Просмотр исходного кода

added TLS support for agents; added example CA and cert

tags/v1.3.0^0
Robin Thoni 5 лет назад
Родитель
Сommit
1a6c986b58
6 измененных файлов: 140 добавлений и 3 удалений
  1. 23
    0
      README.md
  2. 5
    0
      zabbix/Dockerfile
  3. 29
    0
      zabbix/certs/zabbix-ca.crt
  4. 28
    0
      zabbix/certs/zabbix-server.crt
  5. 52
    0
      zabbix/certs/zabbix-server.key
  6. 3
    3
      zabbix/zabbix_server.conf

+ 23
- 0
README.md Просмотреть файл

@@ -1 +1,24 @@
1
+# Default username/password
2
+
1 3
 Admin:zabbix
4
+
5
+# TLS
6
+
7
+## Generate CA
8
+
9
+### Generate CA key
10
+openssl genrsa -passout env:CA_PASSWD -aes256 -out zabbix-ca.key 4096
11
+### Generate CA
12
+openssl req -x509 -new -key zabbix-ca.key -sha256 -days 36500 -out zabbix-ca.crt -passin env:CA_PASSWD -subj "/CN=zabbix-server"
13
+
14
+## Generate host cert
15
+
16
+### Set host variable
17
+HOST=zabbix-host.domain.tld
18
+### Generate host key and csr
19
+openssl req -new -newkey rsa:4096 -nodes -keyout "${HOST}.key" -out "${HOST}.csr" -subj "/CN=${HOST}"
20
+### Generate host cert
21
+openssl x509 -req -CA zabbix-ca.crt -CAkey zabbix-ca.key -CAcreateserial -days 36500 -sha256 -passin env:CA_PASSWD -in "${HOST}.csr" -out "${HOST}.crt"
22
+### Remove csr
23
+rm "${HOST}.csr"
24
+

+ 5
- 0
zabbix/Dockerfile Просмотреть файл

@@ -40,6 +40,11 @@ COPY ./vars-files /etc/vars-files
40 40
 
41 41
 COPY ./run.sh /run.sh
42 42
 
43
+COPY ./certs/* /etc/zabbix/certs/
44
+
45
+RUN chown zabbix:zabbix /etc/zabbix/certs/* &&\
46
+    chmod 400 /etc/zabbix/certs/*
47
+
43 48
 EXPOSE 80
44 49
 
