zabbix-docker icon indicating copy to clipboard operation
zabbix-docker copied to clipboard

Published 20 hours ago verified publisher icon zabbix

Feature request - enable NGINX stub_status for monitoring

Open Zablove opened this issue 1 year ago • 1 comments

Zabbix provide a NGINX template to provide NGINX monitoring. This template however requires the stub_status module to be enabled. https://www.zabbix.com/integrations/nginx

My suggestion would be to enable this by default at IP 127.0.0.1 and create a variable so that you will be able to change the source IP because the checks will not be performed by an agent installed at the container.

NGINX suggests the stub_status page not to publish to everyone: https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/

Probably also a good idea to restrict access to the current status and ping pages.

Current config:

    location ~ ^/(status|ping)$ {
        access_log off;
        fastcgi_pass   unix:/tmp/php-fpm.sock;

        fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
        include fastcgi_params;
    }

Suggestions: Status and ping page:

    location ~ ^/(status|ping)$ {
        access_log off;
        allow 127.0.0.1; #<variable
        fastcgi_pass   unix:/tmp/php-fpm.sock;

        fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
        include fastcgi_params;
    }

Basic_status page:

location = /basic_status {
        stub_status;
        allow 127.0.0.1; #<variable
}

Zablove avatar Jan 22 '24 10:01 Zablove

Unless I'm missing something, it won't work in the container: you need to expose the port from the server container to zabbix-agent or other containers which want to read the stub page.

The only working solution I know of in the container is posting the stub_status page on the separate port, which is then exposed only to other containers or to 127.0.0.1 on the host container.

Configuration for Nginx would look like that:

server {
    listen 8084 default;
    server_name  _;
    location / {
        stub_status;
        access_log   off;
   }
}

docker-compose configuration:

services:
  nginx:
    expose:
      - "8084"
    ports:
      - "80:80"
      - "443:443"
      # in case zabbix-agent runs on the host and not in another container 
      # - "127.0.0.1:8084:8084"

Overall, I think it shouldn't be included in the base image. It wouldn't work for 99.99% of the users, as it would require additional setup on their part.

paskal avatar Jun 09 '24 09:06 paskal