Skip to content


 Zabbix
 Grafana
 Prometheus
 Threejs and TypeScript
 SocketIO and TypeScript
 Blender Topological Earth
 Sweet Home 3D
 Design Patterns Python
 Design Patterns TypeScript
   
 Course Coupon Codes
Three.js and TypeScript
Kindle Edition
$9.99 $14.99 Paperback 
$29.99 $34.99




Design Patterns in TypeScript
Kindle Edition
$9.99 $14.99 Paperback
$19.99 $24.99




Design Patterns in Python
Kindle Edition
$9.99 $14.99 Paperback
$19.99 $24.99




Configure SSL for Zabbix Server Front end

Video Lecture

Configure SSL for Zabbix Server Front end Configure SSL for Zabbix Server Front end Configure SSL for Zabbix Server Front end

Description

The Zabbix Server doesn't have any transport encryption enabled yet, so any messages passed between our browser and the server are in plain text. We should secure our server asap with an SSL certificate.

I create the certificate using options provided by LetsEncrypt. This has the added benefit of being free.

So, we need to ssh onto the Zabbix Server and install Certbot

Ubuntu 20.04 with Apache

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache

And follow the prompts, and at the end your Zabbix Server will have an SSL certificate bound and accessed via HTTPS.

I can then visit my new Zabbix Server on Ubuntu 20.04 with SSL and a domain name at

https://zabbix.sbcode.net

Troubleshooting

Domain Propagation

The Certbot service will externally query your domain name on port 80 from random positions in the world to validate that the IP address making the request is the same as the A name record registered for the domain name. Ensure that your domain name has fully propagated across the internet before using Certbot. You can check your A name propagation progress using DNS Checker

Timeout during connect

Also, if you have a firewall blocking access to port 80, as I have done so far in this course when I set up the firewall, you will need to temporarily allow all HTTP (Port 80) requests to reach your web server so that the Certbot service can verify the request. Certbot will place a temporary static file somewhere in your web server folder and request it using HTTP. If the external Certbot service cannot retrieve this file, it will not issue the certificate.

Allow incoming HTTP & HTTPS

Finally, so that HTTPS works, as well as the HTTP 301 redirect, you should also ensure that you have allowed incoming HTTP (Port 80) and HTTPS (Port 443) on your firewall.