From 1437280b298c36e6b54202935e3026470c046d90 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:32:18 +0100 Subject: [PATCH 01/25] refactor(zabbix-server): Set correct libs paths --- compose_zabbix_components.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index d46273eef..5653fc00d 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -6,15 +6,15 @@ services: restart: "${RESTART_POLICY}" volumes: - /etc/localtime:/etc/localtime:ro - - ${DATA_DIRECTORY}/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro - - ${DATA_DIRECTORY}/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/export:/var/lib/zabbix/export:rw - - ${DATA_DIRECTORY}/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro - - ${DATA_DIRECTORY}/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro - - snmptraps:/var/lib/zabbix/snmptraps:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/dbscripts:/var/lib/zabbix/dbscripts:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/export:/var/lib/zabbix/export:rw + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/data/var/lib/zabbix/snmptraps:/var/lib/zabbix/snmptraps:ro tmpfs: /tmp ulimits: nproc: 65535 -- 2.44.0 From 5a16fc3ec1ce16a2d11d90ec1c91ed568a47f298 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:36:00 +0100 Subject: [PATCH 02/25] refactor(zabbix-server): Set TLS cert file names --- compose_zabbix_components.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 5653fc00d..2cb2c258c 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -78,10 +78,10 @@ services: server-pgsql: extends: service: server -# volumes: -# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro -# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro -# - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro + volumes: + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro env_file: - ${ENV_VARS_DIRECTORY}/.env_db_pgsql secrets: -- 2.44.0 From a0c1235190c4d3e4d68b4cdca64dbd259ba600d7 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:41:48 +0100 Subject: [PATCH 03/25] feat(zabbix-server): Replace env files with variables --- compose_zabbix_components.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 2cb2c258c..06dfcbb00 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -29,8 +29,11 @@ services: reservations: cpus: '0.5' memory: 512M - env_file: - - ${ENV_VARS_DIRECTORY}/.env_srv + environment: + ZBX_VAULTURL: ${ZBX_VAULTURL} + VAULT_TOKEN: ${VAULT_TOKEN} + ZBX_VAULTDBPATH: ${ZBX_VAULTDBPATH} + ZBX_DEBUGLEVEL: ${ZBX_DEBUGLEVEL:-3} networks: zbx_net_database: aliases: @@ -82,8 +85,9 @@ services: - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_CERT_FILE}:/run/secrets/client-cert.pem:ro - /opt/docker-data/zabbixserver-${CTX}/zabbixserver/config/cert/${ZBX_SERVER_TLS_KEY_FILE}:/run/secrets/client-key.pem:ro - env_file: - - ${ENV_VARS_DIRECTORY}/.env_db_pgsql + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} secrets: - POSTGRES_USER - POSTGRES_PASSWORD -- 2.44.0 From d66f78e7c7d6c092c0ba96d8191d470922a75dfb Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:44:11 +0100 Subject: [PATCH 04/25] refactor(zabbix-server): Remove PostgreSQL secrets use --- compose_zabbix_components.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 06dfcbb00..2430b3fe1 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -88,9 +88,6 @@ services: environment: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - secrets: - - POSTGRES_USER - - POSTGRES_PASSWORD networks: zbx_net_backend: aliases: -- 2.44.0 From 367f99d237d58e19c6e5207584827cf5d66e4e11 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:47:36 +0100 Subject: [PATCH 05/25] refactor(zabbix-web-nginx): Replace exposed ports with --- compose_zabbix_components.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 2430b3fe1..5b25a6ec9 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -261,8 +261,8 @@ services: web-nginx: ports: - - "${ZABBIX_WEB_NGINX_HTTP_PORT}:8080" - - "${ZABBIX_WEB_NGINX_HTTPS_PORT}:8443" + - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080" + - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443" restart: "${RESTART_POLICY}" volumes: - /etc/localtime:/etc/localtime:ro -- 2.44.0 From 846279a5671804c35afd4a277c4b78fff74ce2fb Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:49:32 +0100 Subject: [PATCH 06/25] refactor(zabbix-web-nginx): Set named volumes --- compose_zabbix_components.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 5b25a6ec9..8da2ac4ef 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -266,8 +266,10 @@ services: restart: "${RESTART_POLICY}" volumes: - /etc/localtime:/etc/localtime:ro - - ${DATA_DIRECTORY}/etc/ssl/nginx:/etc/ssl/nginx:ro - - ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro + - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro + - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro + - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro + - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro tmpfs: /tmp deploy: resources: -- 2.44.0 From 24a7cd67229fd21a0cde323a398d2e9cb744bb87 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:52:51 +0100 Subject: [PATCH 07/25] refactor(zabbix-web-nginx): Replace env files with vars --- compose_zabbix_components.