Configuring Zabbix 6.2 with Docker and HTTPS
Since getting Zabbix up and running on docker with HTTPS wasn’t as straight-forward as I would have liked it to be I am providing a few notes on what I did to get up and running.
I decided to use Rocky Linux 8 as the platform for this installation. You will need a Rocky 8 ( or CentOS 8 ) instance with docker already configured. I also enabled the python38:3.8 module and installed the Python 3.8 packages.
You will also need to install the docker-compose python module as well.
pip3 install docker-composeDownload the desired docker-compose project from here : https://github.com/zabbix/zabbix-docker
In my example I am using the downloaded zip for version 6.2 : zabbix-docker-6.2.zip
Login to the server and become a user that can run docker. In my case I used the zabbix account which already existed due to the agent installation at host creation time.
Copy the zabbix-docker-6.2.zip file to the users home directory.
Unzip the zabbix-docker-6.2.zip file.
unzip zabbix-docker-6.2.zipCd into the newly created zabbix-docker-6.2 directory.
cd zabbix-docker-6.2I am using the alpine – mysql docker compose so we copy that file to docker-compose.yml
cp docker-compose_v3_alpine_mysql_latest.yaml docker-compose.ymlNow you can test the docker-compose.yml file by bringing up the services.
docker-compose upThis will echo all output to the terminal and you can watch for any issues or errors. Once you are done you can stop the containers by hitting CTRL+C.
Now when you start and stop the containers it will create a directory called zbx_env which will be owned by root. So you will need to become root on your server for the next part.
Enabling HTTPS on the Zabbix server was a bit more difficult to figure out. Eventually I was able to locate the required information. First generate your certificates for the server and copy them over. Then copy the files to the following locations:
cp <certificate> zbx_env/etc/ssl/nginx/ssl.crt
cp <private key file> zbx_env/etc/ssl/nginx/ssl.keyAfter copying the certificate files you also need to generate the nginx dhparam.pem file.
openssl dhparam -out zbx_env/etc/ssl/dhparam.pem 2048Be sure the files are owned by root and world readable. Even the key file needs to be world readable so the zabbix user inside the Zabbix server container can read them.
Now bring up your Zabbix environment again. This time using the -d option to daemonize the containers.
docker-compose up -dNow point your browser to the URL of your server .. https://<servername> and start using your env.
