Skip to content

Instantly share code, notes, and snippets.

@PackeTsar

PackeTsar/zabbix-server-5.0-setup.md

Last active April 26, 2022 17:28
Show Gist options
  • Save PackeTsar/18d4765100a83521725b3d5b974ffd1a to your computer and use it in GitHub Desktop.
Save PackeTsar/18d4765100a83521725b3d5b974ffd1a to your computer and use it in GitHub Desktop.
Download ZIP
Zabbix Server 5.0 Setup
Raw
zabbix-server-5.0-setup.md

Zabbix 5.0 Setup Steps

My standard steps for setting up a new Zabbix server

This example is tuned for an install on a Raspberry Pi, but can be adapted to any Linux box

All commands are being run while logged in as root

Install/Setup MariaDB

# Install MariaDB
apt install mariadb-server
#
# Run the setup wizard
mysql_secure_installation

Install Zabbix

# Download package list for Debian 11
wget https://repo.zabbix.com/zabbix/5.0/raspbian/pool/main/z/zabbix-release/zabbix-release_5.0-2%2Bdebian11_all.deb
#
# Install package list
dpkg -i  zabbix-release_5.0-2+debian11_all.deb
apt update
#
# Install packages
apt install zabbix-server-mysql zabbix-frontend-php zabbix-apache-conf zabbix-agent
#
# Set up database
mysql -uroot -p
create database zabbix character set utf8 collate utf8_bin;
create user zabbix@localhost identified by 'password';
grant all privileges on zabbix.* to zabbix@localhost;
quit;
#
# Import database schema
zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix
#
# Adjust server config file
nano /etc/zabbix/zabbix_server.conf
#  - Set DB password like: DBPassword=password
#  - Set timeout like: Timeout=30
#
# Adjust agent config file
nano /etc/zabbix/zabbix_agentd.conf
#  - Allow agent to run scripts with: AllowKey=system.run[*]
#
# Set timezone in PHP config file
nano /etc/zabbix/apache.conf
#  - Set: php_value date.timezone America/Los_Angeles
#
# Restart Zabbix Server and Agent
systemctl restart zabbix-server zabbix-agent
systemctl status zabbix-server zabbix-agent

Set up Apache

  • Create a self-signed cert
# Create a directory for the cert files
mkdir /etc/ssl/zabbix/
#
# Create the files
openssl req -newkey rsa:2048 -nodes -keyout /etc/ssl/zabbix/certificate.key -x509 -days 3650 -out /etc/ssl/zabbix/certificate.pem
#  - Answer openssl questions
  • Adjust Apache modules and sites
# Enable needed modules
a2enmod ssl
a2enmod rewrite
#
# Disable the default site
a2dissite 000-default
  • Create Apache non-SSL site file with: nano /etc/apache2/sites-available/zabbix.conf
<VirtualHost *:80>
        DocumentRoot /usr/share/zabbix
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        RewriteEngine on
        # If accessing via the public NAT using the DNS name, then rewrite with the custom port
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [R]
</VirtualHost>
  • Create Apache SSL site file with: nano /etc/apache2/sites-available/zabbix-ssl.conf
<IfModule mod_ssl.c>
  <VirtualHost *:443>
        DocumentRoot /usr/share/zabbix
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ServerName zabbix.example.com
        SSLCertificateFile /etc/ssl/zabbix/certificate.pem
        SSLCertificateKeyFile /etc/ssl/zabbix/certificate.key
  </VirtualHost>
</IfModule>
  • Enable the non-SSL and SSL sites
# Enable the sites
a2ensite zabbix.conf
a2ensite zabbix-ssl.conf
#
# Restart Apache
systemctl reload apache2

Optimize MariaDB settings

  • Adjust the MariaDB settings with nano /etc/mysql/mariadb.conf.d/50-server.cnf
  • Add the below section under the [mysqld] header
# Custom Settings
innodb_buffer_pool_size=2G
innodb_buffer_pool_instances=8
innodb_flush_log_at_trx_commit=0
innodb_flush_method=O_DIRECT
innodb_log_file_size=134217728
innodb_io_capacity=2000
query_cache_size=0
query_cache_type=0
  • Restart MariaDB: systemctl restart mariadb.service
  • Check status: systemctl status mariadb.service

Set up SNMP and MIBs

# Install the packages
apt install snmp snmp-mibs-downloader
#
# Check the service status
systemctl status snmpd.service
#
# Download all the Cisco MIBs into the MIBs folder
cd /usr/share/snmp/mibs
wget ftp://ftp.cisco.com/pub/mibs/v2/*.my

Misc Apps

# Install DNSUtils to have `dig` available
apt install dnsutils
dig
#
# Install Fail2Ban
apt install fail2ban
systemctl status fail2ban.service
#
# Install Byobu
apt install byobu
byobu
#  - Hit CTRL-A, hit 1 and then ENTER
exit  # byobu
#
# Install MTR
apt install mtr
mtr google.com
#
#

Create MTR script

  • Install MTR with apt install mtr
  • Create the script file: nano /usr/lib/zabbix/externalscripts/mtrtrace.sh
  • Put the below in the file
#!/usr/bin/env bash
IP=$1
mtr -r -c3 -w -b $IP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment