zabbix6.0 ubuntu22 apache https

备注：由于个人比较懒 写的比较仓促；马上下班；有问题的 可以私信我

改天 再补充

先安装#mysql zabbix6.0  对版本有要求；具体可以去官方看

在安装zabbix；然后导如zabbix的库到mysql；设置权限

配置zabbix ;启动zabbix  

然后zabbix_agent 配置；centos和ubuntu    agent用的不一样

然后配置zabbix_agent 重启即可

#########################################################################

zabbixx  ubuntu22

# wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-4+ubuntu20.04_all.deb

# dpkg -i zabbix-release_6.0-4+ubuntu20.04_all.deb

# apt update

apt install zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-sql-scripts zabbix-agent

########################

确保mysql 已提前安装，且正常运行

#######################

第一次默认无密码即可登录

需要设置密码，然后启用加密

启用加密

use mysql

select user,plugin from user;

update user set plugin="mysql_native_password" where user='root';

SELECT user,plugin ,authentication_string FROM user;

设置zabbix的数据库

create database zabbix character set utf8mb4 collate utf8mb4_bin;

用已有的root

grant all privileges on zabbix.* to root@localhost;

set global log_bin_trust_function_creators = 1;

flush privileges;

quit

导入zabbix数据库的架构  -uroot   以root用户登录   zabbix为数据库名

zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uroot -p Zabbix

systemctl restart zabbix-server zabbix-agent apache2

systemctl enable zabbix-server zabbix-agent apache2

#################################################################

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '123qwe!@#QWE';

跟改密码

mysqladmin -uroot -p password  '123qwe!@#QWE';

##########################

zabbix的数据库 为Zabbix

###############################################################

zabbix_server  配置

root@zabbix:/etc/zabbix# egrep -v '^$|^#' zabbix_server.conf
ListenPort=10051
LogFile=/var/log/zabbix/zabbix_server.log
LogFileSize=1
PidFile=/run/zabbix/zabbix_server.pid
SocketDir=/run/zabbix
 DBHost=localhost
DBName=zabbix
DBUser=root
DBPassword=123qwe!@#QWE
 StartPollers=80
StartIPMIPollers=5
 StartPollersUnreachable=50
 StartTrappers=15
 StartPingers=88
 StartDiscoverers=15
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
CacheSize=2028M
StartDBSyncers=10
HistoryCacheSize=256M
HistoryIndexCacheSize=256M
TrendFunctionCacheSize=64M
Timeout=30
AlertScriptsPath=/usr/lib/zabbix/alertscripts
FpingLocation=/usr/bin/fping
Fping6Location=/usr/bin/fping6
LogSlowQueries=3000
StatsAllowedIP=127.0.0.1
 

字体更改只能用简体的

####################################

##################################ubuntu  agent################################

sudo apt-get  update

sudo apt-get install -y zabbix-agent

sudo sed -i 's/# User=zabbix/User=zabbix/g' /etc/zabbix/zabbix_agentd.conf ; sudo sed -i 's/# Group=zabbix/Group=zabbix/g' /etc/zabbix/zabbix_agentd.conf ;sudo sed -i 's/# AllowRoot=0/AllowRoot=1/g' /etc/zabbix/zabbix_agentd.conf ;sudo sed -i 's/# UnsafeUserParameters=0/UnsafeUserParameters=1/g' /etc/zabbix/zabbix_agentd.conf ; sudo sed -i 's/# Timeout=3/Timeout=30/g'  /etc/zabbix/zabbix_agentd.conf ;sudo sed -i 's/ServerActive=127.0.0.1/ServerActive=154.23.243.84/g' /etc/zabbix/zabbix_agentd.conf ; sudo sed -i 's/Server=127.0.0.1/Server=154.23.243.84/g' /etc/zabbix/zabbix_agentd.conf ;sudo sed -i 's/Hostname=Zabbix server/#Hostname=Zabbix server/g' /etc/zabbix/zabbix_agentd.conf ; sudo sed -i 's/# EnableRemoteCommands=0/EnableRemoteCommands=1/g' /etc/zabbix/zabbix_agentd.conf ; sudo sed -i 's/# StartAgents=3/StartAgents=20/g' /etc/zabbix/zabbix_agentd.conf ; sudo sed -i 's/# RefreshActiveChecks=120/RefreshActiveChecks=120/g' /etc/zabbix/zabbix_agentd.conf;sed -i 's/User=LogFileSize=0/LogFileSize=1/g' /etc/zabbix/zabbix_agentd.conf

