Answer the question
In order to leave comments, you need to log in
D
D
Deka0072019-12-26 11:28:46
Deka007, 2019-12-26 11:28:46
How to setup htpps nginx+zabbix in docker?
Hello, there is a deployed zabbix in the docker using Nginx, everything works via http. Next, I created self-signed certificates via openssl -> ssl.key, ssl.crt, dhparam.pem Threw
them in /etc/ssl/nginxas described in the documentation https://www.zabbix.com/documentation/current/ru/ma...
Port 443 for docker thrown:
sudo lsof -i -P -n | grep docker
[sudo] password for user:
docker-pr 11030 root 4u IPv6 77784 0t0 TCP *:10051 (LISTEN)
docker-pr 11042 root 4u IPv6 77811 0t0 TCP *:443 (LISTEN)
docker-pr 11054 root 4u IPv6 77838 0t0 TCP *:80 (LISTEN)The following configs are stored in /etc/zabbix/
nginx_ssl.conf config
nginx_ssl.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name srv25;
server_name_in_redirect off;
index index.php;
access_log /dev/fd/1 main;
error_log /dev/fd/2 error;
set $webroot '/usr/share/zabbix';
root $webroot;
large_client_header_buffers 8 8k;
client_max_body_size 10M;
# ssl on;
# ssl_stapling on;
ssl_certificate /etc/ssl/nginx/ssl.crt;
ssl_certificate_key /etc/ssl/nginx/ssl.key;
ssl_dhparam /etc/ssl/nginx/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_verify_depth 3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-$
location =/nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location = /favicon.ico {
log_not_found off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# caching of files
location ~* \.(ico|pdf|flv)$ {
expires 1y;
}
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
expires 14d;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}nginx.conf config
nginx.conf
server {
listen 80;
listen [::]:80;
server_name srv25;
index index.php;
return 301 https://$server_name$request_uri;
access_log /dev/fd/1 main;
error_log /dev/fd/2 notice;
set $webroot '/usr/share/zabbix';
root $webroot;
large_client_header_buffers 8 8k;
client_max_body_size 10M;
location = /favicon.ico {
log_not_found off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# caching of files
location ~* \.(ico|pdf|flv)$ {
expires 1y;
}
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
expires 14d;
}
location / {
try_files $uri $uri/ /index.php?$args;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location ~ .php$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $webroot$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
}
}nginx -tindicates that the server is downnginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulbut in the end, when I connect (I prescribe the server address), I get
Хмм. Нам не удаётся найти этот сайт. ы не можем подключиться к серверу zabbix.
Если этот адрес корректен, вы можете попробовать выполнить следующие действия:
Повторить попытку позже.
Проверить своё соединение с сетью.
Если вы соединились с Интернетом, но защищены межсетевым экраном, проверьте, что Firefox разрешен доступ в Интернет.I have ufw as a firewall on ubuntu, access to ports 443, 80, 10051 is open.
1 answer(s)
@vitaly_il1
V
Vitaly Karasik, 2019-12-26 @vitaly_il1
maybe I missed something, but IMHO nginx_ssl.conf is not connected.
Usually it should be put into the conf.d directory.
Or, to test, just add ssl config to the end of nginx.conf
Similar questions
V
A
D
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question