Ad Widget

Collapse

Dockerized zabbix, Web UI unavailable

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • randomizedname
    Junior Member
    • Sep 2020
    • 10
    #1

    Dockerized zabbix, Web UI unavailable

    Hi,

    I'm using dockerized zabbix 5.0. It've worked fine until in-place upgrade from Centos7 to Rocky linux 8. Now it works only from inside of the zabbix-web-apache-mysql container. From the docker host it has no connection.

    curl from the web container:
    Code:
    curl -vvv http://127.0.0.1:8080

<!DOCTYPE html>
<html>
        <head>
                <meta http-equiv="X-UA-Compatible" content="IE=Edge"/>
                <meta charset="utf-8" />
                <meta name="viewport" content="width=device-width, initial-scale=1">
                <meta name="Author" content="Zabbix SIA" />
                <title>Composed installation: Zabbix</title>
                <link rel="icon" href="favicon.ico">


    curl from the docker host:
    Code:
     curl -vvv 127.0.0.1:8080
* Rebuilt URL to: 127.0.0.1:8080/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.61.1
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

​
    lsof -Pi
    Code:
    lsof -Pi | grep "8080"
docker-pr 1152020   root    4u  IPv4 9603312      0t0  TCP localhost:8080 (LISTEN)​
    docker ps | grep zabbix
    Code:
     docker ps | grep zabbix
b312fa9d9fcb   zabbix/zabbix-agent:alpine-5.0.22                   "/sbin/tini -- /usr/…"   4 hours ago    Up 4 hours                                                             zabbix-docker-50_zabbix-agent_1
af75ba9a841a   zabbix/zabbix-web-apache-mysql:alpine-5.0.22        "docker-entrypoint.s…"   4 hours ago    Up 4 hours (healthy)   127.0.0.1:8080->8080/tcp, 8443/tcp              zabbix-docker-50_zabbix-web-apache-mysql_1
9fa9b3aea444   my/zabbix                                           "/sbin/tini -- /usr/…"   4 hours ago    Up 4 hours             0.0.0.0:10051->10051/tcp, :::10051->10051/tcp   zabbix-docker-50_zabbix-server_1
0ff85d1af06e   mysql:8.0                                           "docker-entrypoint.s…"   4 hours ago    Up 4 hours                                                             zabbix-docker-50_mysql-server_1
    firewall-cmd --zone=docker --list-all
    Code:
    docker (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: be17954e014c ... docker0 ...
  sources:
  services:
  ports:
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
    docker-compose.yaml:
    Code:
    version: '3.5'
services:
 zabbix-server:
  #image: zabbix/zabbix-server-mysql:alpine-5.0-latest
  image: my/zabbix

  ports:
   - "10051:10051"
  volumes:
   - /etc/localtime:/etc/localtime:ro
   #- /etc/timezone:/etc/timezone:ro
   - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
   - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
   - ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
   - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
   - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
   - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
   #- snmptraps:/var/lib/zabbix/snmptraps:rw
  links:
   - mysql-server:mysql-server
  # - zabbix-java-gateway:zabbix-java-gateway
  ulimits:
   nproc: 65535
   nofile:
    soft: 20000
    hard: 40000
  deploy:
   resources:
    limits:
      cpus: '0.50'
      memory: 1G
    reservations:
      cpus: '0.3'
      memory: 512M
  env_file:
   - .env_db_mysql
   - .env_srv
  secrets:
   - MYSQL_USER
   - MYSQL_PASSWORD
   - MYSQL_ROOT_PASSWORD
  depends_on:
   - mysql-server
  networks:
   zbx_net_backend:
     aliases:
      - zabbix-server
      - zabbix-server-mysql
      - zabbix-server-alpine-mysql
      - zabbix-server-mysql-alpine
   zbx_net_frontend:
  stop_grace_period: 30s
  sysctls:
   - net.ipv4.ip_local_port_range=1024 65000
   - net.ipv4.conf.all.accept_redirects=0
   - net.ipv4.conf.all.secure_redirects=0
   - net.ipv4.conf.all.send_redirects=0
  labels:
   com.zabbix.description: "Zabbix server with MySQL database support"
   com.zabbix.company: "Zabbix LLC"
   com.zabbix.component: "zabbix-server"
   com.zabbix.dbtype: "mysql"
   com.zabbix.os: "alpine"

 zabbix-web-apache-mysql:
  image: zabbix/zabbix-web-apache-mysql:alpine-5.0.22
  ports:
   - "127.0.0.1:8080:8080"
  links:
   - mysql-server:mysql-server
   - zabbix-server:zabbix-server
  volumes:
   - /etc/localtime:/etc/localtime:ro
   # - /etc/timezone:/etc/timezone:ro
   - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
   - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
   - ./zbx_env/etc/zabbix/apache.conf:/etc/zabbix/apache.conf
  deploy:
   resources:
    limits:
      cpus: '0.50'
      memory: 512M
    reservations:
      cpus: '0.3'
      memory: 256M
  env_file:
   - .env_db_mysql
   - .env_web
  secrets:
   - MYSQL_USER
   - MYSQL_PASSWORD
  depends_on:
   - mysql-server
   - zabbix-server
  healthcheck:
   test: ["CMD", "curl", "-f", "http://localhost:8080/"]
   interval: 10s
   timeout: 5s
   retries: 3
   start_period: 30s
  networks:
   zbx_net_backend:
    aliases:
     - zabbix-web-apache-mysql
     - zabbix-web-apache-alpine-mysql
     - zabbix-web-apache-mysql-alpine
   zbx_net_frontend:
  stop_grace_period: 10s
  sysctls:
   - net.core.somaxconn=65535
  labels:
   com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support"
   com.zabbix.company: "Zabbix LLC"
   com.zabbix.component: "zabbix-frontend"
   com.zabbix.webserver: "apache2"
   com.zabbix.dbtype: "mysql"
   com.zabbix.os: "alpine"


