From 21cea7f103f19770350559fdca236a9b7d2a721c Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:07:16 +0200
Subject: [PATCH 01/13] refactor(compose): Remove unneeded components
---
docker-compose_v3_alpine_pgsql_latest.yaml | 78 ----------------------
1 file changed, 78 deletions(-)
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index bc4892246..68b55d5d2 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -12,40 +12,6 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- zabbix-proxy-sqlite3:
- extends:
- file: compose_zabbix_components.yaml
- service: proxy-sqlite3
- image: "${ZABBIX_PROXY_SQLITE3_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-proxy-mysql:
- extends:
- file: compose_zabbix_components.yaml
- service: proxy-mysql
- image: "${ZABBIX_PROXY_MYSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- depends_on:
- - mysql-server
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-web-apache-pgsql:
- extends:
- file: compose_zabbix_components.yaml
- service: web-apache-pgsql
- image: "${ZABBIX_WEB_APACHE_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- depends_on:
- - postgres-server
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
zabbix-web-nginx-pgsql:
extends:
file: compose_zabbix_components.yaml
@@ -58,55 +24,11 @@ services:
labels:
com.zabbix.os: "${ALPINE_OS_TAG}"
- zabbix-agent:
- extends:
- file: compose_zabbix_components.yaml
- service: agent
- image: "${ZABBIX_AGENT_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- volumes:
- - /etc/timezone:/etc/timezone:ro
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-java-gateway:
- extends:
- file: compose_zabbix_components.yaml
- service: java-gateway
- image: "${ZABBIX_JAVA_GATEWAY_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-snmptraps:
- extends:
- file: compose_zabbix_components.yaml
- service: snmptraps
- image: "${ZABBIX_SNMPTRAPS_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- zabbix-web-service:
- extends:
- file: compose_zabbix_components.yaml
- service: web-service
- image: "${ZABBIX_WEB_SERVICE_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}"
- labels:
- com.zabbix.os: "${ALPINE_OS_TAG}"
-
- mysql-server:
- extends:
- file: compose_databases.yaml
- service: mysql-server
-
postgres-server:
extends:
file: compose_databases.yaml
service: postgres-server
- db-data-mysql:
- extends:
- file: compose_databases.yaml
- service: db-data-mysql
-
db-data-pgsql:
extends:
file: compose_databases.yaml
--
2.42.0
From c4bd71d1ca83d09e4727a507c148bdbafe37f322 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:13:17 +0200
Subject: [PATCH 02/13] refactor(zabbix-server): Set bind mounts
---
compose_databases.yaml | 8 ++++----
compose_zabbix_components.yaml | 32 +++++++++++++++++---------------
2 files changed, 21 insertions(+), 19 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 50f5368dd..216e1cb04 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -40,10 +40,10 @@ services:
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
volumes:
- - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro
- - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index d46273eef..21231de36 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -6,15 +6,15 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - ${DATA_DIRECTORY}/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- - ${DATA_DIRECTORY}/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/export:/var/lib/zabbix/export:rw
- - ${DATA_DIRECTORY}/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- - ${DATA_DIRECTORY}/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
- - snmptraps:/var/lib/zabbix/snmptraps:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro
tmpfs: /tmp
ulimits:
nproc: 65535
@@ -78,10 +78,10 @@ services:
server-pgsql:
extends:
service: server
-# volumes:
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro
-# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
+ volumes:
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
secrets:
@@ -265,8 +265,10 @@ services:
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
- - ${DATA_DIRECTORY}/etc/ssl/nginx:/etc/ssl/nginx:ro
- - ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/modules:/usr/share/zabbix/modules/:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro
+ - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro
tmpfs: /tmp
deploy:
resources:
--
2.42.0
From 15631d10b495f9643915549143f947a304678547 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:20:27 +0200
Subject: [PATCH 03/13] feat(stack): Extend env vars
---
env_vars/.env_db_pgsql | 12 +++++++-----
env_vars/.env_srv | 8 ++++----
env_vars/.env_web | 6 +++---
3 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/env_vars/.env_db_pgsql b/env_vars/.env_db_pgsql
index 30be4ad2f..20f642a9d 100644
--- a/env_vars/.env_db_pgsql
+++ b/env_vars/.env_db_pgsql
@@ -1,11 +1,13 @@
# DB_SERVER_HOST=postgres-server
# DB_SERVER_PORT=5432
-# POSTGRES_USER=zabbix
-POSTGRES_USER_FILE=/run/secrets/POSTGRES_USER
-# POSTGRES_PASSWORD=zabbix
-POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
+POSTGRES_USER=${POSTGRES_USER}
+# POSTGRES_USER_FILE=/run/secrets/POSTGRES_USER
+POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+# POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
