Example working proxy config

1. # This is a configuration file for Zabbix proxy daemon
2. # To get more information about Zabbix, visit https://www.zabbix.com
3.  
4. ############ GENERAL PARAMETERS #################
5.  
6. ### Option: ProxyMode
7. # Proxy operating mode.
8. # 0 - proxy in the active mode
9. # 1 - proxy in the passive mode
10. #
11. # Mandatory: no
12. # Default:
13. # ProxyMode=0
14.  
15. ### Option: Server
16. # If ProxyMode is set to active mode:
17. # IP address or DNS name (address:port) or cluster (address:port;address2:port) of Zabbix server to get configuration data from and send data to.
18. # If port is not specified, default port is used.
19. # Cluster nodes need to be separated by semicolon.
20. # If ProxyMode is set to passive mode:
21. # List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server.
22. # Incoming connections will be accepted only from the addresses listed here.
23. # If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
24. # and '::/0' will allow any IPv4 or IPv6 address.
25. # '0.0.0.0/0' can be used to allow any IPv4 address.
26. # Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
27. #
28. # Mandatory: yes
29. # Default:
30. # Server=
31.  
32. Server=[redacted]
33.  
34. ### Option: Hostname
35. # Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
36. # Value is acquired from HostnameItem if undefined.
37. #
38. # Mandatory: no
39. # Default:
40. # Hostname=
41.  
42. Hostname=[redacted]
43.  
44. ### Option: HostnameItem
45. # Item used for generating Hostname if it is undefined.
46. # Ignored if Hostname is defined.
47. #
48. # Mandatory: no
49. # Default:
50. # HostnameItem=system.hostname
51.  
52. ### Option: ListenPort
53. # Listen port for trapper.
54. #
55. # Mandatory: no
56. # Range: 1024-32767
57. # Default:
58. # ListenPort=10051
59.  
60. ### Option: SourceIP
61. # Source IP address for outgoing connections.
62. #
63. # Mandatory: no
64. # Default:
65. # SourceIP=
66.  
67. ### Option: LogType
68. # Specifies where log messages are written to:
69. # system - syslog
70. # file - file specified with LogFile parameter
71. # console - standard output
72. #
73. # Mandatory: no
74. # Default:
75. # LogType=file
76.  
77. ### Option: LogFile
78. # Log file name for LogType 'file' parameter.
79. #
80. # Mandatory: yes, if LogType is set to file, otherwise no
81. # Default:
82. # LogFile=
83.  
84. LogFile=/var/log/zabbix/zabbix_proxy.log
85.  
86. ### Option: LogFileSize
87. # Maximum size of log file in MB.
88. # 0 - disable automatic log rotation.
89. #
90. # Mandatory: no
91. # Range: 0-1024
92. # Default:
93. # LogFileSize=1
94.  
95. LogFileSize=0
96.  
97. ### Option: DebugLevel
98. # Specifies debug level:
99. # 0 - basic information about starting and stopping of Zabbix processes
100. # 1 - critical information
101. # 2 - error information
102. # 3 - warnings
103. # 4 - for debugging (produces lots of information)
104. # 5 - extended debugging (produces even more information)
105. #
106. # Mandatory: no
107. # Range: 0-5
108. # Default:
109. # DebugLevel=3
110.  
111. ### Option: EnableRemoteCommands
112. # Whether remote commands from Zabbix server are allowed.
113. # 0 - not allowed
114. # 1 - allowed
115. #
116. # Mandatory: no
117. # Default:
118. # EnableRemoteCommands=0
119.  
120. ### Option: LogRemoteCommands
121. # Enable logging of executed shell commands as warnings.
122. # 0 - disabled
123. # 1 - enabled
124. #
125. # Mandatory: no
126. # Default:
127. # LogRemoteCommands=0
128.  
129. ### Option: PidFile
130. # Name of PID file.
131. #
132. # Mandatory: no
133. # Default:
134. # PidFile=/tmp/zabbix_proxy.pid
135.  
136. PidFile=/run/zabbix/zabbix_proxy.pid
137.  
138. ### Option: SocketDir
139. # IPC socket directory.
140. # Directory to store IPC sockets used by internal Zabbix services.
