Proper configuration for reverse proxy setup
ikcalB opened this issue · comments
Running zabbix behind a reverse proxy / loadbalancer (LB) ist not currently possible:
The parameter zabbix_url
is not only used as the frontend-URL, but also the server name.
Behind an LB these 2 are different, i.e:
- host name: my-host.localdomain.lan
- url: monitoring.company.com
In such a setup zabbix would run without TLS on :80. The LB is taking care of the TLS handshake.
zabbixapi will try to use the current zabbix_url
to connect to the /api_jsonrpc.php
path.
When it hits a permanent redirect (301) it exits with an error.
Workaround
For the workaround to work, (Not a permanent solution:!)_:
- Use the hostname as URL.
- Then, make this vhost the default vhost.
(no puppet run allowed atm, becausedefault_vhost
is not honored, and would reset the manual change)
Affected Puppet, Ruby, OS and module versions/distributions
presumably all, if not a regression
How to reproduce (e.g Puppet code you use)
see initial description. puppet snippet:
class { 'zabbix':
zabbix_version => '6.0',
#default_vhost => true, # FIXME: parameter is not passed to zabbix::web!
zabbix_url => 'my-host.localdomain.com',
manage_resources => true,
}
What are you seeing
parameter zabbix{default_vhost}
has no effect.
What behaviour did you expect instead
the parameter zabbix{default_vhost}
should work as intended.
- Also take a look into the use of zabbix_url, and possibly seperate hostname from url.
(url beeing optional, defaulting to the url.)
URL does not support schemes btw, so
http or https
will upset the apache::vhost snippet: it tries to create a filename containing slashes.
- another approach: Add support for apache::vhost{serveraliasses}` parameter which allows to specify additional fqdns for the vhost to listen on.