Proper configuration for reverse proxy setup

[ikcalB]

Running zabbix behind a reverse proxy / loadbalancer (LB) ist not currently possible:

The parameter zabbix_url is not only used as the frontend-URL, but also the server name.
Behind an LB these 2 are different, i.e:

• host name: my-host.localdomain.lan
• url: monitoring.company.com

In such a setup zabbix would run without TLS on :80. The LB is taking care of the TLS handshake.
zabbixapi will try to use the current zabbix_url to connect to the /api_jsonrpc.php path.
When it hits a permanent redirect (301) it exits with an error.

Workaround

For the workaround to work, (Not a permanent solution:!)_:

• Use the hostname as URL.
• Then, make this vhost the default vhost.
  (no puppet run allowed atm, because default_vhost is not honored, and would reset the manual change)

Affected Puppet, Ruby, OS and module versions/distributions

presumably all, if not a regression

How to reproduce (e.g Puppet code you use)

see initial description. puppet snippet:

  class { 'zabbix':
    zabbix_version => '6.0',
    #default_vhost  => true,   # FIXME: parameter is not passed to zabbix::web!
    zabbix_url    => 'my-host.localdomain.com',

    manage_resources => true,
  }

What are you seeing

parameter zabbix{default_vhost} has no effect.

What behaviour did you expect instead

the parameter zabbix{default_vhost} should work as intended.

• Also take a look into the use of zabbix_url, and possibly seperate hostname from url.
  (url beeing optional, defaulting to the url.)

URL does not support schemes btw, so http or https will upset the apache::vhost snippet: it tries to create a filename containing slashes.

• another approach: Add support for apache::vhost{serveraliasses}` parameter which allows to specify additional fqdns for the vhost to listen on.