Skip to content

Deployment Overview of Zabbix proxy on Server

Prerequisites and Basic Requirements

The deployment of the Zabbix Proxy requires a server running an Ubuntu-based operating system (specifically compatible with Ubuntu 22.04 as per the package repository). The installation process requires root privileges to install system packages, configure firewall rules, and manage services. The application relies on standard system dependencies including ca-certificates, curl, gnupg, and apt-transport-https.

The configuration supports three backend database options:

  • SQLite

  • MySQL

  • PostgreSQL

The proxy communicates with a central Zabbix Server defined by the variable zbx_server. By default, the internal listening port is 8080, while the external access is routed through port 443.

FQDN of the final panel

The final accessible Fully Qualified Domain Name (FQDN) for the proxy on the hostkey.in domain follows the format:

zabbixproxy<Server ID>.hostkey.in:443

Where <Server ID> is the unique identifier assigned to the specific server instance.

File and Directory Structure

The deployment creates the following critical directories and files:

  • Configuration File: /etc/zabbix/zabbix_proxy.conf

  • Data Directory: /var/lib/zabbix

  • SQLite Database File: /var/lib/zabbix/zabbix_proxy.db

  • Nginx Configuration Directory: /root/nginx

  • Nginx Compose File: /root/nginx/compose.yml

  • Nginx User Configuration: /data/nginx/user_conf.d/zabbixproxy<Server ID>.hostkey.in.conf

  • Certbot Secrets Volume: /etc/letsencrypt (mounted internally)

Application Installation Process

The Zabbix Proxy is installed using native system packages rather than a containerized application instance. The version of the application is determined by the zbx_version variable, currently set to 7.0.

The installation steps include:

  1. Adding the official Zabbix repository for version 7.0.

  2. Installing the specific proxy package based on the selected backend:

    • For SQLite: zabbix-proxy-sqlite3 and zabbix-sql-scripts.

    • For MySQL: zabbix-proxy-mysql.

    • For PostgreSQL: zabbix-proxy-pgsql.

  3. Configuring the /etc/zabbix/zabbix_proxy.conf file with database and server parameters.

  4. Restarting the zabbix-proxy service to apply changes.

Databases

The database connection parameters are defined within the /etc/zabbix/zabbix_proxy.conf file. The specific configuration depends on the selected backend (zbx_backend).

SQLite Configuration

When using SQLite as the backend, the database is a local file. | Parameter | Value | | :--- | :--- | | Backend Type | sqlite | | Database File | /var/lib/zabbix/zabbix_proxy.db | | Host | N/A (File-based) |

MySQL / PostgreSQL Configuration

When using MySQL or PostgreSQL, the proxy connects to a remote or local database instance using the following credentials: | Parameter | Value | | :--- | :--- | | Database Name | zabbix_proxy | | Database User | zabbix | | Database Password | zabbix | | Database Host | 127.0.0.1 |

Docker Containers and Their Deployment

While the Zabbix Proxy itself runs as a native system service, the deployment utilizes Docker containers to manage the reverse proxy and SSL certificates via docker compose.

The docker compose configuration is located at /root/nginx/compose.yml and includes the following service:

  • Service Name: nginx

  • Image: jonasal/nginx-certbot:latest

  • Restart Policy: unless-stopped

  • Network Mode: host

  • Environment Variable: [email protected]

  • Volume Mounts:

    • nginx_secrets:/etc/letsencrypt (External volume for certificates)

    • /data/nginx/user_conf.d:/etc/nginx/user_conf.d (User configurations)

The container is started using the command docker compose up -d within the /root/nginx directory.

Proxy Servers

Traffic is managed by an Nginx reverse proxy container running the jonasal/nginx-certbot image. This setup handles SSL termination using Let's Encrypt certificates.

  • SSL Provider: Certbot

  • Configuration Path: /data/nginx/user_conf.d/zabbixproxy<Server ID>.hostkey.in.conf

  • Routing Logic:

    • The Nginx configuration listens on the external port 443.

    • Traffic matching the domain zabbixproxy<Server ID>.hostkey.in is proxied to the internal Zabbix Proxy service.

    • The internal proxy address is http://127.0.0.1:8083.

Note: Although the configuration variable internal_port is set to 8080 in the general variables, the Nginx reverse proxy directive explicitly routes traffic to port 8083.

Permission Settings

Specific permissions are set for the Zabbix data directory to ensure the zabbix service user can read and write to the database file:

  • Directory: /var/lib/zabbix

  • Owner: zabbix

  • Group: zabbix

  • Mode: 0750

The Nginx configuration directory /root/nginx is owned by root with permissions 0755.

Available Ports for Connection

The following ports are utilized for the Zabbix Proxy deployment:

Port Protocol Description
8080 TCP Internal Zabbix Proxy default listener (configured in zbx_version variables).
8083 TCP Internal listener targeted by the Nginx reverse proxy.
443 TCP External HTTPS access via the Nginx container.

Starting, Stopping, and Updating

The Zabbix Proxy service is managed using the system's service manager (systemd). The service name is zabbix-proxy.

  • Start the service: 

    systemctl start zabbix-proxy

  • Stop the service: 

    systemctl stop zabbix-proxy

  • Restart the service: 

    systemctl restart zabbix-proxy

  • Enable service on boot: 

    systemctl enable zabbix-proxy

To manage the reverse proxy container, use the following commands within the /root/nginx directory:

  • Start containers: 

    docker compose up -d

  • Stop containers: 

    docker compose down

  • Update containers: 

    docker compose pull
docker compose up -d

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×