Ad Widget

Collapse

Zabbix behind Nginx reverse proxy (proxy_pass)

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • brencklen1@southernct.edu
    Junior Member
    • Mar 2023
    • 3
    #1

    Zabbix behind Nginx reverse proxy (proxy_pass)

    Hello!

    I currently have Zabbix 6.0 LTS running (Rocky Linux 8, nginx and PostgreSQL) just fine on a basic install. The Zabbix web interface is running at https://zabsvr.fqdn.tld:8080 and working fine with monitoring and alerting via email. I don't have local SSL cert expire checking working, but that's another story.

    What I want to do is proxy the port 8080 web page, so users connect to https://zabsvr.fqdn.tld/zabbix instead of http://zabsvrfqdn.tld:8080. Since I'm already using Nginx, this SHOULD have been a quick change. Unfortunately, I ran into a problem. What I did was enter the very simple config below into nginx.conf under the server section.

    location /zabbix {
    proxy_pass http://zabsvr.fqdn.tld:8080/;​
    }

    I get a login screen, but logging in gives a 404 error. The error in /var/log/nginx/error.log is this.

    2023/03/24 17:26:05 [error] 11299#0: *769 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 10.10.10.9, server: zabsvr.fqdn.tld, request: "POST /index.php HTTP/1.1", upstream: "fastcgi://unix:/run/php-fpm/www.sock:", host: "zabsvr.fqdn.tld", referrer: "https://zabsvr.fqdn.tld/zabbix"

    10.10.10.9 is the ip of the server, not the client I am running a browser on. I'm not sure if I need to edit something in zabbix.conf, php.conf or nginx.conf at this point, but I have my doubts that its an nginx thing but maybe a simple proxy config doesn't work and it needs other options? And of course, all I find are videos where people have it working, not any that show how to configure it :-) Google searching that error specifically brings me down a rabbit hole of node.js and react.js issues that don't seem to apply in my case. I did install certbot and got a TLS certificate installed from our ACME providor, but I don't think that is the issue. Without forcing 80->443, nginx should still proxy 80->8080, but that gives the same error.

    Thanks for any help, tips or leads on how to solve this! I actually just built a second server following the same instructions and again, Zabbix is working great, just can't get the proxy configured to wrap it up in TLS!

    -Nick​
    Tags: None
    • brencklen1@southernct.edu
      Junior Member
      • Mar 2023
      • 3
      #2
      After much testing, it was determined that I could set an nginx proxy on another host without a problem. What was erroring out was trying to do nginx running zabbix AND a proxy from 443->8080 on the same host. I am not sure how to solve that problem, but it points to an nginx configuration issue more than anything with Zabbix. I ended up installing Zabbix with the apache server instead, working just fine with 443 TLS.

        Comment

        • Lawipac
          Junior Member
          • Jul 2023
          • 3
          #3
          I have encountered the same problem. For my case it's due to Nginx'd default handling of php and cgi-bin, it tries to handle php and cgi locally instead of forwarding to the Zabbix host/docker

          Code:
                  location / {
                proxy_pass http://10.0.0.3:8080/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection Upgrade;
                proxy_set_header Host $host;
        }
#       location ~ "\.php(/|$)" {
#               try_files $uri $fastcgi_script_name =404;
#               default_type application/x-httpd-php;
#               fastcgi_pass unix:/var/php-nginx/1689482424469450.sock/socket;
#       }
#       fastcgi_split_path_info "^(.+\.php)(/.+)$";
#       location /cgi-bin/ {
#               gzip off;
#               root /home/site24x7/cgi-bin;
#               fastcgi_pass unix:/var/fcgiwrap/1689482424469450.sock/socket;
#               fastcgi_param SCRIPT_FILENAME "/home/site24x7$fastcgi_script_name";
#               fastcgi_param GATEWAY_INTERFACE CGI/1.1;
#               fastcgi_param SERVER_SOFTWARE nginx;
#               fastcgi_param QUERY_STRING $query_string;
#               fastcgi_param REQUEST_METHOD $request_method;
#               fastcgi_param CONTENT_TYPE $content_type;
#               fastcgi_param CONTENT_LENGTH $content_length;
#               fastcgi_param SCRIPT_NAME $fastcgi_script_name;
#               fastcgi_param REQUEST_URI $request_uri;
#               fastcgi_param DOCUMENT_URI $document_uri;
#               fastcgi_param DOCUMENT_ROOT /home/site24x7/public_html;
#               fastcgi_param SERVER_PROTOCOL $server_protocol;
#               fastcgi_param REMOTE_ADDR $remote_addr;
#               fastcgi_param REMOTE_PORT $remote_port;
#               fastcgi_param SERVER_ADDR $server_addr;
#               fastcgi_param SERVER_PORT $server_port;
#               fastcgi_param SERVER_NAME $server_name;
#               fastcgi_param PATH_INFO $fastcgi_path_info;
#               fastcgi_param HTTPS $https;
#       }
​
          Specifically, I commented out those lines in my nginx.conf for this particular site, and it works as expected.

            Comment

            • terracenter
              Junior Member
              • Nov 2019
              • 1
              #4

              Hi

              On Debian 12 with Nginx repo and nginx vhost zabbix

              Code:
              vim /etc/nginx/conf.d/zabbix.conf
              Code:
              upstream zabbix {
server local_IP:8080; ## Zabbix Web Nginx too
}

server {
server_name zabbix.mydomain.net;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;

# Add Headers for zabbix proxy mode
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;

# log
access_log /var/log/nginx/zabbix.access.log;
error_log /var/log/nginx/zabbix.error.log;

# Redirect requests to zabbix backend server
location / {
proxy_redirect off;
proxy_pass http://zabbix;
}

# common gzip
gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
gzip on;

# cache static data
location ~* /web/static/ {
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://zabbix;
}

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/zabbix.mydomain.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/zabbix.mydomain.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}



server {
if ($host = zabbix.mydomain.net) {
return 301 https://$host$request_uri;
} # managed by Certbot


server_name zabbix.mydomain.net;
listen 80;
return 404; # managed by Certbot


}

              That work for me.





                Comment

                Previous template Next
                Working...