Skip to content

Deployment Overview of Zabbix on Server

Prerequisites and Basic Requirements

The following requirements must be met before deploying the application:

  • Operating System: Ubuntu 22.04 (inferred from package naming zabbix-release_latest+ubuntu22.04_all.deb).

  • Privileges: Root access is required to install packages, configure the database, and manage services.

  • Domain: A valid domain record under the hostkey.in zone.

  • Ports:

  • Internal Application Port: 8080 (Apache/HTTP).

  • External Access Port: 443 (HTTPS via Nginx proxy).

FQDN of the Final Panel

The final access URL for the Zabbix frontend follows the format defined by the host configuration. Based on the provided variables:

  • Domain Zone: hostkey.in

  • URL Format: <Server ID>.hostkey.in:443/zabbix

  • Note: The prefix variable is empty in the configuration, so the URL structure relies solely on the Server ID and domain.

File and Directory Structure

The deployment places critical components in the following directories:

  • System Configuration: /etc/zabbix/

  • Main server configuration: /etc/zabbix/zabbix_server.conf

  • Apache Configuration: /etc/apache2/

  • Ports configuration: /etc/apache2/ports.conf

  • Nginx Proxy Configuration: /root/nginx/

  • Docker Compose file: /root/nginx/compose.yml

  • Docker Volumes:

  • SSL Certificates: /data/nginx/ (managed via nginx_secrets volume)

  • Nginx User Configuration: /data/nginx/user_conf.d

Application Installation Process

The application is installed using the following steps:

  1. Repository Setup: The Zabbix 7.0 repository package (zabbix-release) is downloaded and installed from https://repo.zabbix.com.

  2. Package Installation: The following packages are installed via apt:

    • zabbix-server-mysql

    • zabbix-frontend-php

    • zabbix-apache-conf

    • zabbix-sql-scripts

    • zabbix-agent

    • mariadb-server

    • python3-mysqldb

    • locales

  3. Locale Configuration: The en_US.UTF-8 locale is generated and enabled.

  4. Database Initialization:

    • The MariaDB server is started and enabled.

    • Anonymous users and the test database are removed.

    • A database named zabbix is created with utf8mb4 character set.

    • A database user zabbix is created with full privileges on the zabbix database.

    • The initial schema is imported from /usr/share/zabbix-sql-scripts/mysql/server.sql.gz.

  5. Configuration Updates:

    • The Zabbix server configuration is updated with the database password.

    • The Apache listening port is changed from 80 to 8080.

  6. Service Activation: The zabbix-server, zabbix-agent, and apache2 services are started and enabled to run on boot.

Docker Containers and Their Deployment

The reverse proxy and SSL termination are handled by Docker containers using the nginx-certbot stack.

  • Deployment Method: Docker Compose.

  • Compose Location: /root/nginx/compose.yml

  • Service Details:

  • Image: jonasal/nginx-certbot:latest

  • Restart Policy: unless-stopped

  • Network Mode: host

  • Environment Variables:

  • Volumes:

    • nginx_secrets: Mapped to /etc/letsencrypt inside the container (external volume).

    • /data/nginx/user_conf.d: Mapped to /etc/nginx/user_conf.d inside the container.

Proxy Servers

The application is accessed via an Nginx container that handles SSL termination and routing.

  • Proxy Software: Nginx (via jonasal/nginx-certbot container).

  • SSL Provider: Let's Encrypt (Certbot).

  • Internal Path: /zabbix

  • External Path: /zabbix

  • Configuration:

  • The proxy listens on the host's network mode to route traffic from port 443 to the internal application port 8080.

  • SSL certificates are stored in the external volume nginx_secrets.

Databases

The application uses a local MariaDB instance for data storage.

  • Database Engine: MariaDB Server.

  • Database Name: zabbix

  • Character Set: utf8mb4

  • Collation: utf8mb4_bin

  • Database User: zabbix

  • Host Access: localhost

  • Storage Location: Managed by the default MariaDB service paths on the host.

  • Connection Method: Local socket connection from the Zabbix server process.

  • Security Settings:

  • Anonymous users are removed.

  • The test database is removed.

  • The log_bin_trust_function_creators setting is temporarily enabled during schema import and disabled afterward.

Access Rights and Security

  • Firewall/Ports: The Apache service is configured to listen on port 8080 instead of the default 80 to isolate internal access. External traffic is handled via Nginx on port 443.

  • Database Security: Root user access is restricted to 127.0.0.1, ::1, and localhost.

  • Service Accounts: The zabbix user has full privileges only on the zabbix database schema.

Starting, Stopping, and Updating

Services are managed using the systemd command-line tool.

Zabbix Services: 

# Start Zabbix Server
systemctl start zabbix-server

# Stop Zabbix Server
systemctl stop zabbix-server

# Restart Zabbix Server
systemctl restart zabbix-server

# Enable Zabbix Server on boot
systemctl enable zabbix-server

Zabbix Agent: 

# Restart Zabbix Agent
systemctl restart zabbix-agent

Apache Web Server: 

# Restart Apache
systemctl restart apache2

Docker Proxy Services: The Nginx/Certbot stack is managed via Docker Compose in the /root/nginx directory: 

# Start the proxy stack
cd /root/nginx && docker compose up -d

# Stop the proxy stack
cd /root/nginx && docker compose down

# Update the proxy stack (pull latest image and restart)
cd /root/nginx && docker compose pull && docker compose up -d

Available Ports for Connection

Port Protocol Purpose Access
8080 TCP Zabbix Web Frontend (Internal) Internal only (Apache)
443 TCP Secure Web Access (External) Public (Nginx Proxy)
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×