# POSTGRES_DB=zabbix
-POSTGRES_DB=zabbix
+POSTGRES_DB=${POSTGRES_DB}
# DB_SERVER_SCHEMA=public
# ENABLE_TIMESCALEDB=true
# POSTGRES_USE_IMPLICIT_SEARCH_PATH=false
+ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO}
+ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW}
diff --git a/env_vars/.env_srv b/env_vars/.env_srv
index 8ef2091b6..6aff55002 100644
--- a/env_vars/.env_srv
+++ b/env_vars/.env_srv
@@ -14,7 +14,7 @@
# ZBX_AUTONODEADDRESS=fqdn # Allowed values: fqdn, hostname. Available since 6.0.0
# ZBX_NODEADDRESSPORT=10051 # Allowed to use with ZBX_AUTONODEADDRESS variable only. Available since 6.0.0
# ZBX_NODEADDRESS=localhost:10051 # Available since 6.0.0
-# ZBX_DEBUGLEVEL=3
+ZBX_DEBUGLEVEL=${ZBX_DEBUGLEVEL:-3}
# ZBX_STARTPOLLERS=5
# ZBX_IPMIPOLLERS=0
# ZBX_STARTPREPROCESSORS=3 # Available since 3.4.0
@@ -69,11 +69,11 @@ ZBX_ENABLE_SNMP_TRAPS=true
# ZBX_TLSCERTFILE=
# ZBX_TLSKEYFILE=
# ZBX_VAULT=HashiCorp # Available since 6.2.0
-# ZBX_VAULTDBPATH=
+ZBX_VAULTDBPATH=${ZBX_VAULTDBPATH}
# ZBX_VAULTTLSCERTFILE= # Available since 6.2.0
# ZBX_VAULTTLSKEYFILE= # Available since 6.2.0
-# ZBX_VAULTURL=https://127.0.0.1:8200
-# VAULT_TOKEN=
+ZBX_VAULTURL=${ZBX_VAULTURL}
+VAULT_TOKEN=${VAULT_TOKEN}
# ZBX_STARTREPORTWRITERS=0
# ZBX_WEBSERVICEURL=http://zabbix-web-service:10053/report
# ZBX_SERVICEMANAGERSYNCFREQUENCY=60
diff --git a/env_vars/.env_web b/env_vars/.env_web
index 8f6585ad0..4f0ebb1b0 100644
--- a/env_vars/.env_web
+++ b/env_vars/.env_web
@@ -1,6 +1,6 @@
-ZBX_SERVER_HOST=zabbix-server
+ZBX_SERVER_HOST=${ZBX_SERVER_HOST}
# ZBX_SERVER_PORT=10051
-ZBX_SERVER_NAME=Composed installation
+ZBX_SERVER_NAME=${ZBX_SERVER_NAME}
# ZBX_DB_ENCRYPTION=true # Available since 5.0.0
# ZBX_DB_KEY_FILE=/run/secrets/client-key.pem # Available since 5.0.0
# ZBX_DB_CERT_FILE=/run/secrets/client-cert.pem # Available since 5.0.0
@@ -25,7 +25,7 @@ ZBX_SERVER_NAME=Composed installation
# ZBX_MAXINPUTTIME=300
# ZBX_SESSION_NAME=zbx_sessionid
# Timezone one of: http://php.net/manual/en/timezones.php
-# PHP_TZ=Europe/Riga
+PHP_TZ=${PHP_TZ}
# ZBX_DENY_GUI_ACCESS=false
# ZBX_GUI_ACCESS_IP_RANGE=['127.0.0.1']
# ZBX_GUI_WARNING_MSG=Zabbix is under maintenance.
--
2.42.0
From 67f84af300695674fdd47210a7e123098d2eced6 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:22:50 +0200
Subject: [PATCH 04/13] refactor(compose): Remove secrets and unneeded volume
---
compose_databases.yaml | 3 ---
docker-compose_v3_alpine_pgsql_latest.yaml | 18 ------------------
2 files changed, 21 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 216e1cb04..52c06b356 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -46,9 +46,6 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
stop_grace_period: 1m
networks:
zbx_net_database:
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index 68b55d5d2..359e2ee7c 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -64,21 +64,3 @@ networks:
internal: true
ipam:
driver: "${DATABASE_NETWORK_DRIVER}"
-
-volumes:
- snmptraps:
-# dbsocket:
-
-secrets:
- MYSQL_USER:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_USER
- MYSQL_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_PASSWORD
- MYSQL_ROOT_USER:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_USER
- MYSQL_ROOT_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_PASSWORD
- POSTGRES_USER:
- file: ${ENV_VARS_DIRECTORY}/.POSTGRES_USER
- POSTGRES_PASSWORD:
- file: ${ENV_VARS_DIRECTORY}/.POSTGRES_PASSWORD
--
2.42.0
From fc7477f0d17e1253aeb245ad75610e5d8eaeba2f Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:26:07 +0200
Subject: [PATCH 05/13] refactor(zabbix-web-nginx): Exposed ports
---
compose_zabbix_components.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 21231de36..62e77c578 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -260,8 +260,8 @@ services:
web-nginx:
ports:
- - "${ZABBIX_WEB_NGINX_HTTP_PORT}:8080"
- - "${ZABBIX_WEB_NGINX_HTTPS_PORT}:8443"
+ - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
+ - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443"
restart: "${RESTART_POLICY}"
volumes:
- /etc/localtime:/etc/localtime:ro
--
2.42.0
From 1aff1200dbcec51767fbd49c66ede673210add93 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:26:34 +0200
Subject: [PATCH 06/13] refactor(postgresql): Use static username ID
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 52c06b356..40c8b7fa0 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -39,6 +39,7 @@ services:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