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 8da2ac4ef..8dac7dd57 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -279,8 +279,10 @@ services: reservations: cpus: '0.5' memory: 256M - env_file: - - ${ENV_VARS_DIRECTORY}/.env_web + environment: + PHP_TZ: ${PHP_TZ} + ZBX_SERVER_NAME: ${ZBX_SERVER_NAME} + ZBX_SERVER_HOST: ${ZBX_SERVER_HOST} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/ping"] interval: 10s @@ -327,8 +329,9 @@ services: # - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro # - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/client-cert.pem:ro # - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro - env_file: - - ${ENV_VARS_DIRECTORY}/.env_db_pgsql + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} secrets: - POSTGRES_USER - POSTGRES_PASSWORD -- 2.44.0 From 9d773578e3ac8359fa90e1891176c299c02f9f0c Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:53:28 +0100 Subject: [PATCH 08/25] refactor(zabbix-web-nginx): Remove secrets --- compose_zabbix_components.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 8dac7dd57..56796f6ad 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -332,9 +332,6 @@ services: environment: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - secrets: - - POSTGRES_USER - - POSTGRES_PASSWORD networks: zbx_net_backend: aliases: -- 2.44.0 From e0f3e63536e96c6c14336494890b96af6e4fb602 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:54:23 +0100 Subject: [PATCH 09/25] refactor(postgresql): Use static username ID --- compose_databases.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose_databases.yaml b/compose_databases.yaml index 50f5368dd..c6611b05a 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -39,6 +39,7 @@ services: image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}" # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem restart: "${RESTART_POLICY}" + user: 70:70 volumes: - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro -- 2.44.0 From 69c99b5a9219d5472889506f6ec56d404b8c35e1 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 22:55:03 +0100 Subject: [PATCH 10/25] refactor(postgresql): Set custom container name --- compose_databases.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose_databases.yaml b/compose_databases.yaml index c6611b05a..1aacf6d53 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -37,6 +37,7 @@ services: postgres-server: image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}" + container_name: zabbixserver-postgres-${CTX} # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem restart: "${RESTART_POLICY}" user: 70:70 -- 2.44.0 From 6cc7f437bface0d243551b8e1fb9934c5c0ea238 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:00:51 +0100 Subject: [PATCH 11/25] refactor(zabbix-web-nginx): Set custom container name --- compose_zabbix_components.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 56796f6ad..aa5234f2d 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -260,6 +260,7 @@ services: com.zabbix.dbtype: "pgsql" web-nginx: + container_name: zabbixserver-zabbixwebnginx-${CTX} ports: - "${ZBX_WEBNGINX_EXPOSED_HTTP_PORT}:8080" - "${ZBX_WEBNGINX_EXPOSED_HTTPS_PORT}:8443" -- 2.44.0 From 845b2eb2ef891a73e53b71f5e2fa0bb5721028a0 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:02:00 +0100 Subject: [PATCH 12/25] refactor(zabbix-server): Set custom container name --- compose_zabbix_components.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index aa5234f2d..5f79cfd77 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -1,6 +1,7 @@ version: '3.8' services: server: + container_name: zabbixserver-zabbixserver-${CTX} ports: - "${ZABBIX_SERVER_PORT}:10051" restart: "${RESTART_POLICY}" -- 2.44.0 From 5d45ed5af0336134baeb5a5084868d6d15839a3d Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:02:45 +0100 Subject: [PATCH 13/25] refactor(postgresql): Publicly expose so that other tools can access the database --- compose_databases.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/compose_databases.yaml b/compose_databases.yaml index 1aacf6d53..d566ab432 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -41,6 +41,8 @@ services: # command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem restart: "${RESTART_POLICY}" user: 70:70 + ports: + - "5432:5432" volumes: - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro -- 2.44.0 From a61fab959951ede7d4903997b8f5f66ea11547d0 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:03:37 +0100 Subject: [PATCH 14/25] refactor(postgresql): Replace static file names with vars --- compose_databases.