Zabbix Documentation 3.4

2.23.03.4In development:4.0Unsupported versions:1.82.02.43.2

User Tools

Site Tools


manual:installation:requirements:best_practices

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
manual:installation:requirements:best_practices [2018/06/05 15:05]
martins-v old revision restored (2017/11/07 13:16)
manual:installation:requirements:best_practices [2018/06/11 11:30] (current)
natalja.cernohajeva Best practices for secure Zabbix setup section update (copied from 3.0)
Line 23: Line 23:
 Create directory for SSL keys: Create directory for SSL keys:
  
-  mkdir /​etc/​httpd/​ssl+  mkdir -p /​etc/​httpd/​ssl/private 
 +  chmod 700 /​etc/​httpd/​ssl/​private
  
-Add settings for SSL setup:+Create ​SSL certificate: 
 + 
 +  openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /​etc/​httpd/​ssl/​private/​apache-selfsigned.key -out /​etc/​httpd/​ssl/​apache-selfsigned.crt 
 + 
 +Fill out the prompts appropriately. The most important line is the one that requests the Common Name. You need to enter the domain name that you want to be associated with your server. You can enter the public IP address instead if you do not have a domain name. We will use //​example.com//​ in this article.
  
   Country Name (2 letter code) [XX]:   Country Name (2 letter code) [XX]:
Line 32: Line 37:
   Organization Name (eg, company) [Default Company Ltd]:   Organization Name (eg, company) [Default Company Ltd]:
   Organizational Unit Name (eg, section) []:   Organizational Unit Name (eg, section) []:
-  Common Name (eg, your name or your server'​s hostname) []:localhost+  Common Name (eg, your name or your server'​s hostname) []:example.com
   Email Address []:   Email Address []:
  
Line 40: Line 45:
  
   DocumentRoot "/​usr/​share/​zabbix"​   DocumentRoot "/​usr/​share/​zabbix"​
-  ServerName ​localhost:443 +  ServerName ​example.com:443 
-  SSLCertificateFile /​etc/​httpd/​ssl/​apache.crt +  SSLCertificateFile /​etc/​httpd/​ssl/​apache-selfsigned.crt 
-  SSLCertificateKeyFile /​etc/​httpd/​ssl/​apache.key+  SSLCertificateKeyFile /​etc/​httpd/​ssl/private/apache-selfsigned.key
  
 Restart the Apache service to apply the changes: Restart the Apache service to apply the changes:
Line 50: Line 55:
 === Enabling Zabbix on root directory of URL === === Enabling Zabbix on root directory of URL ===
  
-Add a virtual host to Apache configuration and set permanent redirect for document root to Zabbix SSL URL. Replace ​//localhost// with the actual name of the server.+Add a virtual host to Apache configuration and set permanent redirect for document root to Zabbix SSL URL. Do not forget to replace ​//example.com// with the actual name of the server.
  
   /​etc/​httpd/​conf/​httpd.conf   /​etc/​httpd/​conf/​httpd.conf
Line 58: Line 63:
  
 <​VirtualHost *:*> <​VirtualHost *:*>
-    ServerName ​localhost +    ServerName ​example.com 
-    Redirect permanent / http://localhost+    Redirect permanent / http://example.com
 </​VirtualHost>​ </​VirtualHost>​
 </​code>​ </​code>​