141. #
142. # Mandatory: no
143. # Default:
144. # SocketDir=/tmp
145.  
146. SocketDir=/run/zabbix
147.  
148. ### Option: DBHost
149. # Database host name.
150. # If set to localhost, socket is used for MySQL.
151. # If set to empty string, socket is used for PostgreSQL.
152. #
153. # Mandatory: no
154. # Default:
155. # DBHost=localhost
156.  
157. ### Option: DBName
158. # Database name.
159. # For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
160. # Warning: do not attempt to use the same database Zabbix server is using.
161. #
162. # Mandatory: yes
163. # Default:
164. # DBName=
165.  
166. DBName=zabbix_proxy
167.  
168. ### Option: DBSchema
169. # Schema name. Used for PostgreSQL.
170. #
171. # Mandatory: no
172. # Default:
173. # DBSchema=
174.  
175. ### Option: DBUser
176. # Database user. Ignored for SQLite.
177. #
178. # Default:
179. # DBUser=
180.  
181. DBUser=zabbix
182.  
183. ### Option: DBPassword
184. # Database password. Ignored for SQLite.
185. # Comment this line if no password is used.
186. #
187. # Mandatory: no
188. # Default:
189. # DBPassword=
190.  
191. DBPassword=[redacted]
192.  
193. ### Option: DBSocket
194. # Path to MySQL socket.
195. #
196. # Mandatory: no
197. # Default:
198. # DBSocket=
199.  
200. # Option: DBPort
201. # Database port when not using local socket. Ignored for SQLite.
202. #
203. # Mandatory: no
204. # Default:
205. # DBPort=
206.  
207. ### Option: AllowUnsupportedDBVersions
208. # Allow proxy to work with unsupported database versions.
209. # 0 - do not allow
210. # 1 - allow
211. #
212. # Mandatory: no
213. # Default:
214. # AllowUnsupportedDBVersions=0
215.  
216. ######### PROXY SPECIFIC PARAMETERS #############
217.  
218. ### Option: ProxyLocalBuffer
219. # Proxy will keep data locally for N hours, even if the data have already been synced with the server.
220. # This parameter may be used if local data will be used by third party applications.
221. #
222. # Mandatory: no
223. # Range: 0-720
224. # Default:
225. # ProxyLocalBuffer=0
226.  
227. ### Option: ProxyOfflineBuffer
228. # Proxy will keep data for N hours in case if no connectivity with Zabbix Server.
229. # Older data will be lost.
230. #
231. # Mandatory: no
232. # Range: 1-720
233. # Default:
234. # ProxyOfflineBuffer=1
235.  
236. ### Option: ProxyBufferMode
237. # Specifies history, discovery and auto registration data storage mechanism:
238. # disk - data are stored in database and uploaded from database
239. # memory - data are stored in memory and uploaded from memory.
240. # If buffer runs out of memory the old data will be discarded.
241. # On shutdown the buffer is discarded.
242. # hybrid - the proxy buffer normally works like in memory mode until it runs out of memory or
243. # the oldest record exceeds the configured age. If that happens the buffer is flushed
244. # to database and it works like in disk mode until all data have been uploaded and
245. # it starts working with memory again. On shutdown the memory buffer is flushed
246. # to database.
247. #
248. # Mandatory: no
249. # Values: disk, memory, hybrid
250. # Default:
251. # ProxyBufferMode=disk
252.  
253. ProxyBufferMode=hybrid
254.  
255. ### Option: ProxyMemoryBufferSize
256. # Size of shared memory cache for collected history, discovery and auto registration data, in bytes.
257. # If enabled (not zero) proxy will keep history discovery and auto registration data in memory unless
258. # cache is full or stored records are older than defined ProxyMemoryBufferAge.
259. # This parameter cannot be used together with ProxyLocalBuffer parameter.
260. #
261. # Mandatory: no
262. # Range: 0,128K-2G
263. # Default:
264. # ProxyMemoryBufferSize=0
265.  
266. ProxyMemoryBufferSize=16M
267.  
268. ### Option: ProxyMemoryBufferAge
269. # Maximum age of data in proxy memory buffer, in seconds.