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index d566ab432..e8a07b427 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -44,10 +44,10 @@ services: ports: - "5432:5432" volumes: - - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw - - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CA_FILE:/run/secrets/root-ca.pem:ro - - ${ENV_VARS_DIRECTORY}/.ZBX_DB_CERT_FILE:/run/secrets/server-cert.pem:ro - - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro + - /opt/docker-data/zabbixserver/postgres/data:/var/lib/postgresql/data:rw + - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro + - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro + - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro env_file: - ${ENV_VARS_DIRECTORY}/.env_db_pgsql secrets: -- 2.44.0 From e0336a1a4fe981d40f48b8a935e98fbe097f9493 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:11:40 +0100 Subject: [PATCH 15/25] refactor(compose): Extend existing default configs --- docker-compose_v3_alpine_pgsql_latest.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index bc4892246..a78430bab 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -4,6 +4,9 @@ services: extends: file: compose_zabbix_components.yaml service: server-pgsql + extends: + file: common-settings.yml + service: common-settings image: "${ZABBIX_SERVER_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" volumes: - /etc/timezone:/etc/timezone:ro @@ -50,6 +53,9 @@ services: extends: file: compose_zabbix_components.yaml service: web-nginx-pgsql + extends: + file: common-settings.yml + service: common-settings image: "${ZABBIX_WEB_NGINX_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" volumes: - /etc/timezone:/etc/timezone:ro @@ -101,6 +107,9 @@ services: extends: file: compose_databases.yaml service: postgres-server + extends: + file: common-settings.yml + service: common-settings db-data-mysql: extends: -- 2.44.0 From 601a8c1a515eddacfdc6434da68b769d667083b7 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:12:15 +0100 Subject: [PATCH 16/25] refactor(postgresql): Start with SSL cert --- compose_databases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index e8a07b427..b208f33a8 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -38,7 +38,7 @@ services: postgres-server: image: "${POSTGRESQL_IMAGE}:${POSTGRESQL_IMAGE_TAG}" container_name: zabbixserver-postgres-${CTX} -# command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem + command: -c ssl=on -c ssl_cert_file=/run/secrets/server-cert.pem -c ssl_key_file=/run/secrets/server-key.pem -c ssl_ca_file=/run/secrets/root-ca.pem restart: "${RESTART_POLICY}" user: 70:70 ports: -- 2.44.0 From 2aa4e5de3063077c3882be5422665665c4121a05 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:14:11 +0100 Subject: [PATCH 17/25] refactor(compose): Add context string to path --- compose_databases.yaml | 8 ++++---- compose_zabbix_components.yaml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index b208f33a8..376ccbf59 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -44,10 +44,10 @@ services: ports: - "5432:5432" volumes: - - /opt/docker-data/zabbixserver/postgres/data:/var/lib/postgresql/data:rw - - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro - - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro - - /opt/docker-data/zabbixserver/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw + - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro env_file: - ${ENV_VARS_DIRECTORY}/.env_db_pgsql secrets: diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index 5f79cfd77..f162c267d 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -268,10 +268,10 @@ services: restart: "${RESTART_POLICY}" volumes: - /etc/localtime:/etc/localtime:ro - - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro - - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro - - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro - - /opt/docker-data/zabbixserver/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro tmpfs: /tmp deploy: resources: -- 2.44.0 From fae328d9ecd838e0fad7bc9e82aa9b0531fae79b Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:15:03 +0100 Subject: [PATCH 18/25] refactor(postgresql): Rename config dir --- compose_zabbix_components.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml index f162c267d..1a8306305 100644 --- a/compose_zabbix_components.yaml +++ b/compose_zabbix_components.yaml @@ -268,10 +268,10 @@ services: restart: "${RESTART_POLICY}" volumes: - /etc/localtime:/etc/localtime:ro - - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/modules:/usr/share/zabbix/modules/:ro - - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro - - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro - - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/conf/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/modules:/usr/share/zabbix/modules/:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_CERT_FULLCHAIN_FILE}:/etc/ssl/nginx/ssl.crt:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/${ZBX_WEBNGINX_TLS_KEY_FILE}:/etc/ssl/nginx/ssl.key:ro + - /opt/docker-data/zabbixserver-${CTX}/zabbixwebnginx/config/cert/dhparam.pem:/etc/ssl/nginx/dhparam.pem:ro tmpfs: /tmp deploy: resources: -- 2.44.0 From cfac02a90da0581247a4bf0c282bfd175bbe6827 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:17:09 +0100 Subject: [PATCH 19/25] refactor(postgresql): Replace env files with vars --- compose_databases.