45 50
 USER zabbix

+ 29
- 0
zabbix/certs/zabbix-ca.crt Просмотреть файл

@@ -0,0 +1,29 @@
1
+-----BEGIN CERTIFICATE-----
2
+MIIFCDCCAvCgAwIBAgIJANzZeiiqIRC7MA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV
3
+BAMMDXphYmJpeC1zZXJ2ZXIwIBcNMTkwMTExMDAxODQ0WhgPMjExODEyMTgwMDE4
4
+NDRaMBgxFjAUBgNVBAMMDXphYmJpeC1zZXJ2ZXIwggIiMA0GCSqGSIb3DQEBAQUA
5
+A4ICDwAwggIKAoICAQDM+26RI/t1ltRN+HQItojCKwx6zM8qiDKZzoG13H1fwhQ0
6
+DN2YrWpcUXc0zaNRGcDIPNELIEQXHEGNWINNVkL1ffttmvXjinjIe1bumWoxCqiG
7
+TA1cSh3zZ22HnK633vHuHUhQngX7vvOkJ4XBk0sAQWfU1194yOsr5s5PRS48SngV
8
+qRdocgMiyS5RwAXTWGsofjrBRQWk3XkaD1RIeCULIPAXKUlGyTQxYxnvmtaJKizN
9
+wDyDG7SJsl7Qk6RXGSXmeMZo8pDVI7nn3tItx5XLZ8eKN9HFrCMNhY3qi4Y/yBlx
10
+f1k5Yru6ujEwbUbalwPfCDtEx6IcH0pTsBidpwTPdQbjpC67CH/y+C262PUJubCv
11
+JJHYm8geBDkk0YXdAzMLIGVfZZNh3yzj7Y0KCHXzaGk2OXaMM3aZcDmyWGNI499E
12
+jIJMvqtkppGVnVYeDsK3rtOAk9D+kMY0wncBOKTVrq4uTpb5POQCcToYRYrRRgV3
13
+u38+jc5d73ZhOeS+VxNxvPwAhWynn1mA1J7j43pJVAKdy0nkTtxbNKsm+thJc0SU
14
+2IKpwcr0ssy+1S9PkCXOT6TyhbaYjsus3j/FviCWUHbkF927v0TCdf9RnzVFWLRi
15
+MBe9k/cG2Xx9lfyFzvxpj52X54WENIPAW+TWAIh6bXUQtk/VeU+1On2yjMlvKQID
16
+AQABo1MwUTAdBgNVHQ4EFgQUqQs+/qvMn/kOcpGAsCpNhMUEAfowHwYDVR0jBBgw
17
+FoAUqQs+/qvMn/kOcpGAsCpNhMUEAfowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
18
+9w0BAQsFAAOCAgEAHxkaPKWgG2qulh/ZsTWdwvU/jqv9Tdcj80ln/vnfZCSefBqp
19
+LBB13NeIXXl+u/yL4MhamwwYrZPWYEKP7zemj10BaVVuSoF8OSwriTrxWBUQ3qoR
20
+fFJmGyA180ghJeuPbXgT0JjAJyxUedTuxYPM/1XfPX4mYxfPEtl/Qz1N+0Huaez0
21
+EszRe3BFgvXois/m0MFvuXpms2ptRZOodmC1Bvosx/awfpp+7LLGSP8CYLfE6bOH
22
+Zvhnu/RG5B+Fed+kvDs6Kn4erruRLZL79pbjfvPSB1hrLyhdfVtmYANppgSXOpFb
23
+C2NB0AsfXK3xGVc+cmF93qN4M1JrL8p1RtJyPnt8ptrMvt0mt2zNuXZQReDP1eYv
24
+PVrhIbpwGZ164CNIbBSE1DhOjd0hzIUGRUcWC3/gMBVXbVRpy5yRavhAsy/AxHYM
25
+G2s29D/4hYYAUa3EQxFv4v7jsgxmY5m1kV4SwF/4X1D+mvWDHo9l77382W3Q4uLL
26
+MYWNyBtjyICicRg6lKCgpt99XKE5AzblJTAGpxUhQbVU27/l1dgBTICDj4xXhh5F
27
+jxoN1LrGCBvMqDhZ7umpQWAa+wJb+nK6wq1TnvHYNvXjuFCbctx75rkHKIiT/H3W
28
+hUPoU/jF23LfgLFTctOFFVIX87ixBfQhfwLRk5i9KD6LFFIH9HTPKk6qDzE=
29
+-----END CERTIFICATE-----