+ user: 70:70
volumes:
- /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
--
2.42.0
From b8cfbd7bff008fee7bbd8ba6af1c6c9a60e7fda5 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:28:41 +0200
Subject: [PATCH 07/13] refactor(compose): Set custom container names
---
compose_databases.yaml | 2 ++
compose_zabbix_components.yaml | 2 ++
2 files changed, 4 insertions(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 40c8b7fa0..7c85574d0 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -37,6 +37,7 @@ services:
postgres-server:
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
+ container_name: zabbixserver-postgres-${CTX}
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
@@ -60,6 +61,7 @@ services:
db-data-pgsql:
image: busybox
+ container_name: zabbixserver-pgsqlbusybox-${CTX}
volumes:
- ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 62e77c578..14afe391d 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -1,6 +1,7 @@
version: '3.8'
services:
server:
+ container_name: zabbixserver-zabbixserver-${CTX}
ports:
- "${ZABBIX_SERVER_PORT}:10051"
restart: "${RESTART_POLICY}"
@@ -259,6 +260,7 @@ services:
com.zabbix.dbtype: "pgsql"
web-nginx:
+ container_name: zabbixserver-zabbixwebnginx-${CTX}
ports:
- "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
- "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443"
--
2.42.0
From b019cd4868567802d65d7147505382c174c3e3cb Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:29:44 +0200
Subject: [PATCH 08/13] refactor(postgresql): Publicly expose so that other
tools can access the database
---
compose_databases.yaml | 2 ++
docker-compose_v3_alpine_pgsql_latest.yaml | 7 ++++++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 7c85574d0..67c8dcb20 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -41,6 +41,8 @@ services:
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
+ ports:
+ - "5432:5432"
volumes:
- /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml
index 359e2ee7c..85b974168 100644
--- a/docker-compose_v3_alpine_pgsql_latest.yaml
+++ b/docker-compose_v3_alpine_pgsql_latest.yaml
@@ -61,6 +61,11 @@ networks:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "${DATABASE_NETWORK_ENABLE_IPV6}"
- internal: true
+ # Should not be Zabbix' official default 'internal: true' because in our
+ # case we want external entities such as a Grafana instance to be able
+ # to directly access this PostgreSQL. Here 'internal: true' would render
+ # our 'ports: ["5432:5432"]' irrelevant, ports would just never get
+ # exposed.
+ # internal: true
ipam:
driver: "${DATABASE_NETWORK_DRIVER}"
--
2.42.0
From ef1ce4376b3b154db634f78ec7ac76ceb3372bd2 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:36:52 +0200
Subject: [PATCH 09/13] refactor(compose): Set logging defaults
---
common-settings.yml | 8 ++++++++
compose_databases.yaml | 6 ++++++
compose_zabbix_components.yaml | 6 ++++++
3 files changed, 20 insertions(+)
create mode 100644 common-settings.yml
diff --git a/common-settings.yml b/common-settings.yml
new file mode 100644
index 000000000..d409ea1c1
--- /dev/null
+++ b/common-settings.yml
@@ -0,0 +1,8 @@
+services:
+ common-settings:
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "10m"
+ max-file: "10"
+ compress: "true"
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 67c8dcb20..97bb300af 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -36,6 +36,9 @@ services:
- mysql-server
postgres-server:
+ extends:
+ file: common-settings.yml
+ service: common-settings
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
container_name: zabbixserver-postgres-${CTX}
# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
@@ -62,6 +65,9 @@ services:
- ${DATA_DIRECTORY}/var/lib/mysql:/var/lib/mysql:rw
db-data-pgsql:
+ extends:
+ file: common-settings.yml
+ service: common-settings
image: busybox
container_name: zabbixserver-pgsqlbusybox-${CTX}
volumes:
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 14afe391d..21843aa4e 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -1,6 +1,9 @@
version: '3.8'
services:
server:
+ extends:
+ file: common-settings.yml
+ service: common-settings
container_name: zabbixserver-zabbixserver-${CTX}
ports:
- "${ZABBIX_SERVER_PORT}:10051"
@@ -260,6 +263,9 @@ services:
com.zabbix.dbtype: "pgsql"
web-nginx:
+ extends:
+ file: common-settings.yml
+ service: common-settings
container_name: zabbixserver-zabbixwebnginx-${CTX}
ports:
- "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080"
--
2.42.0
From 674a6ae8c9add2b4c7db374cd00427af11040d35 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:37:32 +0200
Subject: [PATCH 10/13] refactor(postgresql): Start with SSL cert
---
compose_databases.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 97bb300af..1b21c5eeb 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -41,7 +41,7 @@ services:
service: common-settings
image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}"
container_name: zabbixserver-postgres-${CTX}
-# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
+ command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem
restart: "${RESTART_POLICY}"
user: 70:70
ports:
--
2.42.0
From 69b3466be73519196753c168ba248cca84be21ae Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:37:59 +0200
Subject: [PATCH 11/13] feat(postgresql): Add initialization scripts dir
---
compose_databases.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 1b21c5eeb..87a39fb47 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -51,6 +51,7 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro
- /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro
+ - /opt/docker-data/zabbixserver-${CTX}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
stop_grace_period: 1m
--
2.42.0
From 666ed0f597118990785f825c0ca4cc3b3c680b2f Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:43:11 +0200
Subject: [PATCH 12/13] refactor(compose): Remove secrets
---
compose_zabbix_components.yaml | 6 ------
1 file changed, 6 deletions(-)
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 21843aa4e..3f2abdf65 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -88,9 +88,6 @@ services:
- /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
networks:
zbx_net_backend:
aliases:
@@ -336,9 +333,6 @@ services:
# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
env_file:
- ${ENV_VARS_DIRECTORY}/.env_db_pgsql
- secrets:
- - POSTGRES_USER
- - POSTGRES_PASSWORD
networks:
zbx_net_backend:
aliases:
--
2.42.0
From f0cc3b938cee802caf2c18e72519062b46b0a9f9 Mon Sep 17 00:00:00 2001
From: hygienic-books <>
Date: Tue, 4 Jun 2024 00:54:40 +0200
Subject: [PATCH 13/13] refactor(compose): Remove unneeded components
---
compose_databases.yaml | 54 ------------------------------------------
1 file changed, 54 deletions(-)
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 87a39fb47..70f4fa894 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -1,40 +1,5 @@
version: '3.8'
services:
- mysql-server:
- image: "${MYSQL_IMAGE}:${MYSQL_IMAGE_TAG}"
- command:
- - mysqld
- - --character-set-server=utf8mb4
- - --collation-server=utf8mb4_bin
-# Only during upgrade from versions prior 6.4 and new installations (schema deployment)
- - --log_bin_trust_function_creators=1
-# Use TLS encryption for connections to database
-# - --require-secure-transport
-# - --ssl-ca=/run/secrets/root-ca.pem
-# - --ssl-cert=/run/secrets/server-cert.pem
-# - --ssl-key=/run/secrets/server-key.pem
- restart: "${RESTART_POLICY}"
- volumes:
- - ${DATA_DIRECTORY}/var/lib/mysql:/var/lib/mysql:rw
- - ${ENV_VARS_DIRECTORY}/mysql_init/init_proxy_db.sql:/docker-entrypoint-initdb.d/mysql_init_proxy.sql:ro
-# - dbsocket:/var/run/mysqld/
- env_file:
- - ${ENV_VARS_DIRECTORY}/.env_db_mysql
- environment:
- - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/MYSQL_ROOT_PASSWORD
- secrets:
- - MYSQL_USER
- - MYSQL_PASSWORD
- - MYSQL_ROOT_PASSWORD
-# - server-key.pem
-# - server-cert.pem
-# - root-ca.pem
- stop_grace_period: 1m
- networks:
- zbx_net_database:
- aliases:
- - mysql-server
-
postgres-server:
extends:
file: common-settings.yml
@@ -60,11 +25,6 @@ services:
aliases:
- postgres-server
- db-data-mysql:
- image: busybox
- volumes:
- - ${DATA_DIRECTORY}/var/lib/mysql:/var/lib/mysql:rw
-
db-data-pgsql:
extends:
file: common-settings.yml
@@ -73,17 +33,3 @@ services:
container_name: zabbixserver-pgsqlbusybox-${CTX}
volumes:
- ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw
-
- elasticsearch:
- image: "${ELASTICSEARCH_IMAGE}:${ELASTICSEARCH_IMAGE_TAG}"
- restart: "${RESTART_POLICY}"
- profiles:
- - full
- - all
- environment:
- - transport.host=0.0.0.0
- - discovery.zen.minimum_master_nodes=1
- networks:
- zbx_net_database:
- aliases:
- - elasticsearch
--
2.42.0