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index 376ccbf59..b16cb6a70 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -48,8 +48,12 @@ services: - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro - env_file: - - ${ENV_VARS_DIRECTORY}/.env_db_pgsql + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: ${POSTGRES_DB} + ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO} + ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW} secrets: - POSTGRES_USER - POSTGRES_PASSWORD -- 2.44.0 From 53242dc77c843bdab8f1ab16d105902cda19bfa0 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:17:35 +0100 Subject: [PATCH 20/25] refactor(postgresql): Remove secrets --- compose_databases.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index b16cb6a70..0eaa1c7cd 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -54,9 +54,6 @@ services: POSTGRES_DB: ${POSTGRES_DB} ZBX_DB_USERNAME_RO: ${ZBX_DB_USERNAME_RO} ZBX_DB_USERNAME_PW: ${ZBX_DB_USERNAME_PW} - secrets: - - POSTGRES_USER - - POSTGRES_PASSWORD stop_grace_period: 1m networks: zbx_net_database: -- 2.44.0 From 48db500291bf52e39ce59f862dca7c8ec6e5b004 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:18:21 +0100 Subject: [PATCH 21/25] refactor(postgresql): Add named volume --- compose_databases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index 0eaa1c7cd..4602770e5 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -68,7 +68,7 @@ services: db-data-pgsql: image: busybox volumes: - - ${DATA_DIRECTORY}/var/lib/postgresql/data:/var/lib/postgresql/data:rw + - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw elasticsearch: image: "${ELASTICSEARCH_IMAGE}:${ELASTICSEARCH_IMAGE_TAG}" -- 2.44.0 From 3e96ed7ae9fd4ba76979ee1f91a0d8921d379b7f Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:19:47 +0100 Subject: [PATCH 22/25] refactor(zbx_net_backend): Make external --- docker-compose_v3_alpine_pgsql_latest.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index a78430bab..122c625ed 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -148,7 +148,12 @@ networks: driver: bridge driver_opts: com.docker.network.enable_ipv6: "${DATABASE_NETWORK_ENABLE_IPV6}" - internal: true + # Should not be Zabbix' official default 'internal: true' because in our + # case we want external entities such as a Grafana instance to be able + # to directly access this PostgreSQL. Here 'internal: true' would render + # our 'ports: ["5432:5432"]' irrelevant, ports would just never get + # exposed. + # internal: true ipam: driver: "${DATABASE_NETWORK_DRIVER}" -- 2.44.0 From de09044b00e59256392d47cd1af7a9f284d6034a Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:20:16 +0100 Subject: [PATCH 23/25] refactor(compose): Remove secrets and unneeded volume --- docker-compose_v3_alpine_pgsql_latest.yaml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index 122c625ed..707cdb1c2 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -156,21 +156,3 @@ networks: # internal: true ipam: driver: "${DATABASE_NETWORK_DRIVER}" - -volumes: - snmptraps: -# dbsocket: - -secrets: - MYSQL_USER: - file: ${ENV_VARS_DIRECTORY}/.MYSQL_USER - MYSQL_PASSWORD: - file: ${ENV_VARS_DIRECTORY}/.MYSQL_PASSWORD - MYSQL_ROOT_USER: - file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_USER - MYSQL_ROOT_PASSWORD: - file: ${ENV_VARS_DIRECTORY}/.MYSQL_ROOT_PASSWORD - POSTGRES_USER: - file: ${ENV_VARS_DIRECTORY}/.POSTGRES_USER - POSTGRES_PASSWORD: - file: ${ENV_VARS_DIRECTORY}/.POSTGRES_PASSWORD -- 2.44.0 From 4b4618b4457ab6db25f4d8e1c8cd721a2dd3a639 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:21:04 +0100 Subject: [PATCH 24/28] refactor(compose): Add common settings --- common-settings.