Installing Zabbix 5.4, Nginx, PostgreSQL 13 + TimescaleDB on Centos 8 / Rocky Linux

Zabbix is ​​a free system for monitoring and tracking the statuses of various services on a computer network, servers and network equipment.

TimescaleDB is a PostgreSQL time series extension. Time series can be stored in PostgreSQL and just like that, but TimescaleDB provides better performance on the same hardware.

Installing Zabbix and Nginx

Add Zabbix repository

$ sudo rpm -Uvh https://repo.zabbix.com/zabbix/5.4/rhel/8/x86_64/zabbix-release-5.4-1.el8.noarch.rpm

Add the Nginx repository

$ sudo nano /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=https://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=https://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

The stable version will be used by default. If you need a mainline version, switch

$ sudo dnf config-manager --set-enabled nginx-mainline

Removing all metadata

$ sudo dnf clean all

Install Zabbix for PostgreSQL and Nginx databases

$ sudo dnf install zabbix-server-pgsql zabbix-web-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-agent

Installing PostgreSQL 13

Disable the PostgreSQL module in the default AppStream repository

$ sudo dnf -qy module disable postgresql

Checking

$ sudo dnf module list postgresql
CentOS-8 - AppStream Local
Name                          Stream                       Profiles                             Summary                                              
postgresql                    9.6 [x]                      client, server [d]                   PostgreSQL server and client module                  
postgresql                    10 [d][x]                    client, server [d]                   PostgreSQL server and client module                  
postgresql                    12 [x]                       client, server [d]                   PostgreSQL server and client module                  
postgresql                    13 [x]                       client, server [d]                   PostgreSQL server and client module

Add PostgreSQL repository

$ sudo dnf -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm

Install PostgreSQL 13

$ sudo dnf -y install postgresql13 postgresql13-server

Initializing the base

$ sudo /usr/pgsql-13/bin/postgresql-13-setup initdb
Initializing database … OK

The main PostgreSQL config is located here:

/var/lib/pgsql/13/data/postgresql.conf

Launch PostgreSQL and add the service to startup

$ sudo systemctl enable --now postgresql-13

Checking the status

$ systemctl status postgresql-13

Setting a password for the postgres user

$ sudo su - postgres 
$ psql -c "alter user postgres with password 'mysuperpassword'"
ALTER ROLE
$ exit

Installing TimescaleDB

Add the TimescaleDB repository

$ sudo nano /etc/yum.repos.d/timescale_timescaledb.repo
[timescale_timescaledb]
name=timescale_timescaledb
baseurl=https://packagecloud.io/timescale/timescaledb/el/8/$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/timescale/timescaledb/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

Install utilities

$ sudo yum install pygpgme yum-utils

Install timescaledb

$ sudo yum install timescaledb-2-postgresql-13

Stop PostgreSQL

$ sudo systemctl stop postgresql-13

Tuning PostgreSQL (from root)

$ sudo su -c 'timescaledb-tune --pg-config=/usr/pgsql-13/bin/pg_config'

Starting PostgreSQL

$ sudo systemctl start postgresql-13

Setting up Zabbix and Nginx

Switching to the root user

$ sudo su

Create a database user for Zabbix

# sudo -u postgres createuser --pwprompt zabbix
Enter password for new role: zabbixpasswd
Enter it again: zabbixpasswd

Let’s create a database for Zabbix

# sudo -u postgres createdb -O zabbix zabbix

Importing the initial schema and data

# zcat /usr/share/doc/zabbix-sql-scripts/postgresql/create.sql.gz | sudo -u zabbix psql zabbix

We include the timescaledb extension

# echo "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" | sudo -u postgres psql zabbix

Download Zabbix sources and unpack the archive

# cd /tmp
# wget https://cdn.zabbix.com/zabbix/sources/stable/5.4/zabbix-5.4.3.tar.gz

# tar -zxvf zabbix-5.4.3.tar.gz

Importing schema and data for the timescaledb extension into PostgreSQL

# cat /tmp/zabbix-5.4.3/database/postgresql/timescaledb.sql | sudo -u zabbix psql zabbix
Creating home directory for zabbix.
NOTICE:  PostgreSQL version 13.3 is valid
NOTICE:  TimescaleDB extension is detected
NOTICE:  TimescaleDB version 2.4.0 is valid
NOTICE:  TimescaleDB is configured successfully
DO

Editing PostgreSQL config

$ sudo nano /var/lib/pgsql/13/data/pg_hba.conf
...
#host    all             all             127.0.0.1/32            scram-sha-256
host    zabbix          zabbix          127.0.0.1/32            md5

We restart the service

$ sudo systemctl restart postgresql-13

Configuring Zabbix connection to PostgreSQL

$ sudo nano /etc/zabbix/zabbix_server.conf
DBHost=127.0.0.1
DBName=zabbix
DBUser=zabbix
DBPassword=zabbixpasswd

Configuring Nginx

$ sudo nano /etc/nginx/conf.d/zabbix.conf
        listen          80;
        server_name     zabbix.example.ru;
...

Restart the services and add them to startup

$ sudo systemctl restart zabbix-server zabbix-agent nginx php-fpm
$ sudo systemctl enable zabbix-server zabbix-agent nginx php-fpm

Configuring Firewall and SeLinux

Opening ports 80/443

$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
$ sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
$ sudo firewall-cmd --reload

Run the following commands to grant the Zabbix frontend permission to connect to the server

$ sudo setsebool -P httpd_can_connect_zabbix on

You also need to grant the Zabbix frontend permission to connect to the database.

$ sudo setsebool -P httpd_can_network_connect_db on

Downloading a ready-made module for configuring SeLinux

$ cd /tmp
$ wget https://support.zabbix.com/secure/attachment/53320/zabbix_server_add.te

$ checkmodule -M -m -o zabbix_server_add.mod zabbix_server_add.te
$ semodule_package -m zabbix_server_add.mod -o zabbix_server_add.pp
$ semodule -i zabbix_server_add.pp

We create our own module. In order for this to work, you need to unsuccessfully start the zabbix server with selinux enabled at least once.

$ sudo ausearch -c 'zabbix_server' --raw | audit2allow -M my-zabbixserver
$ sudo semodule -X 300 -i my-zabbixserver.pp

After that, zabbix-server should start with SeLinux enabled

$ sudo systemctl restart zabbix-server

Next, go to the web interface and complete the Zabbix configuration