ed..707cdb1c2 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -156,21 +156,3 @@ networks:
# internal: true
ipam:
driver: "${DATABASE_NETWORK_DRIVER}"
-
-volumes:
- snmptraps:
-# dbsocket:
-
-secrets:
- MYSQL_USER:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_USER
- MYSQL_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_PASSWORD
- MYSQL_ROOT_USER:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_USER
- MYSQL_ROOT_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_PASSWORD
- POSTGRES_USER:
- file: ${ENV_VARS_DIRECTORY}/.POSTGRES_USER
- POSTGRES_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.POSTGRES_PASSWORD
--
2.44.0
From 4b4618b4457ab6db25f4d8e1c8cd721a2dd3a639 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:21:04 +0100
Subject: [PATCH 24/28] refactor(compose): Add common settings
---
common-settings.yml | 11 +++++++++++
1 file changed, 11 insertions(+)
create mode 100644 common-settings.yml
diff --git a/common-settings.yml b/common-settings.yml
new file mode 100644
index 000000000..c377067a8
--- /dev/null
+++ b/common-settings.yml
@@ -0,0 +1,11 @@
+services:
+ common-settings:
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "10m"
+ max-file: "10"
+ compress: "true"
+ environment:
+ TZ: Europe/Berlin
+ restart: unless-stopped
--
2.44.0
From 1785227a138c278c4b97a7d1388629e053d68625 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 16 Apr 2024 15:30:24 +0200
Subject: [PATCH 25/28] refactor(compose): Remove unneeded components
---
docker-compose_v3_alpine_pgsql_latest.yaml | 70 ----------------------
1 file changed, 70 deletions(-)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index 707cdb1c2..a30c4c07d 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -15,40 +15,6 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- zabbix-proxy-sqlite3:
- extends:
- file: compose_zabbix_components.yaml
- service: proxy-sqlite3
- image: "${ZABBIX_PROXY_SQLITE3_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-proxy-mysql:
- extends:
- file: compose_zabbix_components.yaml
- service: proxy-mysql
- image: "${ZABBIX_PROXY_MYSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- depends_on:
- - mysql-server
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-web-apache-pgsql:
- extends:
- file: compose_zabbix_components.yaml
- service: web-apache-pgsql
- image: "${ZABBIX_WEB_APACHE_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- depends_on:
- - postgres-server
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
zabbix-web-nginx-pgsql:
extends:
file: compose_zabbix_components.yaml
@@ -64,32 +30,6 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- zabbix-agent:
- extends:
- file: compose_zabbix_components.yaml
- service: agent
- image: "${ZABBIX_AGENT_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-java-gateway:
- extends:
- file: compose_zabbix_components.yaml
- service: java-gateway
- image: "${ZABBIX_JAVA_GATEWAY_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-snmptraps:
- extends:
- file: compose_zabbix_components.yaml
- service: snmptraps
- image: "${ZABBIX_SNMPTRAPS_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
zabbix-web-service:
extends:
file: compose_zabbix_components.yaml
@@ -98,11 +38,6 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- mysql-server:
- extends:
- file: compose_databases.yaml
- service: mysql-server
-
postgres-server:
extends:
file: compose_databases.yaml
@@ -111,11 +46,6 @@ services:
file: common-settings.yml
service: common-settings
- db-data-mysql:
- extends:
- file: compose_databases.yaml
- service: db-data-mysql
-
db-data-pgsql:
extends:
file: compose_databases.yaml
--
2.44.0
From fab5ba8eb168639775c6ab419a1a4b41ad25338e Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:23:21 +0100
Subject: [PATCH 26/28] fix(postgresql): Fix cert path
---
compose_databases.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 4602770e5..455a87eb3 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -45,9 +45,9 @@ services:
- "5432:5432"
volumes:
- /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
- - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
--
2.42.0
From a70e020794b384cf9ab8b0f7ca43cf2c7ca764c5 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:25:41 +0100
Subject: [PATCH 27/28] refactor(zabbix-postgres-busybox): Set custom container
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 455a87eb3..200701f37 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -67,6 +67,7 @@ services:
db-data-pgsql:
image: busybox
+ container_name: zabbixserver-pgsqlbusybox-${CTX}
volumes:
- /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
--
2.42.0
From c996c248684a11e967d404ab58d87eefbb5a5c5e Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Sun, 4 Feb 2024 23:26:08 +0100
Subject: [PATCH 28/28] feat(postgresql): Add initialization scripts dir
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 200701f37..898c3aa73 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -48,6 +48,7 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
--
2.42.0