Add note for zabbix in containers on Debian 11

2021-05-17 13:54:16 +02:00 · 2021-05-17 13:54:16 +02:00 · 724899b50f
commit 724899b50f
parent 59d372c0a6
1 changed files with 99 additions and 0 deletions
--- a/arch-config/Dokumente/notes/zabbix-container-debian-11.md
+++ b/arch-config/Dokumente/notes/zabbix-container-debian-11.md
@ -0,0 +1,99 @@
+# Zabbix in Container on Debian 11
+
+`# apt install podman`  
+
+Create pod  
+`# podman pod create --name zabbix -p 8808:8080 -p 10051:10051`  
+
+`$ mkdir -p /home/debian/zabbix-mysql`  
+
+Create database container  
+```
+# podman run --name zabbix-mysql -t \
+      -e MYSQL_DATABASE="zabbix" \
+      -e MYSQL_USER="zabbix" \
+      -e MYSQL_PASSWORD="zabbix" \
+      -e MYSQL_ROOT_PASSWORD="rootpass" \
+      -v /home/debian/zabbix-mysql/:/var/lib/mysql/:Z \
+      --restart=always \
+      --pod=zabbix \
+      -d docker://mysql:8.0 \
+      --character-set-server=utf8 --collation-server=utf8_bin \
+      --default-authentication-plugin=mysql_native_password
+```
+
+Create zabbix server  
+```
+# podman run --name zabbix-server -t \
+                  -e DB_SERVER_HOST="127.0.0.1" \
+                  -e MYSQL_DATABASE="zabbix" \
+                  -e MYSQL_USER="zabbix" \
+                  -e MYSQL_PASSWORD="zabbix" \
+                  -e MYSQL_ROOT_PASSWORD="rootpass" \
+                  --restart=always \
+                  --pod=zabbix \
+                  -d docker://zabbix/zabbix-server-mysql
+```
+
+Create web interface
+```
+# podman run --name zabbix-web -t \
+                  -e ZBX_SERVER_HOST="127.0.0.1" \
+                  -e DB_SERVER_HOST="127.0.0.1" \
+                  -e MYSQL_DATABASE="zabbix" \
+                  -e MYSQL_USER="zabbix" \
+                  -e MYSQL_PASSWORD="zabbix" \
+                  -e MYSQL_ROOT_PASSWORD="rootpass" \
+                  --restart=always \
+                  --pod=zabbix \
+                  -d docker://zabbix/zabbix-web-nginx-mysql
+```
+
+`# apt install nginx`  
+
+`# vim /etc/nginx/sites-available/zabbix.conf`  
+```
+server {
+    server_name DOMAIN_NAME;
+
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+
+    location = / {
+        return 302 https://$host/web/;
+    }
+
+    location / {
+        # Proxy main traffic
+        proxy_pass http://127.0.0.1:8808;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+
+    listen [IPV6]:443 ssl; #set ipv6 address
+    ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
+
+server {
+    if ($host = DOMAIN_NAME) {
+        return 301 https://$host$request_uri;
+    }
+
+    listen [IPV6]:80; #set ipv6 address
+    server_name DOMAIN_NAME;
+    return 404;
+}
+```
+
+`# ln -s /etc/nginx/sites-available/zabbix.conf /etc/nginx/sites-enabled/`  
+
+`# systemctl restart nginx`