270. # When enabled (not zero) and records in proxy memory buffer are older, then it forces proxy buffer
271. # to switch to database mode until all records are uploaded to server.
272. # This parameter must be less or equal to ProxyOfflineBuffer parameter (note different units).
273. #
274. # Mandatory: no
275. # Range: 0,600-864000
276. # Default:
277. # ProxyMemoryBufferAge=0
278.  
279. ### Option: ConfigFrequency - Deprecated, use ProxyConfigFrequency
280. # How often proxy retrieves configuration data from Zabbix Server in seconds.
281. # For a proxy in the passive mode this parameter will be ignored.
282. # Mandatory: no
283.  
284. ### Option: ProxyConfigFrequency
285. # How often proxy retrieves configuration data from Zabbix Server in seconds.
286. # For a proxy in the passive mode this parameter will be ignored.
287. #
288. # Mandatory: no
289. # Range: 1-3600*24*7
290. # Default:
291. # ProxyConfigFrequency=10
292.  
293. ### Option: DataSenderFrequency
294. # Proxy will send collected data to the Server every N seconds.
295. # For a proxy in the passive mode this parameter will be ignored.
296. #
297. # Mandatory: no
298. # Range: 1-3600
299. # Default:
300. # DataSenderFrequency=1
301.  
302. ############ ADVANCED PARAMETERS ################
303.  
304. ### Option: StartPollers
305. # Number of pre-forked instances of pollers.
306. #
307. # Mandatory: no
308. # Range: 0-1000
309. # Default:
310. # StartPollers=5
311.  
312. ### Option: StartAgentPollers
313. # Number of pre-forked instances of asynchronous Zabbix agent pollers. Also see MaxConcurrentChecksPerPoller.
314. #
315. # Mandatory: no
316. # Range: 0-1000
317. # Default:
318. # StartAgentPollers=1
319.  
320. ### Option: StartHTTPAgentPollers
321. # Number of pre-forked instances of asynchronous HTTP agent pollers. Also see MaxConcurrentChecksPerPoller.
322. #
323. # Mandatory: no
324. # Range: 0-1000
325. # Default:
326. # StartHTTPAgentPollers=1
327.  
328. ### Option: StartSNMPPollers
329. # Number of pre-forked instances of asynchronous SNMP pollers. Also see MaxConcurrentChecksPerPoller.
330. #
331. # Mandatory: no
332. # Range: 0-1000
333. # Default:
334. # StartSNMPPollers=1
335.  
336. ### Option: MaxConcurrentChecksPerPoller
337. # Maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller.
338. #
339. # Mandatory: no
340. # Range: 1-1000
341. # Default:
342. # MaxConcurrentChecksPerPoller=1000
343.  
344. ### Option: StartIPMIPollers
345. # Number of pre-forked instances of IPMI pollers.
346. # The IPMI manager process is automatically started when at least one IPMI poller is started.
347. #
348. # Mandatory: no
349. # Range: 0-1000
350. # Default:
351. # StartIPMIPollers=0
352.  
353. ### Option: StartPreprocessors
354. # Number of pre-started instances of preprocessing worker threads should be set to no less than
355. # the available CPU core count. More workers should be set if preprocessing is not CPU-bound and has
356. # lots of network requests.
357. #
358. # Mandatory: no
359. # Range: 1-1000
360. # Default:
361. # StartPreprocessors=16
362.  
363. ### Option: StartPollersUnreachable
364. # Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
365. # At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
366. # are started.
367. #
368. # Mandatory: no
369. # Range: 0-1000
370. # Default:
371. # StartPollersUnreachable=1
372.  
373. ### Option: StartTrappers
374. # Number of pre-forked instances of trappers.
375. # Trappers accept incoming connections from Zabbix sender and active agents.
376. #
377. # Mandatory: no
378. # Range: 0-1000
379. # Default:
380. # StartTrappers=5
381.  
382. ### Option: StartPingers
383. # Number of pre-forked instances of ICMP pingers.
384. #
385. # Mandatory: no
386. # Range: 0-1000
387. # Default:
388. # StartPingers=1
389.  