+ 28
- 0
zabbix/certs/zabbix-server.crt Просмотреть файл

@@ -0,0 +1,28 @@
1
+-----BEGIN CERTIFICATE-----
2
+MIIErjCCApYCCQDWlhRoK+VAyDANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA16
3
+YWJiaXgtc2VydmVyMCAXDTE5MDExMTAwMTkxMFoYDzIxMTgxMjE4MDAxOTEwWjAY
4
+MRYwFAYDVQQDDA16YWJiaXgtc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
5
+MIICCgKCAgEApEWBo4KoT+5wBIAHZZAeOs7fmkxVqRur6FEUvWHr1gHbOwYlJ9UM
6
+3v0S18zs56DGcdnljJQMf5tC3I+O2M5WrDHG+qj+4ck2p85hGGK3sX5OO3uB3a3t
7
+RKzl75o6dlnfB91pVjHkQwQnsug9ZBhmi4GB1ICowsA1SuzHX6t+3k3EprmAsbsx
8
+Hs8eLt+W6O/IrZfTQi2+wyPQ3mOmvA2v2XpHCHm7x9vzv7buZPVpdxyPaNffBax1
9
+0HT4VulSb3j+7z0beh+xMQXr3/OAnD0wSWGvcOIMB4dkiv1TfSrhSOfcuQnuzVl7
10
+ucYgJbl9fHODD75ARtCzFpuA7rR/2C3zSdKFjteq89DYbQzZ4b5DYmjpAqj8LP2D
11
+iOuoUj062z6EDMcGCvWTspWmxkFJfVOsj62syEnH/mAD2pDFhhqufASJOfgg3PFn
12
+oXe49eBZsyMCqktir5Oq5yQSup/Jj5n55ySZGN71SMH8kl8mQxKqs0vzoVzWQd7n
13
+IN58bwgd7khiq379w1hE9QrCYmTqFq1kM8iRhiEwykfJcnS1J0Qer1aSk4UDr9Ja
14
+tdS+EuXTnc5xnT4AAvF+BI+XgJjMrYmlbDZBw2W61eGvPwYOaTOseSLd9QAySRuu
15
+Hawrr6ju5rixY/lg1F62je+p/Mvn4cYH7nM2dt0hD+aMPE/oJHRT98cCAwEAATAN
16
+BgkqhkiG9w0BAQsFAAOCAgEAcaffTpIMhyNHI62Irb+QtKycqRN5mYbtUZaHjOWS
17
+rF2w8yoew7snfqO18ELHewQ1Lbk5h6dEKLQWuReFWnliHRW2MWWRB73Fq0MALoE3
18
+T+YwB/XzKD2Wc7ApF4DyEBhtE+WX0q5JcqSV4oYrrw0fMTItEg2pB2yIRT+bDqXn
19
++dHs8PqUBtdxkucVKXGnkcQU2qYoShOrwT9giW+logN0NUfCra974i5ocswVKYDb
20
+zHKxDyvUdD9nNmD9uLOfZIInEeUz7FTVKQXjAnO6lRMPiHXmoyd8iA/cTvMNOsNO
21
+qvMPM6pOaEY6kBOOlIrO2fhdDIKQOD1HFmFEB2jRAUFUA7lO4iRb1FaKTEqw5lFp
22
+dnptTjXGKYIatZ2u2FZoY5+E5s2Nh1b/5Y4PhSfLUN4XdMfpE3I7yNRjuV7MqbaZ
23
+Xd53/dUHclcU31u7NQXTM96IEn1UK1M5pReZD0Cw4p5d1DFPYDRa4nibNUphtfNU
24
+4gmpKXGusb1yabMkLveYs5MlIbg3Azy7UF5d72+FyaYd7qEt7vCxwCXFe4t8pqES
25
+u8W3SWJqSXwNyPrsuSwb3h1PNkY8nxQE2WNUvYr2jZ+HnhNVb8E5H/FP39sPHhh+
26
++ZHeHKCZGI5E16tFsqOsNXJyH9991Bt1jEHD/og74EFvUeX8J8XZqL7fJjsG+Ju9
27
+sAQ=
28
+-----END CERTIFICATE-----

