Zabbix Integration Instructions (#960)
This commit is contained in:
parent
cec47c3cfc
commit
7bef6f7153
60
website/docs/integrations/services/zabbix/index.md
Normal file
60
website/docs/integrations/services/zabbix/index.md
Normal file
|
@ -0,0 +1,60 @@
|
|||
---
|
||||
title: Zabbix
|
||||
---
|
||||
|
||||
## What is Zabbix
|
||||
|
||||
From https://www.zabbix.com/features
|
||||
|
||||
:::note
|
||||
Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
|
||||
|
||||
Zabbix is Open Source and comes at no cost.
|
||||
:::
|
||||
|
||||
## Preparation
|
||||
|
||||
The following placeholders will be used:
|
||||
|
||||
- `zabbix.company` is the FQDN of the Zabbix install.
|
||||
- `authentik.company` is the FQDN of the authentik install.
|
||||
|
||||
Create an application in authentik and note the slug, as this will be used later. Create a SAML provider with the following parameters:
|
||||
|
||||
- ACS URL: `https://zabbix.company/zabbix/index_sso.php?acs`
|
||||
- Issuer: `zabbix`
|
||||
- Service Provider Binding: Post
|
||||
|
||||
You can of course use a custom signing certificate, and adjust durations.
|
||||
|
||||
## Zabbix Configuration
|
||||
|
||||
Navigate to `https://zabbix.company/zabbix/zabbix.php?action=authentication.edit` and select SAML settings to configure SAML.
|
||||
|
||||
Check the box to enable SAML authentication.
|
||||
|
||||
Set the Field `IdP entity ID` to `zabbix`.
|
||||
|
||||
Set the Field `Username attribute` to `http://schemas.goauthentik.io/2021/02/saml/username`
|
||||
|
||||
Set the Field `SP entity ID` to `https://authentik.company/application/saml/zabbix/sso/binding/redirect/`
|
||||
|
||||
Check the box for `Case sensitive login`.
|
||||
|
||||
For the `SAML Service Provider Certificate` and `SAML Service Provider Private Key`, you can either use custom certificates, or use the self-signed pair generated by authentik.
|
||||
|
||||
Copy the cert and key to `/usr/share/zabbix/conf/certs/`, the system looks for `sp.key` and `sp.crt` by default.
|
||||
|
||||
The certificate path can be configured in the Zabbix frontend configuration file (zabbix.conf.php)
|
||||
|
||||
```
|
||||
$SSO['SP_KEY'] = '<path to the SP private key file>';
|
||||
$SSO['SP_CERT'] = '<path to the SP cert file>';
|
||||
```
|
||||
|
||||
For additional security you can enable the Verification Certificate by checking the `Sign -> AuthN requests` in the Zabbix configuration and adding the IDP Certificate to the cert path above or defining it in your Zabbix frontend configuration file.
|
||||
|
||||
```
|
||||
$SSO['IDP_CERT'] = '<path to the IDP cert file>';
|
||||
```
|
||||
|
|
@ -71,6 +71,7 @@ module.exports = {
|
|||
"integrations/services/veeam-enterprise-manager/index",
|
||||
"integrations/services/vmware-vcenter/index",
|
||||
"integrations/services/wiki-js/index",
|
||||
"integrations/services/zabbix/index",
|
||||
],
|
||||
},
|
||||
],
|
||||
|
|
Reference in a new issue