390. ### Option: StartDiscoverers
391. # Number of pre-started instances of discovery workers.
392. #
393. # Mandatory: no
394. # Range: 0-1000
395. # Default:
396. # StartDiscoverers=5
397.  
398. ### Option: StartHTTPPollers
399. # Number of pre-forked instances of HTTP pollers.
400. #
401. # Mandatory: no
402. # Range: 0-1000
403. # Default:
404. # StartHTTPPollers=1
405.  
406. ### Option: JavaGateway
407. # IP address (or hostname) of Zabbix Java gateway.
408. # Only required if Java pollers are started.
409. #
410. # Mandatory: no
411. # Default:
412. # JavaGateway=
413.  
414. ### Option: JavaGatewayPort
415. # Port that Zabbix Java gateway listens on.
416. #
417. # Mandatory: no
418. # Range: 1024-32767
419. # Default:
420. # JavaGatewayPort=10052
421.  
422. ### Option: StartJavaPollers
423. # Number of pre-forked instances of Java pollers.
424. #
425. # Mandatory: no
426. # Range: 0-1000
427. # Default:
428. # StartJavaPollers=0
429.  
430. ### Option: StartVMwareCollectors
431. # Number of pre-forked vmware collector instances.
432. #
433. # Mandatory: no
434. # Range: 0-250
435. # Default:
436. # StartVMwareCollectors=0
437.  
438. ### Option: VMwareFrequency
439. # How often Zabbix will connect to VMware service to obtain a new data.
440. #
441. # Mandatory: no
442. # Range: 10-86400
443. # Default:
444. # VMwareFrequency=60
445.  
446. ### Option: VMwarePerfFrequency
447. # How often Zabbix will connect to VMware service to obtain performance data.
448. #
449. # Mandatory: no
450. # Range: 10-86400
451. # Default:
452. # VMwarePerfFrequency=60
453.  
454. ### Option: VMwareCacheSize
455. # Size of VMware cache, in bytes.
456. # Shared memory size for storing VMware data.
457. # Only used if VMware collectors are started.
458. #
459. # Mandatory: no
460. # Range: 256K-2G
461. # Default:
462. # VMwareCacheSize=8M
463.  
464. ### Option: VMwareTimeout
465. # Specifies how many seconds vmware collector waits for response from VMware service.
466. #
467. # Mandatory: no
468. # Range: 1-300
469. # Default:
470. # VMwareTimeout=10
471.  
472. ### Option: SNMPTrapperFile
473. # Temporary file used for passing data from SNMP trap daemon to the proxy.
474. # Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
475. #
476. # Mandatory: no
477. # Default:
478. # SNMPTrapperFile=/tmp/zabbix_traps.tmp
479.  
480. SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
481.  
482. ### Option: StartSNMPTrapper
483. # If 1, SNMP trapper process is started.
484. #
485. # Mandatory: no
486. # Range: 0-1
487. # Default:
488. # StartSNMPTrapper=0
489.  
490. ### Option: ListenIP
491. # List of comma delimited IP addresses that the trapper should listen on.
492. # Trapper will listen on all network interfaces if this parameter is missing.
493. #
494. # Mandatory: no
495. # Default:
496. # ListenIP=0.0.0.0
497.  
498. ### Option: HousekeepingFrequency
499. # How often Zabbix will perform housekeeping procedure (in hours).
500. # Housekeeping is removing outdated information from the database.
501. # To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
502. # hours of outdated information are deleted in one housekeeping cycle.
503. # To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start.
504. # With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
505. # In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
506. # period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
507. #
508. # Mandatory: no
509. # Range: 0-24
510. # Default:
511. # HousekeepingFrequency=1
512.  
513. ### Option: CacheSize
514. # Size of configuration cache, in bytes.
515. # Shared memory size, for storing hosts and items data.
516. #
517. # Mandatory: no
518. # Range: 128K-64G
519. # Default:
520. # CacheSize=8M
521.  
522. CacheSize=512M
523.  
524. ### Option: StartDBSyncers
525. # Number of pre-forked instances of DB Syncers.
526. #
527. # Mandatory: no
528. # Range: 1-100
529. # Default:
530. # StartDBSyncers=4
531.  
532. ### Option: HistoryCacheSize
533. # Size of history cache, in bytes.
534. # Shared memory size for storing history data.
535. #
536. # Mandatory: no
537. # Range: 128K-2G
538. # Default:
539. # HistoryCacheSize=16M
540.  
541. HistoryCacheSize=128M
542.  
543. ### Option: HistoryIndexCacheSize
544. # Size of history index cache, in bytes.
545. # Shared memory size for indexing history cache.
546. #
547. # Mandatory: no
548. # Range: 128K-2G
549. # Default:
550. # HistoryIndexCacheSize=4M
551.  
552. HistoryIndexCacheSize=128M
553.  
554. ### Option: Timeout
555. # Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix server, agent, web service, and for SNMP checks (except SNMP `walk[OID]` and `get[OID]` items) and `icmpping[*]` item.
556. #
557. # Mandatory: no
558. # Range: 1-30
559. # Default:
560. # Timeout=3
561.  
562. Timeout=4
563.  
564. ### Option: TrapperTimeout
565. # Specifies timeout in seconds for:
566. # Retrieval of configuration data from Zabbix server
567. # Global script / remote command execution
568. #
569. # Mandatory: no
570. # Range: 1-300
571. # Default:
572. # TrapperTimeout=300
573.  
574. ### Option: UnreachablePeriod
575. # After how many seconds of unreachability treat a host as unavailable.
576. #
577. # Mandatory: no
578. # Range: 1-3600
579. # Default:
580. # UnreachablePeriod=45
581.  
582. ### Option: UnavailableDelay
583. # How often host is checked for availability during the unavailability period, in seconds.
584. #
585. # Mandatory: no
586. # Range: 1-3600
587. # Default:
588. # UnavailableDelay=60
589.  
590. ### Option: UnreachableDelay
591. # How often host is checked for availability during the unreachability period, in seconds.
592. #
593. # Mandatory: no
594. # Range: 1-3600
595. # Default:
596. # UnreachableDelay=15
597.  
598. ## Option: StartODBCPollers
599. # Number of pre-forked ODBC poller instances.
600. #
601. # Mandatory: no
602. # Range: 0-1000
603. # Default:
604. # StartODBCPollers=1
605.  
606. ### Option: ExternalScripts
607. # Full path to location of external scripts.
608. # Default depends on compilation options.
609. # To see the default path run command "zabbix_proxy --help".
610. #
611. # Mandatory: no
612. # Default:
613. # ExternalScripts=/usr/lib/zabbix/externalscripts
614.  
615. ### Option: FpingLocation
616. # Location of fping.
617. # Make sure that fping binary has root ownership and SUID flag set.
618. #
619. # Mandatory: no
620. # Default:
621. # FpingLocation=/usr/sbin/fping
622.  
623. FpingLocation=/usr/bin/fping
624.  
625. ### Option: Fping6Location
626. # Location of fping6.
627. # Make sure that fping6 binary has root ownership and SUID flag set.
628. # Make empty if your fping utility is capable to process IPv6 addresses.
629. #
630. # Mandatory: no
631. # Default:
632. # Fping6Location=/usr/sbin/fping6
633.  
634. Fping6Location=/usr/bin/fping6
635.  
636. ### Option: SSHKeyLocation
637. # Location of public and private keys for SSH checks and actions.
638. #
639. # Mandatory: no
640. # Default:
641. # SSHKeyLocation=
642.  
643. ### Option: LogSlowQueries
644. # How long a database query may take before being logged (in milliseconds).
645. # Only works if DebugLevel set to 3 or 4.
646. # 0 - don't log slow queries.
647. #
648. # Mandatory: no
649. # Range: 1-3600000
650. # Default:
651. # LogSlowQueries=0
652.  
653. LogSlowQueries=3000
654.  
655. ### Option: TmpDir
656. # Temporary directory.
657. #
658. # Mandatory: no
659. # Default:
660. # TmpDir=/tmp
661.  
662. ### Option: AllowRoot
663. # Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy
664. # will try to switch to the user specified by the User configuration option instead.
665. # Has no effect if started under a regular user.
