Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zabbix_web: Improve Nginx option with out-of-the-box setup #303

Closed
krauthosting opened this issue Jan 4, 2021 · 0 comments · Fixed by #304
Closed

zabbix_web: Improve Nginx option with out-of-the-box setup #303

krauthosting opened this issue Jan 4, 2021 · 0 comments · Fixed by #304

Comments

@krauthosting
Copy link
Contributor

SUMMARY

First sorry we started once on Nginx and then dropped the ball in upstreaming.
Idea is to provide an simple but secure webserver setup with Nginx for Zabbix.
Keep it optional with Apache default but provide out-of-the-box inside the role.
Allow additional optional use of Let's Encrypt with preconfigured certbot client.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

zabbix_web

ADDITIONAL INFORMATION

Also fixes issues with default on Debian/Ubuntu via Snakeoil and Let's Encrypt.

==> /var/log/nginx/error.log <==
2021/01/03 20:55:37 [emerg] 354350#354350: invalid value "False" in "ssl_session_tickets" directive, it must be "on" or "off" in /etc/nginx/conf.d/zabbix.conf:22
2021/01/03 21:04:58 [emerg] 355182#355182: cannot load certificate "/etc/pki/server.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/pki/server.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
krauthosting added a commit to krauthosting/community.zabbix that referenced this issue Jan 4, 2021
@krauthosting
zabbix_web: Improve Nginx option with out-of-the-box setup (ansible-c…
dcd84ab 
…ollections#303)

* Consolidate all Nginx tasks to tasks/nginx.yml
* Set distro specific variables via vars/$DISTRO
* Stop Apache if running on same port as Nginx
* Install and use snakeoil SSL certs on Debian
* Avoid unsecure HTTPS by generating DH parameters
* Allow domain validated certs with Let's Encrypt
* Prerun config check before Nginx restart handler
@krauthosting krauthosting mentioned this issue Jan 4, 2021
Merged
krauthosting added a commit to krauthosting/community.zabbix that referenced this issue Jan 4, 2021
@krauthosting
zabbix_web: disable server_tokens and HTTP2 see ZBXNEXT-4670 (ansible…
a9f37d0 
…-collections#303)
dj-wasabi pushed a commit that referenced this issue Jan 4, 2021
@krauthosting
zabbix_web: Improve Nginx option with out-of-the-box setup (#303) (#304)
06efdf8 
* zabbix_web: Improve Nginx option with out-of-the-box setup (#303)
* zabbix_web: disable server_tokens and HTTP2 see ZBXNEXT-4670 (#303)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

zabbix_web: Improve Nginx option with out-of-the-box setup (#303) krauthosting/community.zabbix
1 participant
@krauthosting