Skip to content

Enable PSK Encryption for Zabbix Proxy

Video Lecture

Enable PSK Encryption for Zabbix Proxy Enable PSK Encryption for Zabbix Proxy

 (Pay Per View)

You can use PayPal to purchase a one time viewing of this video for $1.49 USD.

Pay Per View Terms

  • One viewing session of this video will cost the equivalent of $1.49 USD in your currency.
  • After successful purchase, the video will automatically start playing.
  • You can pause, replay and go fullscreen as many times as needed in one single session for up to an hour.
  • Do not refresh the browser since it will invalidate the session.
  • If you want longer-term access to all videos, consider purchasing full access through Udemy or YouTube Memberships instead.
  • This Pay Per View option does not permit downloading this video for later viewing or sharing.
  • All videos are Copyright © 2019-2025 Sean Bradley, all rights reserved.

Description

This time I set up PSK encryption specifically for communications between the Zabbix Server and the Zabbix Proxy.

Enabling PSK encryption for Agents behind a Proxy, only encrypts communications between the Agent and the Proxy.

If your agents are in a DMZ then you may not desire encryption. But you should at least also encrypt the communications between the Zabbix Server and Proxy if it travels across a public network.

In the video, I am using a Raspberry PI with the pi user that is not a root user.

There are extra considerations when you are not a root user.

So, after using SSH to logon to the Raspberry Pi as the pi user, the commands were,

sudo openssl rand -hex 32 > secret.psk

Read and copy the contents of the new secret.psk for later. You will enter it into the Zabbix UI.

cat secret.psk

Note that this file was created in the /home/pi/ folder with the owner and group being pi:pi.

Now to make a new home folder for the zabbix user.

sudo mkdir /home/zabbix

Now to move the new secret.psk to /home/zabbix

sudo mv secret.psk /home/zabbix/

Now to change the ownership of the /home/zabbix directory and it all its files to the zabbix:zabbix user and group.

sudo chown -R zabbix:zabbix /home/zabbix

Next to edit the proxy configuration file.

sudo nano /etc/zabbix/zabbix_proxy.conf

Edit the properties,

TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=[any text that is safe to use since it won't be encrypted. I used `raspberrypi`]
TLSPSKFile=/home/zabbix/secret.psk

Restart the proxy and check its status.

sudo service zabbix-proxy restart
sudo service zabbix-proxy status

Now to configure the proxy information in the Zabbix UI to use the PSK encryption with the same identity and secret that you've added to the zabbix_proxy.conf.