Documentation
Table of Contents
4 ????? ?????? ???? ???????
????? ?????
???? ?? ???? ???? ????? ?? Áú»¢¶Ä²© ???????? ????? ???? ?????? TLS ???????? ???:
| ??? ?????? | ????? Áú»¢¶Ä²© |
|---|---|
| MySQL | ???? Áú»¢¶Ä²©, ??? Áú»¢¶Ä²©, ?????? Áú»¢¶Ä²© |
| PostgreSQL | ????? ?? Áú»¢¶Ä²©, ??? Áú»¢¶Ä²©, ?????? ?? Áú»¢¶Ä²© |
??? ?????? ????? ????? ???? ?-DBMS, ???? ???? ????? ????? ??????:
- : ???? ??? ?????? ?? ????? ???? ??????.
- : ????? ?????? ???' ???? ??? ??????.
- ???????? ?????.
?? ???????? ??????? ?? ??????? ?-GA ?? MySQL CE (8.0) ?-PgSQL (13) ???? ??? ?????? ?????? ??????? AlmaLinux 8.
??????
?????? ?????? ????? ??? ?????? ?????:
- ????? ????? ?????? ?? ??? ?????? ?? OpenSSL >=1.1.X ?? ????????.
????? ?????? ?????? ????? ???? ??? ?????, ?????? ????? ?? ?????? ?????
- ???? ??? ?????? (RDBMS) ????? ??????? ?????? ???? ????? ?? ??? ?????. ?????? ????? ?????? ????? ?????? ?? ?????? ????? ??? ?????? ??????? ?????? ????? ????? ???? ??????, ???? ?????? ??????? RHEL 7 ? PostgreSQL 9.2, MariaDB 5.5 ??? ????? ??????.
???????????
????? ?????? ?? ????? ?????? ?????? TLS ???? ?????? ???/?????? ?? Áú»¢¶Ä²© ?-frontend ???? ??????:
- ???? - ????? ??????? TLS ???? ?????? ??? ???? ??????;
- verify_ca - ????? ??????? TLS ?????? ?????;
- verify_full - ????? ??????? TLS, ??? ????? ???? ??? ???? ??? ??????? (CN) ?????? ?? ??? DBHost ????? ?? ?????? ???;
????? Áú»¢¶Ä²©
???? ??? ???? ???????
???? ?????? ????? ?????? ???? ??????? ????? ?-frontend ????????:
- ??? ?? ???? ?????? ????? ??? TLS ????? ???? DB ????? ??? ????? ????? ??????.
- ??? ?? ???? ?????? ??? ????? ??? ?????? ??????? ???? ??? ????? TLS ????? ??? ????? ????? ?? ??????.
???? MySQL, ???? ?????? ????? ??? ?????? TLS ??? ?????, ?? ???? ??? ?????? ????? ????? ?????, ???? ????? ?????? ????? socket (?-Unix) ?? ??????? ????? (?-Windows) ???? ???? ????? ?????.
???? PostgreSQL, ???? ?????? ????? TLS ??????, ?? ???? ?? ???? ???? ??? ?????? ????? ??? ???? ?? ????? ???.
???????? ????? ?????? ??????? ?????? TLS ? ??? ??????? (?? ??? ????? ?????? ???????):
| ????? | ????? |
|---|---|
| ???? TLS CA ?? ??? ?????? | ???? ?? ????? ???? ????? ???? ????? TLS (CA) ????. |
| ???? ???? TLS ?? ??? ?????? | ???? ?? ????? ???? ????? ???? TLS ????. |
| ???? ????? TLS ?? ??? ?????? | ???? ?? ????? ???? ????? ????? TLS ????. |
| ????? ???? ??? ?????? | ??? ???? ????? ?? ??? ?????? ????? ????. ????? ???? MYSQL, ?????? ??????? PHP MySQL ???? ?????? ???? ?? ??? ????? ????? ????. |
| ????? ???? TLS ?? ??? ?????? | ???? ????? ?????? ????? ?? ????? ??????. ?????? ?? ????? ????? ???? ?????? ???? OpenSSL. ???? ???? MySQL ????. |
::: ???? ?? ???? ?????? TLS ?????? ?????? ?? ????? ??????. ?? ?? ?????? ?? ????? ?? ?????? ?? ?? ??????, ?? ????? ?- ????? ?????.
?? ???? ????? ?????? ??????, ?-frontend ???? ????? ????? ?????? information](/manual/web_interface/frontend_sections/reports/status_of_zabbix) ???? ?? "????? ????? TLS ?????? ????? ?????? ????." (???? ???? ?? ????? ?-PHP ??? ?????? ?? ??????).
??????? ??????? ???????? ???? ??????. :::
???? ?????