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 common-settings.yml diff --git a/common-settings.yml b/common-settings.yml new file mode 100644 index 000000000..c377067a8 --- /dev/null +++ b/common-settings.yml @@ -0,0 +1,11 @@ +services: + common-settings: + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "10" + compress: "true" + environment: + TZ: Europe/Berlin + restart: unless-stopped -- 2.44.0 From 1785227a138c278c4b97a7d1388629e053d68625 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Tue, 16 Apr 2024 15:30:24 +0200 Subject: [PATCH 25/28] refactor(compose): Remove unneeded components --- docker-compose_v3_alpine_pgsql_latest.yaml | 70 ---------------------- 1 file changed, 70 deletions(-) diff --git a/docker-compose_v3_alpine_pgsql_latest.yaml b/docker-compose_v3_alpine_pgsql_latest.yaml index 707cdb1c2..a30c4c07d 100644 --- a/docker-compose_v3_alpine_pgsql_latest.yaml +++ b/docker-compose_v3_alpine_pgsql_latest.yaml @@ -15,40 +15,6 @@ services: labels: com.zabbix.os: "${ALPINE_OS_TAG}" - zabbix-proxy-sqlite3: - extends: - file: compose_zabbix_components.yaml - service: proxy-sqlite3 - image: "${ZABBIX_PROXY_SQLITE3_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - volumes: - - /etc/timezone:/etc/timezone:ro - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - zabbix-proxy-mysql: - extends: - file: compose_zabbix_components.yaml - service: proxy-mysql - image: "${ZABBIX_PROXY_MYSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - volumes: - - /etc/timezone:/etc/timezone:ro - depends_on: - - mysql-server - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - zabbix-web-apache-pgsql: - extends: - file: compose_zabbix_components.yaml - service: web-apache-pgsql - image: "${ZABBIX_WEB_APACHE_PGSQL_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - volumes: - - /etc/timezone:/etc/timezone:ro - depends_on: - - postgres-server - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - zabbix-web-nginx-pgsql: extends: file: compose_zabbix_components.yaml @@ -64,32 +30,6 @@ services: labels: com.zabbix.os: "${ALPINE_OS_TAG}" - zabbix-agent: - extends: - file: compose_zabbix_components.yaml - service: agent - image: "${ZABBIX_AGENT_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - volumes: - - /etc/timezone:/etc/timezone:ro - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - zabbix-java-gateway: - extends: - file: compose_zabbix_components.yaml - service: java-gateway - image: "${ZABBIX_JAVA_GATEWAY_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - - zabbix-snmptraps: - extends: - file: compose_zabbix_components.yaml - service: snmptraps - image: "${ZABBIX_SNMPTRAPS_IMAGE}:${ZABBIX_ALPINE_IMAGE_TAG}${ZABBIX_IMAGE_TAG_POSTFIX}" - labels: - com.zabbix.os: "${ALPINE_OS_TAG}" - zabbix-web-service: extends: file: compose_zabbix_components.yaml @@ -98,11 +38,6 @@ services: labels: com.zabbix.os: "${ALPINE_OS_TAG}" - mysql-server: - extends: - file: compose_databases.yaml - service: mysql-server - postgres-server: extends: file: compose_databases.yaml @@ -111,11 +46,6 @@ services: file: common-settings.yml service: common-settings - db-data-mysql: - extends: - file: compose_databases.yaml - service: db-data-mysql - db-data-pgsql: extends: file: compose_databases.yaml -- 2.44.0 From fab5ba8eb168639775c6ab419a1a4b41ad25338e Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:23:21 +0100 Subject: [PATCH 26/28] fix(postgresql): Fix cert path --- compose_databases.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/compose_databases.yaml b/compose_databases.yaml index 4602770e5..455a87eb3 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -45,9 +45,9 @@ services: - "5432:5432" volumes: - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw - - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro - - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro - - /opt/docker-data/zabbixserver-${CTX}/postgres/conf/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro environment: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} -- 2.42.0 From a70e020794b384cf9ab8b0f7ca43cf2c7ca764c5 Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:25:41 +0100 Subject: [PATCH 27/28] refactor(zabbix-postgres-busybox): Set custom container --- compose_databases.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose_databases.yaml b/compose_databases.yaml index 455a87eb3..200701f37 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -67,6 +67,7 @@ services: db-data-pgsql: image: busybox + container_name: zabbixserver-pgsqlbusybox-${CTX} volumes: - /opt/docker-data/zabbixserver-${CTX}/postgres/data:/var/lib/postgresql/data:rw -- 2.42.0 From c996c248684a11e967d404ab58d87eefbb5a5c5e Mon Sep 17 00:00:00 2001 From: hygienic-books <> Date: Sun, 4 Feb 2024 23:26:08 +0100 Subject: [PATCH 28/28] feat(postgresql): Add initialization scripts dir --- compose_databases.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/compose_databases.yaml b/compose_databases.yaml index 200701f37..898c3aa73 100644 --- a/compose_databases.yaml +++ b/compose_databases.yaml @@ -48,6 +48,7 @@ services: - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CA_CERT_FILE}:/run/secrets/root-ca.pem:ro - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_CERT_FILE}:/run/secrets/server-cert.pem:ro - /opt/docker-data/zabbixserver-${CTX}/postgres/config/cert/${ZBX_PGSQL_TLS_KEY_FILE}:/run/secrets/server-key.pem:ro + - /opt/docker-data/zabbixserver-${CTX}/postgres/config/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro environment: POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} -- 2.42.0