Hi,
I have installed zabbix-proxy from zabbix repository.
yum install zabbix-proxy-mysql
And i have followed below steps to enable PSK encryption.
Configuring PSK for server - active proxy communication (example)
On the proxy, write the PSK value into a file, for example, /home/zabbix/zabbix_proxy.psk. The file must contain PSK in the first text string, for example:
e560cb0d918d26d31b4f642181f5f570ad89a390931102e539 1d08327ba434e9
Set access rights to PSK file - it must be readable only by Zabbix user.
Edit TLS parameters in proxy configuration file zabbix_proxy.conf, for example, set:
TLSConnect=psk
TLSPSKFile=/home/zabbix/zabbix_proxy.psk
TLSPSKIdentity=PSK 002
The proxy will connect to server using PSK. PSK identity will be “PSK 002”.
(To minimize downtime see how to change connection type in Connection encryption management).
Configure PSK for this proxy in Zabbix frontend. Go to Administration→Proxies, select the proxy, go to “Encryption” tab. In “Connections from proxy” mark PSK. Paste into “PSK identity” field “PSK 002” and “e560cb0d918d26d31b4f642181f5f570ad89a390931102e53 91d08327ba434e9” into “PSK” field. Click “Update”.
Restart proxy. It will start using PSK-based encrypted connections to server. Check server and proxy logfiles for error messages.
For a passive proxy the procedure is very similar. The only difference - set TLSAccept=psk in proxy configuration file and set “Connections to proxy” in Zabbix frontend to PSK.
When i configure zabbix-proxy to communicate with server using PSK and restarting zabbix-proxy failed to start and shows below error message,
Starting Zabbix proxy: zabbix_proxy [12288]: "TLSConnect" configuration parameter cannot be used: Zabbix proxy was compiled without TLS support
zabbix_proxy [12288]: "TLSPSKIdentity" configuration parameter cannot be used: Zabbix proxy was compiled without TLS support
zabbix_proxy [12288]: "TLSPSKFile" configuration parameter cannot be used: Zabbix proxy was compiled without TLS support.
How to enable TLS support in zabbix-proxy installing from zabbix repo?
I have installed zabbix-proxy from zabbix repository.
yum install zabbix-proxy-mysql
And i have followed below steps to enable PSK encryption.
Configuring PSK for server - active proxy communication (example)
On the proxy, write the PSK value into a file, for example, /home/zabbix/zabbix_proxy.psk. The file must contain PSK in the first text string, for example:
e560cb0d918d26d31b4f642181f5f570ad89a390931102e539 1d08327ba434e9
Set access rights to PSK file - it must be readable only by Zabbix user.
Edit TLS parameters in proxy configuration file zabbix_proxy.conf, for example, set:
TLSConnect=psk
TLSPSKFile=/home/zabbix/zabbix_proxy.psk
TLSPSKIdentity=PSK 002
The proxy will connect to server using PSK. PSK identity will be “PSK 002”.
(To minimize downtime see how to change connection type in Connection encryption management).
Configure PSK for this proxy in Zabbix frontend. Go to Administration→Proxies, select the proxy, go to “Encryption” tab. In “Connections from proxy” mark PSK. Paste into “PSK identity” field “PSK 002” and “e560cb0d918d26d31b4f642181f5f570ad89a390931102e53 91d08327ba434e9” into “PSK” field. Click “Update”.
Restart proxy. It will start using PSK-based encrypted connections to server. Check server and proxy logfiles for error messages.
For a passive proxy the procedure is very similar. The only difference - set TLSAccept=psk in proxy configuration file and set “Connections to proxy” in Zabbix frontend to PSK.
When i configure zabbix-proxy to communicate with server using PSK and restarting zabbix-proxy failed to start and shows below error message,
Starting Zabbix proxy: zabbix_proxy [12288]: "TLSConnect" configuration parameter cannot be used: Zabbix proxy was compiled without TLS support
zabbix_proxy [12288]: "TLSPSKIdentity" configuration parameter cannot be used: Zabbix proxy was compiled without TLS support
zabbix_proxy [12288]: "TLSPSKFile" configuration parameter cannot be used: Zabbix proxy was compiled without TLS support.
How to enable TLS support in zabbix-proxy installing from zabbix repo?
Comment