Deployment Overview of Zabbix Proxy on Server¶

Prerequisites and Basic Requirements¶

The deployment of the Zabbix Proxy requires the following system specifications and configurations:

Operating System: Ubuntu 22.04 (implied by the package repository path ubuntu22.04).
Privileges: Root access is required to install packages, configure services, and manage Docker containers.
Dependencies: The system must have ca-certificates, curl, gnupg, and apt-transport-https installed to access the Zabbix repository.
Network: The server must have outbound internet access to download packages and certificates.

The application is accessible via the hostkey.in domain using the following format:

The deployment utilizes the following directory structure for configuration, data, and certificates:

Configuration Files:
/etc/zabbix/zabbix_proxy.conf: Main Zabbix Proxy configuration.
/root/nginx/compose.yml: Docker Compose definition for the reverse proxy.
/data/nginx/user_conf.d/zabbixproxy<Server ID>.hostkey.in.conf: Nginx site-specific configuration.
/data/nginx/nginx-certbot.env: Environment variables for the Nginx-Certbot container.
Data Storage:
/var/lib/zabbix/: Directory for Zabbix Proxy data and SQLite database files.
/etc/letsencrypt: Volume mount for SSL certificates managed by Docker.
Docker Volumes:
nginx_secrets: External volume storing SSL certificates.

The Zabbix Proxy is installed using the official Zabbix repository for Ubuntu. The installation process involves the following steps:

Repository Setup: The system adds the Zabbix repository for version 7.0.
Package Installation:
- If using SQLite: zabbix-proxy-sqlite3 and zabbix-sql-scripts are installed.
- If using MySQL: zabbix-proxy-mysql is installed.
- If using PostgreSQL: zabbix-proxy-pgsql is installed.
Service Initialization: The zabbix-proxy service is enabled and started automatically.

The Zabbix Proxy connects to a database based on the selected backend. The configuration is stored in /etc/zabbix/zabbix_proxy.conf.

Parameter	SQLite Value	MySQL/PostgreSQL Value
DBName	`/var/lib/zabbix/zabbix_proxy.db`	`zabbix_proxy`
DBUser	N/A	`zabbix`
DBPassword	N/A	`zabbix`
DBHost	N/A	`127.0.0.1`

A reverse proxy is deployed using Docker Compose to handle SSL termination and routing.

Image: jonasal/nginx-certbot:latest
Compose File Location: /root/nginx/compose.yml
Network Mode: host
Volumes:
nginx_secrets mounted to /etc/letsencrypt inside the container.
/data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d inside the container.
Environment:
CERTBOT_EMAIL: Set to [email protected].
Configuration loaded from /data/nginx/nginx-certbot.env.

The Nginx container acts as a reverse proxy for the Zabbix Proxy application.

SSL/TLS: Managed automatically by the nginx-certbot container using Let's Encrypt.
Routing:
The Nginx configuration file located at /data/nginx/user_conf.d/zabbixproxy<Server ID>.hostkey.in.conf is updated to include a proxy_pass directive.
Traffic is forwarded from the external port 443 to the internal Zabbix Proxy instance at http://127.0.0.1:8083.
Configuration Update: The proxy_pass line is dynamically inserted into the location block of the Nginx configuration.

File and directory permissions are set as follows to ensure security and proper operation:

Key configuration and data files are located in the following paths:

Zabbix Proxy Config: /etc/zabbix/zabbix_proxy.conf
SQLite Database: /var/lib/zabbix/zabbix_proxy.db
Nginx Compose: /root/nginx/compose.yml
Nginx Site Config: /data/nginx/user_conf.d/zabbixproxy<Server ID>.hostkey.in.conf
Nginx Environment: /data/nginx/nginx-certbot.env

The following ports are utilized by the deployment:

Port 443: HTTPS traffic for the web interface (external access via Nginx).
Port 8083: Internal HTTP traffic for the Zabbix Proxy (accessed by Nginx).
Port 8080: Defined in configuration variables but currently routed via Nginx to port 8083.

Service management commands for the Zabbix Proxy and Docker containers are as follows:

Zabbix Proxy Service:

Docker Reverse Proxy: