Differences

This shows you the differences between two versions of the page.

--- zabbix_7.4_sur_debian_12_avec_ssl [2025/07/08 05:52] – [Zabbix 7.4 Installation on Debian 12] Fabián Rodríguez
+++ zabbix_7.4_sur_debian_12_avec_ssl [2025/07/08 05:57] (current) – removed Fabián Rodríguez
@@ Line 1: / Line 1: @@
-===== Zabbix 7.4 Installation on Debian 12 =====
-These instructions make the assumption :
-  * You have a Debian 12 "vanilla" setup, only SSH server and no desktop environment
-  * No root account, all commands are run as ''sudo'' - this usually starts with ''sudo -s'' after login.
-  * Zabbix server is NOT Internet-facing, and runs in a LAN, isolated environment
-For an Internet-facing install, consider setting up an SSL certificate with certbot, and configuring two-factor authentication (2FA).
-[[https://www.zabbix.com/documentation/current/en/manual|Full official documentation is available at Zabbix.com]].
-== Credits ==
-  * Fabian Rodríguez, François Baillargeon (review) - [[https://legoutdulibre.com/en/zabbix-monitoring-supervision-en-temps-reel-pour-une-infrastructure-resiliente/|Le Goût du Libre]]
-==== 1. Configure Locales ====
-Set up ''en_US.UTF-8'' and any additional locales for multi-language support in Zabbix:
-<code>
-dpkg-reconfigure locales
-</code>
-==== 2. Install MariaDB (Zabbix Database Backend) ====
-Install the default MariaDB server package:
-<code>
-apt install default-mysql-server
-</code>
-==== 3. Secure MariaDB Setup ====
-Run as ''root'' to improve database security:
-<code>
-mariadb-secure-installation
-</code>
-Answer 'n' to the first two questions, assuming you have no ''root'' account setup.
-==== 4. Add Zabbix Repository ====
-Download and install official Zabbix APT package - whis will add Zabbix repositories to your servers', and update the repositories database:
-<code>
-wget https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian12_all.deb
-dpkg -i zabbix-release_latest_7.4+debian12_all.deb
-apt update
-</code>
-==== 5. Install Zabbix Components ====
-Install server, frontend (PHP), Apache configuration, SQL scripts, and agent:
-<code>
-apt install zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-sql-scripts zabbix-agent
-</code>
-==== 6. Create Zabbix Database and Import Schema ====
-Connect to MariaDB and create database/user:
-<code>
-mysql -uroot -p
-</code>
-(press enter as your ''root'' user is not defined)
-**Important** : The second statement should be changed to use a password of your choice.
-<code>
-create database zabbix character set utf8mb4 collate utf8mb4_bin;
-create user zabbix@localhost identified by 'password';
-grant all privileges on zabbix.* to zabbix@localhost;
-set global log_bin_trust_function_creators = 1;
-quit;
-</code>
-Import initial schema:
-<code>
-zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbix
-</code>
-Disable trust function flag after import:
-<code>
-mysql -uroot -p
-</code>
-<code>
-set global log_bin_trust_function_creators = 0;
-quit;
-</code>
-==== 7. Configure Zabbix Server ====
-Set the database password in ''/etc/zabbix/zabbix_server.conf'' (replace with the password set in step 6 above):
-<code>
-DBPassword=password
-</code>
-==== 8. Start and Enable Zabbix Services ====
-Start and enable server, agent, and Apache:
-<code>
-systemctl restart zabbix-server zabbix-agent apache2
-systemctl enable zabbix-server zabbix-agent apache2
-</code>
-==== 9. Access Zabbix Web UI ====
-Open Zabbix frontend in a browser to test the installation has completed well (don't finish it just yet, SSL setup is next!):
-<code>
-http://your-server-ip/zabbix
-</code>
-===== SSL Setup =====
-Using SSL in a LAN environment helps protect sensitive data like login credentials from being intercepted or tampered with—even on internal networks where threats can arise from compromised devices or curious users.
-While self-signed certificates aren't trusted publicly, they're perfectly acceptable in closed systems where you control the environment and trust the endpoints.
-==== 1. Generate Self-Signed Certificate ====
-Create directory:
-<code>
-sudo mkdir -p /etc/ssl/zabbix
-</code>
-Generate cert:
-<code>
-sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/zabbix/zabbix.key -out /etc/ssl/zabbix/zabbix.crt -subj "/C=CA/ST=Quebec/L=Boisbriand/O=ZabbixLAN/CN=zabbix.local"
-</code>
-==== 2. Configure Apache for SSL ====
-Enable SSL module and default SSL site:
-<code>
-sudo a2enmod ssl
-sudo a2ensite default-ssl
-</code>
-Edit SSL virtual host:
-<code>
-sudo nano /etc/apache2/sites-available/default-ssl.conf
-</code>
-Update config:
-<code>
-SSLEngine on
-SSLCertificateFile /etc/ssl/zabbix/zabbix.crt
-SSLCertificateKeyFile /etc/ssl/zabbix/zabbix.key
-DocumentRoot /usr/share/zabbix
-</code>
-==== 3. Force HTTP to Redirect to HTTPS ====
-This prevents accidentally using http (plain-text) to connect to your server.
-Edit HTTP virtual host:
-<code>
-sudo nano /etc/apache2/sites-available/000-default.conf
-</code>
-Add inside ''<VirtualHost *:80>'':
-<code>
-Redirect "/" "https://your-server-ip/zabbix"
-</code>
-Replace ''your-server-ip'' with your actual IP or hostname.
-==== 4. Apply Changes ====
-Restart Apache:
-<code>
-sudo systemctl restart apache2
-</code>
-==== 5. Access the Frontend ====
-Use:
-<code>
-https://your-server-ip/zabbix
-</code>
-Accept the browser warning for the self-signed certificate.
-The default access credentials are :
-  * User :  **Admin**
-  * Password : **zabbix**