systemctl restart zabbix-agent

systemctl enable zabbix-agent

防火墙开通端口

sudo ufw allow 10050/tcp

sudo ufw allow 10051/tcp

sudo ufw allow from any to any port 10050

sudo ufw allow from any to any port 10051

##################################centos  agent################################

redhat

rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-release-6.0-4.el7.noarch.rpm

centos

rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-release-6.0-4.el7.noarch.rpm

yum install zabbix-agent2 zabbix-agent2-plugin-*

yum install    zabbix-agent2 zabbix-agent2-plugin-*

（centos系列）

sudo sed -i 's/# User=zabbix/User=zabbix/g' /etc/zabbix/zabbix_agent2.conf ; sudo sed -i 's/# Group=zabbix/Group=zabbix/g' /etc/zabbix/zabbix_agent2.conf ;sudo sed -i 's/# AllowRoot=0/AllowRoot=1/g' /etc/zabbix/zabbix_agent2.conf ;sudo sed -i 's/# UnsafeUserParameters=0/UnsafeUserParameters=1/g' /etc/zabbix/zabbix_agent2.conf ; sudo sed -i 's/# Timeout=3/Timeout=30/g'  /etc/zabbix/zabbix_agent2.conf ;sudo sed -i 's/ServerActive=127.0.0.1/ServerActive=154.23.243.84/g' /etc/zabbix/zabbix_agent2.conf ; sudo sed -i 's/Server=127.0.0.1/Server=154.23.243.84/g' /etc/zabbix/zabbix_agent2.conf ;sudo sed -i 's/Hostname=Zabbix server/#Hostname=Zabbix server/g' /etc/zabbix/zabbix_agent2.conf ; sudo sed -i 's/# EnableRemoteCommands=0/EnableRemoteCommands=1/g' /etc/zabbix/zabbix_agent2.conf ; sudo sed -i 's/# StartAgents=3/StartAgents=20/g' /etc/zabbix/zabbix_agent2.conf ; sudo sed -i 's/# RefreshActiveChecks=120/RefreshActiveChecks=120/g' /etc/zabbix/zabbix_agent2.conf;sed -i 's/LogFileSize=0/LogFileSize=1/g' /etc/zabbix/zabbix_agent*.conf

systemctl restart zabbix-agent2

firewalld 开通10050和10051端口

sudo firewall-cmd    --add-port=10050/tcp --permanent

sudo firewall-cmd --add-port=10051/tcp --permanent

systemctl restart firewalld

################# http 重定向到 https ############################## #############################

sudo apt update

sudo apt install apache2 ssl-cert

sudo mkdir /etc/apache2/ssl

cd /etc/apache2/ssl

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt

都是默认回车

/sites-available目录存放的是可用的虚拟主机

/sites-enabled目录存放的是已经启用的虚拟主机

vi   /etc/apache2/sites-available/000-default.conf

新增SSLCertificateFile 和 SSLCertificateKeyFile   其次将原有的注释掉；保存退出

SSLCertificateFile /etc/apache2/ssl/server.crt

SSLCertificateKeyFile /etc/apache2/ssl/server.key

然后将000-default.conf 所有的内容添加到/etc/apache2/sites-available/default-ssl.conf  下面（另起一行）

启用apache的重定向功能；

sudo a2enmod rewrite

在 <VirtualHost *:80>  </VirtualHost> 之间添加

RewriteEngine on

RewriteCond   %{HTTPS} !=on

RewriteRule   ^(.*)  https://%{SERVER_NAME}$1 [L,R]

然后重启即可

systemctl restart zabbix-server zabbix-agent apache2

##########################################################################################################################################################

########################################

查看二进制的zabbix_server是否支持ssl加密

ldd /usr/sbin/zabbix_server  | egrep 'libssl|libcrypto'

    libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f32ef737000)

    libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f32ef460000)

说明是支持加密的；这个时候可以用PSK

在agent上进行操作

生成psk密钥

openssl rand -hex 32 > /etc/zabbix/zabbix_agent*.d/zabbix_agentd.psk

openssl rand -hex 32 > ./zabbix_agentd.psk

TLSConnect=psk

TLSAccept=psk

TLSPSKFile=/etc/zabbix/zabbix_agent*.d/zabbix_agentd.psk

TLSPSKIdentity=psk050

systemctl restart zabbix-agent

#####################################################################

然后在zabbix   web界面操作

设置--> 主机 -->154.19.242.186  -->加密--> 共享密钥-->

第一个是TLSPSKIdentity

第二个是TLSPSKFile对应的psk密钥

即可

Zabbix server安装

Zabbix agent配置加密

Zabbix https访问

已完成