I am writing this post and for others as I am installing Zabbix-server, zabbix-agent with postgresql with letsencrypt if anyone can help out wherever I am wrong or needs improvement please let me know. This post will help others as well who are struggling.
Zabbixserver+ zabbixweb+ postgresql+letsencrypt
- Copying doas in /etc
cp /etc/examples/doas.conf /etc
adding lines in doas.conf
#my change to not ask password once entered
permit persist :wheel
- Copy of acme-client from examples
cp /etc/examples/acme-client.conf /etc
- Configure with your FQDN
#
# $OpenBSD: acme-client.conf,v 1.4 2020/09/17 09:13:06 florian Exp $
#
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
api url "https://acme-staging-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
authority buypass {
api url "https://api.buypass.com/acme/directory"
account key "/etc/acme/buypass-privkey.pem"
contact "mailto:me@example.com"
}
authority buypass-test {
api url "https://api.test4.buypass.no/acme/directory"
account key "/etc/acme/buypass-test-privkey.pem"
contact "mailto:me@example.com"
}
domain yourdomain.com {
# alternative names { secure.domain.com }
domain key "/etc/ssl/private/domain.com.key"
domain full chain certificate "/etc/ssl/domain.com.fullchain.pem"
sign with letsencrypt
}
- Installing all the packages ( if any missing let me know )
pkg_add zabbix-server-6.2.6-pgsql zabbix-web-6.2.6p0 zabbix-agent-6.2.6p0 postgresql-server-15.2p0 postgresql-client-15.2
- sysctl limits need to be set
`When using PostgreSQL at least the following sysctl limits need to be set:
kern.seminfo.semmni=30
kern.seminfo.semmns=120
kern.shminfo.shmall=524288`
6.login with user _postgres
su - _postgresql
mkdir /var/postgresql/data
initdb -D /var/postgresql/data -U postgres \
-W -A scram-sha-256 -E UTF-8 --locale=en_US.UTF-8
Starting postgresql while logged in user _postgres
pg_ctl -D /var/postgresql/data -l logfile start
$ exit
create the database and user for Zabbix
$ createuser -U postgres --pwprompt --no-superuser --createdb --no-createrole zabbix
$ createdb -U zabbix zabbix
Import initial schema and data
$ cd /usr/local/share/zabbix/schema/postgresql
$ cat schema.sql | psql -U zabbix zabbix
$ cat images.sql | psql -U zabbix zabbix
$ cat data.sql | psql -U zabbix zabbix
6.Bottom of the login.conf file
vi /etc/login.conf
zabbix_server:\
:openfiles-cur=1024:\
:openfiles-max=2048:\
:tc=daemon:
postgresql:\
:openfiles=1024:\
:tc=daemon:
- backing up server and agent original config.
cp /etc/zabbix/zabbix_agentd.conf /etc/zabbix/zabbix_agentd.conf.original
cp /etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf.original
- Directory and copying files for httpd chroot to make DNS work.
mkdir -p /var/www/etc
cp /etc/resolv.conf /var/www/etc
cp /etc/hosts /var/www/etc
- Adding httpd.conf one can copy from examples
cp /etc/examples/httpd.conf /etc
# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $
ext_addr="*"
domain="yourdomain.com"
prefork 3
server $domain {
listen on $ext_addr port 80
block return 301 "https://$SERVER_NAME$REQUEST_URI"
}
server $domain {
root "/zabbix"
listen on $ext_addr tls port 443
tls {
certificate "/etc/ssl/yourdomain.com.fullchain.pem"
key "/etc/ssl/private/yourdomain.com.key"
ciphers "secure"
}
hsts max-age 16000000
hsts preload
# Increase connection limits to extend the lifetime
connection { max requests 500, timeout 3600 }
connection { max request body 8388608 }
directory {
index "index.php"
}
location "/conf/*" {
block return 401
}
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
}
# Include MIME types instead of the built-in ones
types {
include "/usr/share/misc/mime.types"
}
Hold on still need to work arround and add things
Thanking you.