666. # 0 - do not allow
667. # 1 - allow
668. #
669. # Mandatory: no
670. # Default:
671. # AllowRoot=0
672.  
673. ### Option: User
674. # Drop privileges to a specific, existing user on the system.
675. # Only has effect if run as 'root' and AllowRoot is disabled.
676. #
677. # Mandatory: no
678. # Default:
679. # User=zabbix
680.  
681. ### Option: Include
682. # You may include individual files or all files in a directory in the configuration file.
683. # Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
684. #
685. # Mandatory: no
686. # Default:
687. # Include=
688.  
689. Include=/etc/zabbix/zabbix_proxy.d/*.conf
690.  
691. # Include=/usr/local/etc/zabbix_proxy.general.conf
692. # Include=/usr/local/etc/zabbix_proxy.conf.d/
693. # Include=/usr/local/etc/zabbix_proxy.conf.d/*.conf
694.  
695. ### Option: SSLCertLocation
696. # Location of SSL client certificates.
697. # This parameter is used in web monitoring and for communication with Vault.
698. # Default depends on compilation options.
699. # To see the default path run command "zabbix_proxy --help".
700. #
701. # Mandatory: no
702. # Default:
703. # SSLCertLocation=${datadir}/zabbix/ssl/certs
704.  
705. ### Option: SSLKeyLocation
706. # Location of private keys for SSL client certificates.
707. # This parameter is used in web monitoring and for communication with Vault.
708. # Default depends on compilation options.
709. # To see the default path run command "zabbix_proxy --help".
710. #
711. # Mandatory: no
712. # Default:
713. # SSLKeyLocation=${datadir}/zabbix/ssl/keys
714.  
715. ### Option: SSLCALocation
716. # Location of certificate authority (CA) files for SSL server certificate verification.
717. # If not set, system-wide directory will be used.
718. # This parameter is used in web monitoring, HTTP agent items and for communication with Vault.
719. #
720. # Mandatory: no
721. # Default:
722. # SSLCALocation=
723.  
724. ####### LOADABLE MODULES #######
725.  
726. ### Option: LoadModulePath
727. # Full path to location of proxy modules.
728. # Default depends on compilation options.
729. # To see the default path run command "zabbix_proxy --help".
730. #
731. # Mandatory: no
732. # Default:
733. # LoadModulePath=${libdir}/modules
734.  
735. ### Option: LoadModule
736. # Module to load at proxy startup. Modules are used to extend functionality of the proxy.
737. # Formats:
738. # LoadModule=<module.so>
739. # LoadModule=<path/module.so>
740. # LoadModule=</abs_path/module.so>
741. # Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
742. # If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
743. # It is allowed to include multiple LoadModule parameters.
744. #
745. # Mandatory: no
746. # Default:
747. # LoadModule=
748.  
749. ### Option: StatsAllowedIP
750. # List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
751. # Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
752. # will be accepted.
753. # If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
754. # and '::/0' will allow any IPv4 or IPv6 address.
755. # '0.0.0.0/0' can be used to allow any IPv4 address.
756. # Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
757. #
758. # Mandatory: no
759. # Default:
760. # StatsAllowedIP=
761. StatsAllowedIP=127.0.0.1
762.  
763. ####### TLS-RELATED PARAMETERS #######
764.  
765. ### Option: TLSConnect
766. # How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy.
767. # Only one value can be specified:
768. # unencrypted - connect without encryption
769. # psk - connect using TLS and a pre-shared key
770. # cert - connect using TLS and a certificate
771. #
772. # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
773. # Default:
774. # TLSConnect=unencrypted
775.  
776. ### Option: TLSAccept
777. # What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.
778. # Multiple values can be specified, separated by comma:
779. # unencrypted - accept connections without encryption
780. # psk - accept connections secured with TLS and a pre-shared key
781. # cert - accept connections secured with TLS and a certificate
782. #
783. # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
784. # Default:
785. # TLSAccept=unencrypted
786.  
787. ### Option: TLSCAFile
788. # Full pathname of a file containing the top-level CA(s) certificates for
789. # peer certificate verification.
790. #
791. # Mandatory: no
792. # Default:
793. # TLSCAFile=
794.  
