Steve, I'm not sure what you mean by "available over Internet".

If you are talking about user access, you can learn more in the documentation.
Now, if you mean actual access to Zabbix interface over the Internet, I see this as a network issue. Zabbix itself has no restrictions on where the connection comes from.

Usually a firewall is used to allow external access to certain internal network services. You should look at your own environment to find out how to properly provide network access to your users.

Markfree is correct. There is no limitation on the Zabbix side that would limit your connections to LAN only. Just make sure you're using Host Groups and proper user access privileges. Otherwise, you'll leak client information. See this article from Dmitry (Multi-tenant monitoring: how to achieve that using free Zabbix open-source monitoring software - Zabbix Blog.) You need to contact your network and systems team to do the following:

1) On the Zabbix Server (or web server), make sure https/http are listed services. (Typically: firewall-cmd --list-all or your distro's equivalent).
2) The perimeter firewalls (Cisco, Fortinet, etc) are configured to accept inbound connections on a public interface, then DNAT it to the target web server.

As a general notice: Zabbix's Web UI should be hardened (it is after all Apache/nginx + php), and you should implement some hard security controls. This is a starting point > 3 Web server (zabbix.com)​. Normally I'd recommend whitelist-access only. However, depending on your size this may not be advisable. At the very least, geo-block any country that you don't have clients in.

Beyond that, make sure you're inspecting inbound traffic. In other words, import your certificates to the firewall, decrypt the traffic, inspect it (WAF/WAAP, IPS, AV, etc), then re-encrypt and send it to the server. Drop anything malicious. This type of setup is actually required for some types of deployments, especially those using SCIM which utilizes the Zabbix API.

Source: My Zabbix servers are internet-facing.

Ideally I would present a login screen to the user, across the Internet, and they would login and get a customized dashboard to see the status of their services. I am very familiar with the underpinnings and security. I just didnt know if the Zabbix console was Internet accessible.

I guess my next question is if a Zabbix server install includes Nginx or does it leave that out. I am not going to just make the Apache web server available over the Internet, although I actually could do that with a reverse proxy somewhere else in my environment.

That depends on what you installed when you set it up. Zabbix does natively support nginx, you just need to change the default install directives from Zabbix. Link below. Obviously, chose whatever software you'd prefer. If you currently have apache installed, you should just be able to swap them out.

Download and install Zabbix 7.0 LTS for Alma Linux 9, MySQL, Nginx​

I'm a little curious as to why you have hangups about Apache (httpd) not being on the internet, but Nginx being OK? Nginx and Apache have the lion's share of the internet web server market share (34% and 29.5% respectively). Are you confusing Apache (httpd) with Apache (Tomcat)? Depending on how large these sites are going to be - in other words how many concurrent users will be using it - Ngnix might genuinely be the better option. Nginx tends to be faster with its async architecture.

This is not about having hangups at all. It's more of understanding what comes with a default Zabbix server install. For example Apache has no real reverse proxy capability, so if you want to run reserve proxy you need an additive product like Nginx.

I use Caddy as my reserve proxy, so now i know I leave Apache as is and configure Caddy to reverse proxy to the default port for Zabbix.

Dont stress MRedbourne! Its all good...thank you for responding.

One additional question...what is the default port for Apache? I see the status page is set to 80, so I gotta believe the port for URL access is different?

Figured that out...needed to set a URI of /zabbix and I was able to get the login prompt. This is neat!

Is it possible to create a separate dashboard and just hit that over the Internet, or do I always have to login? Can i set a default dashboard when a user logs in? I guess its about equating a host dashboard to a URL?