Skip to content

Deployment Overview of Zabbix server on Server

Prerequisites and Basic Requirements

The deployment requires a server running Ubuntu 22.04 with root privileges. The system must have network access to download packages from the Zabbix repository and the ability to resolve DNS records for the hostkey.in domain. The following ports must be available:

  • Port 8080 for internal Apache2 communication.

  • Port 443 for external HTTPS access via the Nginx reverse proxy.

FQDN of the Final Panel

The application is accessible via the following Fully Qualified Domain Name (FQDN) format: <prefix>Server ID'.hostkey.in:443

Based on the configuration where the prefix is empty, the final address resolves to Server ID'.hostkey.in on port 443. The application is served under the path /zabbix.

File and Directory Structure

The deployment utilizes the following directory structure for configuration, data, and certificates:

  • /root/nginx: Contains the Nginx reverse proxy configuration and Docker Compose files.

  • /root/nginx/compose.yml: The Docker Compose definition for the Nginx and Certbot services.

  • /data/nginx/nginx-certbot.env: Environment file containing Nginx configuration variables.

  • /data/nginx/user_conf.d: Directory for custom Nginx user configurations.

  • /etc/letsencrypt: Volume mount point for SSL certificates managed by Certbot.

  • /etc/zabbix: Directory containing Zabbix server configuration files.

  • /usr/share/zabbix-sql-scripts: Location of the initial SQL schema scripts.

Application Installation Process

The Zabbix server is installed using the official Zabbix 7.0 repository for Ubuntu 22.04. The installation process involves the following steps:

  1. Downloading the zabbix-release_latest+ubuntu22.04_all.deb package.

  2. Installing the repository package and updating the package cache.

  3. Installing the required Zabbix components:

  4. zabbix-server-mysql

  5. zabbix-frontend-php

  6. zabbix-apache-conf

  7. zabbix-sql-scripts

  8. zabbix-agent

  9. python3-mysqldb

  10. Installing and configuring the mariadb-server database engine.

  11. Importing the initial database schema from the provided SQL scripts.

Access Rights and Security

The system enforces specific security measures during the database setup:

  • Anonymous MySQL users are removed.

  • The default test database is deleted.

  • The MySQL root user password is set to match the system SSH password.

  • A dedicated zabbix database user is created with privileges restricted to the zabbix database.

  • The log_bin_trust_function_creators global variable is temporarily enabled during schema import and disabled immediately after.

Databases

The application uses a local MariaDB instance for data storage.

  • Database Name: zabbix

  • Character Set: utf8mb4

  • Collation: utf8mb4_bin

  • User: zabbix

  • Host: localhost

  • Password: Matches the system SSH password.

  • Connection Method: Local socket connection via the zabbix-server service.

Docker Containers and Their Deployment

A reverse proxy and SSL management layer is deployed using Docker Compose. The deployment is managed via the compose.yml file located in /root/nginx.

The nginx service is configured with the following parameters:

Parameter Value
Image jonasal/nginx-certbot:latest
Restart Policy unless-stopped
Network Mode host
Environment Variable [email protected]
Environment File /data/nginx/nginx-certbot.env
Volume Mounts nginx_secrets:/etc/letsencrypt, /data/nginx/user_conf.d:/etc/nginx/user_conf.d

The container is started using the command docker compose up -d executed from the /root/nginx directory.

Proxy Servers

Nginx acts as a reverse proxy handling SSL termination and routing traffic to the internal Zabbix application.

  • Internal Path: /zabbix

  • External Path: /zabbix

  • Internal Port: 8080

  • External Port: 443

  • SSL Management: Handled by the nginx-certbot container using Let's Encrypt.

  • Domain: hostkey.in

Permission Settings

File and directory permissions are set as follows:

  • /root/nginx: Owned by root:root with mode 0644.

  • /root/nginx/compose.yml: Owned by root:root with mode 0644.

  • /root: The repository package is downloaded here with mode 0644.

Location of Configuration Files and Data

Key configuration files are located at:

  • /etc/zabbix/zabbix_server.conf: Zabbix server configuration, including database password settings.

  • /etc/apache2/ports.conf: Apache2 port configuration, modified to listen on port 8080.

  • /root/nginx/compose.yml: Docker Compose definition for the proxy.

  • /data/nginx/nginx-certbot.env: Nginx environment variables.

Available Ports for Connection

The following ports are configured for the application:

  • 8080: Internal Apache2 service (Zabbix frontend).

  • 443: External HTTPS access via Nginx reverse proxy.

Starting, Stopping, and Updating

The Zabbix services are managed using systemd. The following services are enabled and started:

  • zabbix-server

  • zabbix-agent

  • apache2

To restart these services, use the following commands: 

systemctl restart zabbix-server
systemctl restart zabbix-agent
systemctl restart apache2

The Docker-based Nginx proxy is managed via Docker Compose in the /root/nginx directory: 

cd /root/nginx
docker compose up -d

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×