+ 52
- 0
zabbix/certs/zabbix-server.key Просмотреть файл

@@ -0,0 +1,52 @@
1
+-----BEGIN PRIVATE KEY-----
2
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCkRYGjgqhP7nAE
3
+gAdlkB46zt+aTFWpG6voURS9YevWAds7BiUn1Qze/RLXzOznoMZx2eWMlAx/m0Lc
4
+j47YzlasMcb6qP7hyTanzmEYYrexfk47e4Hdre1ErOXvmjp2Wd8H3WlWMeRDBCey
5
+6D1kGGaLgYHUgKjCwDVK7Mdfq37eTcSmuYCxuzEezx4u35bo78itl9NCLb7DI9De
6
+Y6a8Da/ZekcIebvH2/O/tu5k9Wl3HI9o198FrHXQdPhW6VJveP7vPRt6H7ExBevf
7
+84CcPTBJYa9w4gwHh2SK/VN9KuFI59y5Ce7NWXu5xiAluX18c4MPvkBG0LMWm4Du
8
+tH/YLfNJ0oWO16rz0NhtDNnhvkNiaOkCqPws/YOI66hSPTrbPoQMxwYK9ZOylabG
9
+QUl9U6yPrazIScf+YAPakMWGGq58BIk5+CDc8Wehd7j14FmzIwKqS2Kvk6rnJBK6
10
+n8mPmfnnJJkY3vVIwfySXyZDEqqzS/OhXNZB3ucg3nxvCB3uSGKrfv3DWET1CsJi
11
+ZOoWrWQzyJGGITDKR8lydLUnRB6vVpKThQOv0lq11L4S5dOdznGdPgAC8X4Ej5eA
12
+mMytiaVsNkHDZbrV4a8/Bg5pM6x5It31ADJJG64drCuvqO7muLFj+WDUXraN76n8
13
+y+fhxgfuczZ23SEP5ow8T+gkdFP3xwIDAQABAoICADXElmE5o/O9vKaMbV9d47cl
14
+/WRYtfULHKKG3335biL3KpXQNhsqjfLy7Nb7uVM7eZjMVGlGEC04WZMt3fiy2QW1
15
+qUZkSEEJBj24vGkp7qxHBj5L977ibfX7jat2VMpmMi012IOhAvC4jHHvuCBqKC5j
16
+bmZq0lIkbY0foUZ8MKN82vAjaa9C8Rn/ewamopON4KaJOlm/9V+T+orAHVQSOsu5
17
+TUTF66PIJ6lJrBAZj7KwA3Syq8oEn+9iSeLQre3UscUGwFahxvKf2IvN/Pumv4ZV
18
+VgJhysQwGcWwk0I15dViJwnd6W8HagrtgZo3c45nlK9ze0BykRvGPFZleC7/I1Ex
19
+LGs4uGrdkVJ2XxuayR26wmNabs63jAwdUkr3LRgqifv30VWYJjvBfG8/oSo7HLze
20
+3Jbmafql7OZXPur+G9oqnc08pbquKF5gbe6OFWyu8oEHUGO6zkli5Gki3pzrQ3S6
21
+LZagnPmBJFaxLfUWK6ZrgliYOPR/DGGiePNxpmZDDwyo3o1uN8O2loa9VkFgN0K3
22
+H2Pn6eQ7i+kRTgoAtkvPpFq3wwDaDCw1Y7AelUITKKYRzjaMq6K43Vkos86SXE1v
23
+8Z10blEDNEkNOck77J3fmgA2j5o1c2FwDYeLH4CVWrzyHV3eqCWbsfiiuKphu4jS
24
+dz4A2fCRG2jNmrUvy7/5AoIBAQDTMIqCGEejXbKVboe3NvwSim0+lvLdjtXabFq+
25
+NLMHtx9LJjjAP3p3VfKAHGhG061mRnWy01bQVE2QzlrlBj17Czx2sInUNmSeh9zD
26
+bXOJujg71FAn5+p6Zd42+hrvNCTGUxwWqdGNoBgq8wOyDTgXN5tuSnRbK+MZC4Yr
27
+uWQPb8upI4xz1XRblTdsKOnWieljGK3lhBGm60uEsTxfm2oLb+yCa4tOcxPHsxZl
28
+JWTdIdQ1Q9Tvj86XMYJVNlKcUBy3r6Ro04RlkLDcluf7jeC0KCAYXmZm22vhw+w8
29
+JKrMskOkCtSl1/JczMbWtYAK5AF7KT3l/VW7kMWLu2KWTn6bAoIBAQDHIHRAVZw+
30
+5qwyZa7nl+FYK41BOHjbyminQP/kaoT4icGOed/d/ypclgNDhzX2Gd2eD2iq+IIv
31
+QEX6VFkVkWxAVgZCi8sQ1wJKMVxfsd6FkMRWTxLG/4z070AduTmSDWZ0ol9I4Nsz
