Configure SSL for Zabbix Server Front end
Video Lecture
Description
The Zabbix Server doesn't have any transport encryption enabled yet, so any messages passed between our browser and the server are in plain text. We should secure our server asap with an SSL certificate.
I create the certificate using options provided by LetsEncrypt. This has the added benefit of being free.
So, we need to ssh onto the Zabbix Server and install Certbot
Ubuntu 20.04 with Apache
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --apache
And follow the prompts, and at the end your Zabbix Server will have an SSL certificate bound and accessed via HTTPS.
I can then visit my new Zabbix Server on Ubuntu 20.04 with SSL and a domain name at
https://zabbix.sbcode.net
Troubleshooting
Domain Propagation
The Certbot service will externally query your domain name on port 80 from random positions in the world to validate that the IP address making the request is the same as the A name record registered for the domain name. Ensure that your domain name has fully propagated across the internet before using Certbot. You can check your A name propagation progress using DNS Checker
Timeout during connect
Also, if you have a firewall blocking access to port 80, as I have done so far in this course when I set up the firewall, you will need to temporarily allow all HTTP (Port 80) requests to reach your web server so that the Certbot service can verify the request. Certbot will place a temporary static file somewhere in your web server folder and request it using HTTP. If the external Certbot service cannot retrieve this file, it will not issue the certificate.
Allow incoming HTTP & HTTPS
Finally, so that HTTPS works, as well as the HTTP 301 redirect, you should also ensure that you have allowed incoming HTTP (Port 80) and HTTPS (Port 443) on your firewall.