From 8466fff1984e5b0383f10cb0e7ae64f5c6224f87 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Fri, 16 Feb 2024 14:19:02 +0900 Subject: [PATCH 1/2] Merge pull request #1182 from zabbix/security_patches Security patches --- Dockerfiles/build-mysql/alpine/Dockerfile | 2 +- Dockerfiles/build-mysql/centos/Dockerfile | 2 +- Dockerfiles/build-mysql/ol/Dockerfile | 2 +- Dockerfiles/build-mysql/rhel/Dockerfile | 2 +- Dockerfiles/build-mysql/ubuntu/Dockerfile | 2 +- Dockerfiles/build-pgsql/alpine/Dockerfile | 2 +- Dockerfiles/build-pgsql/centos/Dockerfile | 2 +- Dockerfiles/build-pgsql/ol/Dockerfile | 2 +- Dockerfiles/build-pgsql/ubuntu/Dockerfile | 2 +- Dockerfiles/build-sqlite3/alpine/Dockerfile | 2 +- Dockerfiles/build-sqlite3/centos/Dockerfile | 2 +- Dockerfiles/build-sqlite3/ol/Dockerfile | 2 +- Dockerfiles/build-sqlite3/rhel/Dockerfile | 2 +- Dockerfiles/build-sqlite3/ubuntu/Dockerfile | 2 +- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../ol/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../ol/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../ol/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../rhel/conf/etc/yum.repo.d/nginx.repo | 2 +- .../rhel/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile | 2 +- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- .../ol/conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile | 2 +- .../conf/etc/zabbix/web/zabbix.conf.php | 82 ++++++++++++++----- 34 files changed, 1088 insertions(+), 340 deletions(-) diff --git a/Dockerfiles/build-mysql/alpine/Dockerfile b/Dockerfiles/build-mysql/alpine/Dockerfile index 116806c6be..07105e777e 100644 --- a/Dockerfiles/build-mysql/alpine/Dockerfile +++ b/Dockerfiles/build-mysql/alpine/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-mysql/centos/Dockerfile b/Dockerfiles/build-mysql/centos/Dockerfile index 6b2c4bbcba..9d77eb98a5 100644 --- a/Dockerfiles/build-mysql/centos/Dockerfile +++ b/Dockerfiles/build-mysql/centos/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-mysql/ol/Dockerfile b/Dockerfiles/build-mysql/ol/Dockerfile index 8097cf3e2f..4fefb7407e 100644 --- a/Dockerfiles/build-mysql/ol/Dockerfile +++ b/Dockerfiles/build-mysql/ol/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-mysql/rhel/Dockerfile b/Dockerfiles/build-mysql/rhel/Dockerfile index e468fb2b7b..4f2f625787 100644 --- a/Dockerfiles/build-mysql/rhel/Dockerfile +++ b/Dockerfiles/build-mysql/rhel/Dockerfile @@ -82,7 +82,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-mysql/ubuntu/Dockerfile b/Dockerfiles/build-mysql/ubuntu/Dockerfile index c0ba804134..05dc9c0584 100644 --- a/Dockerfiles/build-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/mysql/create.sql > database/mysql/create_proxy.sql.gz && \ rm -rf database/mysql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-pgsql/alpine/Dockerfile b/Dockerfiles/build-pgsql/alpine/Dockerfile index 13a115e90a..299f71728a 100644 --- a/Dockerfiles/build-pgsql/alpine/Dockerfile +++ b/Dockerfiles/build-pgsql/alpine/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-pgsql/centos/Dockerfile b/Dockerfiles/build-pgsql/centos/Dockerfile index 833546c259..082acbb5d6 100644 --- a/Dockerfiles/build-pgsql/centos/Dockerfile +++ b/Dockerfiles/build-pgsql/centos/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-pgsql/ol/Dockerfile b/Dockerfiles/build-pgsql/ol/Dockerfile index fe463015ea..aeef7feaa6 100644 --- a/Dockerfiles/build-pgsql/ol/Dockerfile +++ b/Dockerfiles/build-pgsql/ol/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-pgsql/ubuntu/Dockerfile b/Dockerfiles/build-pgsql/ubuntu/Dockerfile index 5a0164d677..faf9566c81 100644 --- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile @@ -72,7 +72,7 @@ RUN set -eux && \ gzip -c database/postgresql/create.sql > database/postgresql/create_proxy.sql.gz && \ rm -rf database/postgresql/create.sql && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/alpine/Dockerfile b/Dockerfiles/build-sqlite3/alpine/Dockerfile index 7828b51efd..1d231220c1 100644 --- a/Dockerfiles/build-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile @@ -58,7 +58,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/centos/Dockerfile b/Dockerfiles/build-sqlite3/centos/Dockerfile index 33a1fdf15a..b678a8d9c9 100644 --- a/Dockerfiles/build-sqlite3/centos/Dockerfile +++ b/Dockerfiles/build-sqlite3/centos/Dockerfile @@ -58,7 +58,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/ol/Dockerfile b/Dockerfiles/build-sqlite3/ol/Dockerfile index 7b0bdf78f4..fc01556522 100644 --- a/Dockerfiles/build-sqlite3/ol/Dockerfile +++ b/Dockerfiles/build-sqlite3/ol/Dockerfile @@ -58,7 +58,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/rhel/Dockerfile b/Dockerfiles/build-sqlite3/rhel/Dockerfile index 334edd17a3..6ac111b412 100644 --- a/Dockerfiles/build-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/build-sqlite3/rhel/Dockerfile @@ -68,7 +68,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile index e13bc94f33..1d244bad8a 100644 --- a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile @@ -58,7 +58,7 @@ RUN set -eux && \ make -j"$(nproc)" -s dbschema && \ make -j"$(nproc)" -s && \ mkdir /tmp/fonts/ && \ - curl --silent -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ + curl --tlsv1.2 -sSf -L "https://noto-website.storage.googleapis.com/pkgs/NotoSansCJKjp-hinted.zip" -o /tmp/fonts/NotoSansCJKjp-hinted.zip && \ unzip /tmp/fonts/NotoSansCJKjp-hinted.zip -d /tmp/fonts/ && \ cp /tmp/fonts/NotoSansCJKjp-Regular.otf /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/NotoSansCJKjp-Regular.ttf && \ cp /tmp/fonts/LICENSE_OFL.txt /tmp/zabbix-${ZBX_VERSION}/ui/assets/fonts/ && \ diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo index d2d1492304..03c98e3fa0 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/yum.repo.d/nginx.repo @@ -1,6 +1,6 @@ [nginx-stable] name=nginx stable repo -baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/ +baseurl=https://nginx.org/packages/rhel/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile index 220c6339c5..547eabcb94 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile @@ -59,7 +59,7 @@ RUN set -eux && \ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \ gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \ DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \ - echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ + echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ > /etc/apt/preferences.d/99nginx && \ gpgconf --kill all && \ diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile index 2357ea7e35..31df39c4cd 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile @@ -59,7 +59,7 @@ RUN set -eux && \ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx.gpg && \ gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg && \ DISTRIB_CODENAME=$(/bin/bash -c 'source /etc/lsb-release && echo $DISTRIB_CODENAME') && \ - echo "deb http://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ + echo "deb https://nginx.org/packages/ubuntu $DISTRIB_CODENAME nginx" > /etc/apt/sources.list.d/nginx.list && \ echo "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ > /etc/apt/preferences.d/99nginx && \ gpgconf --kill all && \ diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index f664ef2a48..27bdc211dc 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -19,30 +19,48 @@ $ZBX_SERVER_NAME = getenv('ZBX_SERVER_NAME'); // Used for TLS connection. -$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; -$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); -$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); -$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); -$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; -$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; +$DB['ENCRYPTION'] = getenv('ZBX_DB_ENCRYPTION') == 'true' ? true: false; +$DB['KEY_FILE'] = getenv('ZBX_DB_KEY_FILE'); +$DB['CERT_FILE'] = getenv('ZBX_DB_CERT_FILE'); +$DB['CA_FILE'] = getenv('ZBX_DB_CA_FILE'); +$DB['VERIFY_HOST'] = getenv('ZBX_DB_VERIFY_HOST') == 'true' ? true: false; +$DB['CIPHER_LIST'] = getenv('ZBX_DB_CIPHER_LIST') ? getenv('ZBX_DB_CIPHER_LIST') : ''; // Vault configuration. Used if database credentials are stored in Vault secrets