(Senior DevOps Manager & Principal Architect)
Rajesh Kumar — an award-winning academician and consultant trainer, with 15+ years’ experience in diverse skill management, who has more than a decade of experience in training large and diverse groups across multiple industry sectors.
Zabbix supports encrypted communications between Zabbix components using Transport Layer Security (TLS) protocol v.1.2 and 1.3 (depending on the crypto library). Certificate-based and pre-shared key-based encryption is supported.
Encryption can be configured for connections:
- Between Zabbix server, Zabbix proxy, Zabbix agent, zabbix_sender and zabbix_get utilities
- To Zabbix database from Zabbix frontend and server/proxy
Encryption is optional and configurable for individual components:
- Some proxies and agents can be configured to use certificate-based encryption with the server, while others can use pre-shared key-based encryption, and yet others continue with unencrypted communications (as before)
- Server (proxy) can use different encryption configurations for different hosts
Zabbix daemon programs use one listening port for encrypted and unencrypted incoming connections. Adding an encryption does not require opening new ports on firewalls.
To support encryption Zabbix must be compiled and linked with one of the supported crypto libraries:
GnuTLS - from version 3.1.18
OpenSSL - versions 1.0.1, 1.0.2, 1.1.0, 1.1.1
LibreSSL - tested with versions 2.7.4, 2.8.2:
1. In order to verify peer certificates, Zabbix server must have access to file with their top-level self-signed root CA certificates. For example, if we expect certificates from two independent root CAs, we can put their certificates into file /home/zabbix/zabbix_ca_file
2. Put Zabbix server certificate chain into file, for example, /home/zabbix/zabbix_server.crt:
3. Put Zabbix server private key into file, for example, /home/zabbix/zabbix_server.key
4. Edit TLS parameters in Zabbix server configuration file like this:
TLSCAFile=/home/zabbix/zabbix_ca_file
TLSCertFile=/home/zabbix/zabbix_server.crt
TLSKeyFile=/home/zabbix/zabbix_server.key
These platforms provide you the opportunity to connect with peers and industry DevOps leaders, where you can share, discuss or get information on latest topics or happenings in DevOps culture and grow your DevOps professionals network.
DevOps |
Build & Release |
DevOps |
Build & Release |
DevOpsSchool |
DevOps Group |
BestDevOps.com |
DevOpsSchool — Lets Learn, Share & Practice DevOps
Zabbix
Session-2-Zabbix-install-configure