 zabbix-agent:
  image: zabbix/zabbix-agent:alpine-5.0.22
  ports:
   - "10050:10050"
  volumes:
   - /etc/localtime:/etc/localtime:ro
   - /etc/timezone:/etc/timezone:ro
   - ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
   - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
   - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
  links:
   - zabbix-server:zabbix-server
  deploy:
   resources:
    limits:
      cpus: '0.2'
      memory: 128M
    reservations:
      cpus: '0.1'
      memory: 64M
   mode: global
  env_file:
   - .env_agent
  privileged: true
  pid: "host"
  networks:
   zbx_net_backend:
    aliases:
     - zabbix-agent
     - zabbix-agent-passive
     - zabbix-agent-alpine
  stop_grace_period: 5s
  labels:
   com.zabbix.description: "Zabbix agent"
   com.zabbix.company: "Zabbix LLC"
   com.zabbix.component: "zabbix-agentd"
   com.zabbix.os: "alpine"


 mysql-server:
  image: mysql:8.0
  command:
   - mysqld
   - --character-set-server=utf8
   - --collation-server=utf8_bin
   - --default-authentication-plugin=mysql_native_password
  volumes:
   - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
  env_file:
   - .env_db_mysql
  secrets:
   - MYSQL_USER
   - MYSQL_PASSWORD
   - MYSQL_ROOT_PASSWORD
  stop_grace_period: 1m
  networks:
   zbx_net_backend:
    aliases:
     - mysql-server
     - zabbix-database
     - mysql-database

 db_data_mysql:
  image: busybox
  volumes:
   - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw

networks:
  zbx_net_frontend:
    driver: bridge
    driver_opts:
      com.docker.network.enable_ipv6: "true"
    ipam:
      driver: default
      config:
      - subnet: 172.16.238.0/24
  zbx_net_backend:
    driver: bridge
    driver_opts:
      com.docker.network.enable_ipv6: "true"
    internal: true
    ipam:
      driver: default
      config:
      - subnet: 172.16.239.0/24

secrets:
  MYSQL_USER:
    file: ./.MYSQL_USER
  MYSQL_PASSWORD:
    file: ./.MYSQL_PASSWORD
  MYSQL_ROOT_PASSWORD:
    file: ./.MYSQL_ROOT_PASSWORD


​
    Tags: None
    • Answer selected by randomizedname at 05-07-2024, 08:01.
      randomizedname
      Junior Member
      • Sep 2020
      • 10
      Hi, finally I was able to resolve the issue. The resolution was to change subnet for zbx_net_frontend
      for any other than 172.16.238.0/24. It looks like there was same orphaned network interfaces with this subnet in the system.
      Even though they were not listed by "docker networks ls" they were still in the system "ip a".

      changed from this:

      Code:
      networks:
zbx_net_frontend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
driver: default
config:
- subnet: 172.16.238.0/24
zbx_net_backend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
internal: true
ipam:
driver: default
config:
- subnet: 172.16.239.0/24
      to this:

      Code:
      networks:
zbx_net_frontend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
driver: default
config:
- subnet: 172.16.233.0/24
zbx_net_backend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
internal: true
ipam:
driver: default
config:
- subnet: 172.16.239.0/24


      ip a | grep -C2 "172.16.238."

      Code:
      4: br-1ee8472c9885: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:ff:54:35:92 brd ff:ff:ff:ff:ff:ff
inet 172.16.238.1/24 brd 172.16.238.255 scope global br-1ee8472c9885
valid_lft forever preferred_lft forever
5: br-24974ef4178c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
--
805: br-7d1c7e8f727f: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:cf:fc:ea:16 brd ff:ff:ff:ff:ff:ff
inet 172.16.238.1/24 brd 172.16.238.255 scope global br-7d1c7e8f727f
valid_lft forever preferred_lft forever
inet6 fe80::42:cfff:fefc:ea16/64 scope link
        • Selected Answer

        Comment

        • randomizedname
          Junior Member
          • Sep 2020
          • 10
          #2
          Hi, finally I was able to resolve the issue. The resolution was to change subnet for zbx_net_frontend
          for any other than 172.16.238.0/24. It looks like there was same orphaned network interfaces with this subnet in the system.
          Even though they were not listed by "docker networks ls" they were still in the system "ip a".

          changed from this:

          Code:
          networks:
zbx_net_frontend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
driver: default
config:
- subnet: 172.16.238.0/24
zbx_net_backend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
internal: true
ipam:
driver: default
config:
- subnet: 172.16.239.0/24
          to this:

          Code:
          networks:
zbx_net_frontend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
driver: default
config:
- subnet: 172.16.233.0/24
zbx_net_backend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
internal: true
ipam:
driver: default
config:
- subnet: 172.16.239.0/24


          ip a | grep -C2 "172.16.238."

          Code:
          4: br-1ee8472c9885: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:ff:54:35:92 brd ff:ff:ff:ff:ff:ff
inet 172.16.238.1/24 brd 172.16.238.255 scope global br-1ee8472c9885
valid_lft forever preferred_lft forever
5: br-24974ef4178c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
--
805: br-7d1c7e8f727f: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:cf:fc:ea:16 brd ff:ff:ff:ff:ff:ff
inet 172.16.238.1/24 brd 172.16.238.255 scope global br-7d1c7e8f727f
valid_lft forever preferred_lft forever
inet6 fe80::42:cfff:fefc:ea16/64 scope link
            • Selected Answer

            Comment

            Previous template Next
            Working...