Frontend Áú»¢¶Ä²© ????? ????? GUI ??? ?????? ???????? ???????: ????, verify_ca, verify_full. ???? ?? ????????? ??????? ?????? ??? ???? ???? ?????? DB. ???????? ??? ?????? ?- ???? ?????? (zabbix.conf.php) ????? ???:
| ?????? GUI | ???? ????? | ????? | ????? |
|---|---|---|---|
 |
... // ???? ?????? TLS. $DB ['ENCRYPTION'] = true; $DB['KEY_FILE'] = ''; $DB['CERT_FILE'] = ''; $ DB['CA_FILE'] = ''; $DB['VERIFY_HOST'] = false; $DB['CIPHER_LIST'] = '';< br>... |
???? ????? TLS ?? ??? ?????? ????? ?? ????? ????? ??? ?????? ?? ????? |
???? ??? '????'. |
 |
... $DB['ENCRYPTION'] = true; \\ $DB['KEY_FILE'] = ''; $DB['CERT_FILE'] = ''; $DB['CA_FILE'?] = '/etc/ssl/mysql/ca.pem'; $DB['VERIFY_HOST'] = false; $DB['CIPHER_LIST'] = ''; ... |
1. ??? ?? ????? TLS ?? ??? ?????? ?-??? ?? ????? ??? ??????? 2. ???? ???? ?-???? TLS CA ?? ??? ?????? |
???? ?? ??? 'verify_ca'. |
 |
... // ???? ?????? TLS ?? ????? ?????? ?????? ???????. $DB['ENCRYPTION'] = true; $DB['KEY_FILE'] = '<key_file_path>'; $DB['CERT?_FILE'] = '<key_file_path>'; $DB['CA_FILE'] = '<key_file_path>'; $DB['??????_HOST'] = true; $DB['CIPHER_LIST'] = '<cipher_list>'; ... ??: ... // ???? ?????? TLS ??? ????? ???? ?????? - ???? ?? ??? ??? MySQL $DB['ENCRYPTION'] = true; $DB['KEY_FILE'] = '<key_file_path>'; $DB['CERT_FILE'] = '<key_file_path>'; $DB['CA_FILE'] = '<key_file_path>'; $DB['VERIFY_HOST'] = true; $DB['CIPHER_LIST'] = ''; . .. |
1. ??? ?? ????? TLS ?? ??? ?????? ?-??? ?? ????? ??? ??????? 2. ???? ???? ?-???? ???? TLS ?? ??? ?????? 3. ???? ???? ?-???? TLS CA ?? ??? ?????? 4. ???? ???? ?-???? ????? ??? ?????? TLS 6. ???? ????? ???? TLS (?????????) |
???? ??? '?????_full' ???? MySQL. |
 |
... $DB['ENCRYPTION'] = true; $DB['KEY_FILE'] = '<key_file_path>'; $DB['CERT_FILE'] = '<key_file_path>'; $DB['CA_FILE'] = '<key_file_path>'; $DB['VERIFY_HOST'] = true; $DB[' CIPHER_LIST'] = ' '; ... |
1. ??? ?? ????? TLS ?? ??? ?????? ?-??? ?? ????? ??? ??????? 2. ???? ???? ?-???? ???? TLS ?? ??? ?????? 3. ???? ???? ?-???? TLS CA ?? ??? ?????? 4. ???? ???? ?-???? ????? ??? ?????? TLS 6. ??? ????? ???? ??? ?????? |
???? ??? 'verify_full' ???? PostgreSQL. |
??? ??: ??????? ?????? ????? ???? MySQL, ????? ??????? ????? ???? PostgreSQL.
????? ???/?????? ?? Áú»¢¶Ä²©
???? ?????? ??????? ???????? ???? ??????? ?? ?????? ??????? ?-zabbix ??? ?/?? ???? ?????? ?? proxy.
| ????? | ????? |
|---|---|
| ??? | ????? ???? ??????? ??? ?????. |
| 1. ???? DBTLSConnect=required | ???/?????? ??? ????? TLS ???? ???????. ????? ?? ????? ????. |
| 1. ???? DBTLSConnect=verify_ca 2. ???? DBTLSCAFile - ???? ?? ???? ???? ???????? ?? TLS |
???/?????? ?????? ????? TLS ???? ??????? ???? ????? ????? ??? ???????. |
| 1. ???? DBTLSConnect=verify_full 2. ???? DBTLSCAFile - ???? ???? ???? ??????? TLS |
???/?????? ?????? ????? TLS ???? ??????? ???? ????? ????? ??? ??????? ????? ???? ??? ???????. |
| 1. ???? DBTLSCAFile - ???? ???? ???? ????? TLS 2. ???? DBTLSCertFile - ???? ?? ???? ????? ????? ??????? ?? ????? 3. ???? DBTLSKeyFile - ???? ?? ???? ????? ????? ?? ????? |
???/?????? ?????? ????? ???? ???? ???????? ???? ???????. |
| 1. ???? DBTLSCipher - ????? ???? ?????? ?????? ???? ???????? ??????? ????????? TLS ?? TLS 1.2 ?? DBTLSCipher13 - ????? ???? ?????? ?????? ???? ???????? ??????? ???????? TLS 1.3 |
(MySQL) TLS ?????? ????? ??????? ???? ??????? ???????. (PostgreSQL) ????? ?????? ?? ????? ??????. |