32
+GRxlJXv6RVQSaiEuxO9fLbGeN+arduhdnmVL1MTUBhO1iNSR5Nycs6kW6HoCWGeN
33
+5xVeLavrQIQ/PCnRuije4PVwtNnwJCj4P6virHI8kqWrEGm3/mHSspo2GxjFB89M
34
+9sB1W7FRQTHtXoLyZ0+qK7NusQtF2SSzHU3jSgqCpwPhWSe5V+O/xZRSZ48Cekrw
35
+2ef2OH23lQhFAoIBAFKcVlH1dXBuIoFZrzT4CTqnc3xcR7xrNzQt1oE41B9cfp1C
36
+4kgxjJJJyIZcll2+R8IOJdRB31+22nCeh+e2vS34gzpabE/axxlMRAseMWfatEyT
37
+DJfPnGUsm/QdeZPAbfI2aHJlE1e3HD0Quo1Xpm1OjzphXYqcbEVLwLwx1PZE4QHU
38
+qghVoyKACCIDDxWg9O6SpNN3CgClYfER82/it2Sp73ZE40VYtpATedsu+XmW1g/P
39
+7OeY9VMnRrhWe5IxtEoWJtXqh4vDQavITA6WvSM73vIpWx05D8ZMgYg1P6q6wMLW
40
+icAl7ORoJg+vB9s6vWmUBGaG5pZsVxoFvtbU9akCggEBAMDXIT4cqpAP/Lth1hza
41
+7ZThuI5tDj5sqyUuwaKHtfasEhLU3IS1VGUNsmN3Uj7flcw4x/iraggwipR/kzZb
42
++yXjKXTQxPut/b20R+006HcZV8ruERU+71dVTBZ9Bs/2wj458WU2vZGiw+kAgCxD
43
+b8PVnAUbG2Zlbhn3sSBkq2veteLWTze2Gug3dwVDSpNHOn3A7kfPLZozLHJkcJYH
44
+iQtkTGubiXEvEwLvYhA6NKMVpnSC5K7cpiwgXQGfDUVrSgUUAMzvX0b9wCzne7Vh
45
+GeTzHoV6n6ABamfMdUpTnEMKIh/32G3nKM7X9Kx9/UX/JkEXoVuY63KM1SOSWc2s
46
+OrECggEBALMBmlLGYnQM5Xlf4FYwCzfIOCE+SzVzy9eHlmSHWbiMvHi9YGLGfO25
47
+aJnKxf/N6EoR7wb9K+v6GN37Mm7TUgoWkD67P+kAwm9uh3Q2p8eDvh9L+iC/BpOl
48
+0UpXYQzoP/9Ncslx6fWROHDMHAPCioDM8eFdR3KoLBh5MZ8di/K9rWC0pfdWvnNI
49
+6Vp/ETru+VhoG17zIlCoWuj5ui/bKGIc4BLy4gey5Gn5IZ1wNBKbGJP/QCrTA2TT
50
+A+Se+pnwkyOU110NBVl5L1Uni67ECYKUHSP6pUhPgO1Z3Ij1sa8C801yCdi8H7pI
51
+fY1TZMXMVBTw0bNZwSV4lXkSr4e4VOk=
52
+-----END PRIVATE KEY-----

+ 3
- 3
zabbix/zabbix_server.conf Просмотреть файл

@@ -654,7 +654,7 @@ LogSlowQueries=3000
654 654
 #
655 655
 # Mandatory: no
656 656
 # Default:
657
-# TLSCAFile=
657
+TLSCAFile=/etc/zabbix/certs/zabbix-ca.crt
658 658
 
659 659
 ### Option: TLSCRLFile
660 660
 #	Full pathname of a file containing revoked certificates.
@@ -668,11 +668,11 @@ LogSlowQueries=3000
668 668
 #
669 669
 # Mandatory: no
670 670
 # Default:
671
-# TLSCertFile=
671
+TLSCertFile=/etc/zabbix/certs/zabbix-server.crt
672 672
 
673 673
 ### Option: TLSKeyFile
674 674
 #	Full pathname of a file containing the server private key.
675 675
 #
676 676
 # Mandatory: no
677 677
 # Default:
678
-# TLSKeyFile=
678
+TLSKeyFile=/etc/zabbix/certs/zabbix-server.key

Загрузка…
Отмена
Сохранить