795. ### Option: TLSCRLFile
796. # Full pathname of a file containing revoked certificates.
797. #
798. # Mandatory: no
799. # Default:
800. # TLSCRLFile=
801.  
802. ### Option: TLSServerCertIssuer
803. # Allowed server certificate issuer.
804. #
805. # Mandatory: no
806. # Default:
807. # TLSServerCertIssuer=
808.  
809. ### Option: TLSServerCertSubject
810. # Allowed server certificate subject.
811. #
812. # Mandatory: no
813. # Default:
814. # TLSServerCertSubject=
815.  
816. ### Option: TLSCertFile
817. # Full pathname of a file containing the proxy certificate or certificate chain.
818. #
819. # Mandatory: no
820. # Default:
821. # TLSCertFile=
822.  
823. ### Option: TLSKeyFile
824. # Full pathname of a file containing the proxy private key.
825. #
826. # Mandatory: no
827. # Default:
828. # TLSKeyFile=
829.  
830. ### Option: TLSPSKIdentity
831. # Unique, case sensitive string used to identify the pre-shared key.
832. #
833. # Mandatory: no
834. # Default:
835. # TLSPSKIdentity=
836.  
837. ### Option: TLSPSKFile
838. # Full pathname of a file containing the pre-shared key.
839. #
840. # Mandatory: no
841. # Default:
842. # TLSPSKFile=
843.  
844. ####### For advanced users - TLS ciphersuite selection criteria #######
845.  
846. ### Option: TLSCipherCert13
847. # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
848. # Override the default ciphersuite selection criteria for certificate-based encryption.
849. #
850. # Mandatory: no
851. # Default:
852. # TLSCipherCert13=
853.  
854. ### Option: TLSCipherCert
855. # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
856. # Override the default ciphersuite selection criteria for certificate-based encryption.
857. # Example for GnuTLS:
858. # NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
859. # Example for OpenSSL:
860. # EECDH+aRSA+AES128:RSA+aRSA+AES128
861. #
862. # Mandatory: no
863. # Default:
864. # TLSCipherCert=
865.  
866. ### Option: TLSCipherPSK13
867. # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
868. # Override the default ciphersuite selection criteria for PSK-based encryption.
869. # Example:
870. # TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
871. #
872. # Mandatory: no
873. # Default:
874. # TLSCipherPSK13=
875.  
876. ### Option: TLSCipherPSK
877. # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
878. # Override the default ciphersuite selection criteria for PSK-based encryption.
879. # Example for GnuTLS:
880. # NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
881. # Example for OpenSSL:
882. # kECDHEPSK+AES128:kPSK+AES128
883. #
884. # Mandatory: no
885. # Default:
886. # TLSCipherPSK=
887.  
888. ### Option: TLSCipherAll13
889. # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
890. # Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
891. # Example:
892. # TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
893. #
894. # Mandatory: no
895. # Default:
896. # TLSCipherAll13=
897.  
898. ### Option: TLSCipherAll
899. # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
900. # Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
901. # Example for GnuTLS:
902. # NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
903. # Example for OpenSSL:
904. # EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
905. #
906. # Mandatory: no
907. # Default:
908. # TLSCipherAll=
909.  
910. ### Option: DBTLSConnect
911. # Setting this option enforces to use TLS connection to database.
912. # required - connect using TLS
913. # verify_ca - connect using TLS and verify certificate
914. # verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
915. # matches its certificate
916. # On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
917. # "verify_full".
918. # On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
919. # Default is not to set any option and behavior depends on database configuration
920. #
921. # Mandatory: no
922. # Default:
923. # DBTLSConnect=
924.  
925. ### Option: DBTLSCAFile
926. # Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
927. # Supported only for MySQL and PostgreSQL
928. #
929. # Mandatory: no
930. # (yes, if DBTLSConnect set to one of: verify_ca, verify_full)
931. # Default:
932. # DBTLSCAFile=
933.  
934. ### Option: DBTLSCertFile
935. # Full pathname of file containing Zabbix proxy certificate for authenticating to database.
936. # Supported only for MySQL and PostgreSQL
937. #
938. # Mandatory: no
939. # Default:
940. # DBTLSCertFile=
941.  