manager. -$DB['VAULT'] = getenv('ZBX_VAULT'); -$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); -$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); -$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt') ? '/etc/zabbix/web/certs/vault.crt' : (file_exists(getenv('ZBX_VAULTCERTFILE')) ? getenv('ZBX_VAULTCERTFILE') : ''); -$DB['VAULT_KEY_FILE'] = file_exists('/etc/zabbix/web/certs/vault.key') ? '/etc/zabbix/web/certs/vault.key' : (file_exists(getenv('ZBX_VAULTKEYFILE')) ? getenv('ZBX_VAULTKEYFILE') : ''); +$DB['VAULT'] = getenv('ZBX_VAULT'); +$DB['VAULT_URL'] = getenv('ZBX_VAULTURL'); +$DB['VAULT_DB_PATH'] = getenv('ZBX_VAULTDBPATH'); +$DB['VAULT_TOKEN'] = getenv('VAULT_TOKEN'); -$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; +if (file_exists('/etc/zabbix/web/certs/vault.crt')) { + $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); +} +elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { + $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; +} +else { + $DB['VAULT_CERT_FILE'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/vault.key')) { + $DB['VAULT_KEY_FILE'] = '/etc/zabbix/web/certs/vault.key'; +} +elseif (file_exists(getenv('ZBX_VAULTKEYFILE'))) { + $DB['VAULT_KEY_FILE'] = getenv('ZBX_VAULTKEYFILE'); +} +else { + $DB['VAULT_KEY_FILE'] = ''; +} + +$DB['VAULT_CACHE'] = getenv('ZBX_VAULTCACHE') == 'true' ? true: false; // Use IEEE754 compatible value range for 64-bit Numeric (float) history values. // This option is enabled by default for new Zabbix installations. // For upgraded installations, please read database upgrade notes before enabling this option. -$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; +$DB['DOUBLE_IEEE754'] = getenv('DB_DOUBLE_IEEE754') == 'true' ? true: false; -$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; +$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; // Elasticsearch url (can be string if same url is used for all types). $history_url = str_replace("'","\"",getenv('ZBX_HISTORYSTORAGEURL')); @@ -53,9 +71,35 @@ $HISTORY['types'] = (json_decode($storage_types)) ? json_decode($storage_types, true) : array(); // Used for SAML authentication. -$SSO['SP_KEY'] = file_exists('/etc/zabbix/web/certs/sp.key') ? '/etc/zabbix/web/certs/sp.key' : (file_exists(getenv('ZBX_SSO_SP_KEY')) ? getenv('ZBX_SSO_SP_KEY') : ''); -$SSO['SP_CERT'] = file_exists('/etc/zabbix/web/certs/sp.crt') ? '/etc/zabbix/web/certs/sp.crt' : (file_exists(getenv('ZBX_SSO_SP_CERT')) ? getenv('ZBX_SSO_SP_CERT') : ''); -$SSO['IDP_CERT'] = file_exists('/etc/zabbix/web/certs/idp.crt') ? '/etc/zabbix/web/certs/idp.crt' : (file_exists(getenv('ZBX_SSO_IDP_CERT')) ? getenv('ZBX_SSO_IDP_CERT') : ''); +if (file_exists('/etc/zabbix/web/certs/sp.key')) { + $SSO['SP_KEY'] = '/etc/zabbix/web/certs/sp.key'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_KEY'))) { + $SSO['SP_KEY'] = getenv('ZBX_SSO_SP_KEY'); +} +else { + $SSO['SP_KEY'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/sp.crt')) { + $SSO['SP_CERT'] = '/etc/zabbix/web/certs/sp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_SP_CERT'))) { + $SSO['SP_CERT'] = getenv('ZBX_SSO_SP_CERT'); +} +else { + $SSO['SP_CERT'] = ''; +} + +if (file_exists('/etc/zabbix/web/certs/idp.crt')) { + $SSO['IDP_CERT'] = '/etc/zabbix/web/certs/idp.crt'; +} +elseif (file_exists(getenv('ZBX_SSO_IDP_CERT'))) { + $SSO['IDP_CERT'] = getenv('ZBX_SSO_IDP_CERT'); +} +else { + $SSO['IDP_CERT'] = ''; +} $sso_settings = str_replace("'","\"",getenv('ZBX_SSO_SETTINGS')); -$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); +$SSO['SETTINGS'] = (json_decode($sso_settings)) ? json_decode($sso_settings, true) : array(); From 2c3d1013ddfa4d0679327ed9dac534cdcd6a2fdf Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Fri, 16 Feb 2024 14:22:44 +0900 Subject: [PATCH 2/2] Merge pull request #1183 from zabbix/security_patches Updated Zabbix web-frontend configuration file --- .../web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php | 2 +- .../web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = ''; diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php index 27bdc211dc..734ff03ff6 100644 --- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php +++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/web/zabbix.conf.php @@ -36,7 +36,7 @@ $DB['VAULT_CERT_FILE'] = file_exists('/etc/zabbix/web/certs/vault.crt'); } elseif (file_exists(getenv('ZBX_VAULTCERTFILE'))) { - $DB['VAULT_CERT_FILE'] = $DB['VAULT_CERT_FILE']; + $DB['VAULT_CERT_FILE'] = getenv('ZBX_VAULTCERTFILE'); } else { $DB['VAULT_CERT_FILE'] = '';