This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
manual:installation:upgrade_notes_4020 [2021/01/27 19:24] 127.0.0.1 external edit |
manual:installation:upgrade_notes_4020 [2021/02/04 10:33] (current) martins-v non-root permissions implemented for Docker images (ZBX-18007) |
||
---|---|---|---|
Line 10: | Line 10: | ||
=== Docker appliance support dropped === | === Docker appliance support dropped === | ||
+ | |||
Zabbix Docker Appliance image has been decommissioned and will not be available for 4.0.20 and newer releases. Please use a separate Docker image for each component instead of the all-in-one solution. | Zabbix Docker Appliance image has been decommissioned and will not be available for 4.0.20 and newer releases. Please use a separate Docker image for each component instead of the all-in-one solution. | ||
+ | === Non-root permissions implemented for Docker images === | ||
+ | |||
+ | Zabbix Docker images have been updated to implement non-root container best practices. Due to the change: | ||
+ | |||
+ | * All directories have been restricted for the container user, except directories which are required for the container. For example, /etc/zabbix/ with Zabbix component configuration files. | ||
+ | * Ports 80 and 443 have been changed to 8080 and 8443, because usage of all ports <1024 is restricted for non-privileged users. Zabbix web interface images have been updated to use non-privileged ports 8080, 8443; Zabbix snmptrap images port 1162. | ||
+ | * All Zabbix images are updated to use a non-privileged user. By default, 'zabbix' with UID 1997. | ||
+ | |||
+ | A known issue: Nginx based images do not run under root. Will be fixed soon. | ||