942. ### Option: DBTLSKeyFile
943. # Full pathname of file containing the private key for authenticating to database.
944. # Supported only for MySQL and PostgreSQL
945. #
946. # Mandatory: no
947. # Default:
948. # DBTLSKeyFile=
949.  
950. ### Option: DBTLSCipher
951. # The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2
952. # Supported only for MySQL
953. #
954. # Mandatory no
955. # Default:
956. # DBTLSCipher=
957.  
958. ### Option: DBTLSCipher13
959. # The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol
960. # Supported only for MySQL, starting from version 8.0.16
961. #
962. # Mandatory no
963. # Default:
964. # DBTLSCipher13=
965.  
966. ### Option: Vault
967. # Specifies vault:
968. # HashiCorp - HashiCorp KV Secrets Engine - Version 2
969. # CyberArk - CyberArk Central Credential Provider
970. #
971. # Mandatory: no
972. # Default:
973. # Vault=HashiCorp
974.  
975. ### Option: VaultToken
976. # Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path
977. # specified in optional VaultDBPath configuration parameter.
978. # It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
979. #
980. # Mandatory: no
981. # (yes, if Vault is explicitly set to HashiCorp)
982. # Default:
983. # VaultToken=
984.  
985. ### Option: VaultURL
986. # Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
987. #
988. # Mandatory: no
989. # Default:
990. # VaultURL=https://127.0.0.1:8200
991.  
992. ### Option: VaultPrefix
993. # Custom prefix for Vault path or query depending on the Vault.
994. # Most suitable defaults will be used if not specified.
995. # Note that 'data' is automatically appended after mountpoint for HashiCorp if VaultPrefix is not specified.
996. # Example prefix for HashiCorp:
997. # /v1/secret/data/zabbix/
998. # Example prefix for CyberArk:
999. # /AIMWebService/api/Accounts?
1000. # Mandatory: no
1001. # Default:
1002. # VaultPrefix=
1003.  
1004. ### Option: VaultDBPath
1005. # Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
1006. # Keys used for HashiCorp are 'password' and 'username'.
1007. # Example path with VaultPrefix=/v1/secret/data/zabbix/:
1008. # database
1009. # Example path without VaultPrefix:
1010. # secret/zabbix/database
1011. # Keys used for CyberArk are 'Content' and 'UserName'.
1012. # Example query:
1013. # AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database
1014. # This option can only be used if DBUser and DBPassword are not specified.
1015. #
1016. # Mandatory: no
1017. # Default:
1018. # VaultDBPath=
1019.  
1020. ### Option: VaultTLSCertFile
1021. # Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
1022. # If the certificate file contains also the private key, leave the SSL key file field empty. The directory
1023. # containing this file is specified by configuration parameter SSLCertLocation.
1024. #
1025. # Mandatory: no
1026. # Default:
1027. # VaultTLSCertFile=
1028.  
1029. ### Option: VaultTLSKeyFile
1030. # Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
1031. # The directory containing this file is specified by configuration parameter SSLKeyLocation.
1032. #
1033. # Mandatory: no
1034. # Default:
1035. # VaultTLSKeyFile=
1036.  
1037. ####### For advanced users - TCP-related fine-tuning parameters #######
1038.  
1039. ## Option: ListenBacklog
1040. # The maximum number of pending connections in the queue. This parameter is passed to
1041. # listen() function as argument 'backlog' (see "man listen").
1042. #
1043. # Mandatory: no
1044. # Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
1045. # Default: SOMAXCONN (hard-coded constant, depends on system)
1046. # ListenBacklog=
1047.  
1048. ####### Browser monitoring #######
1049.  
1050. ### Option: WebDriverURL
1051. # WebDriver interface HTTP[S] URL. For example http://localhost:4444 used with Selenium WebDriver standalone server.
1052. #
1053. # Mandatory: no
1054. # Default:
1055. # WebDriverURL=
1056.  
1057. ### Option: StartBrowserPollers
1058. # Number of pre-forked instances of browser item pollers.
1059. #
1060. # Mandatory: no
1061. # Range: 0-1000
1062. # Default:
1063. # StartBrowserPollers=1