Installing Zabbix Proxy + SQLite on Centos 8 / Rocky Linux

Zabbix proxy is a service capable of collecting monitoring data from one or more monitored devices and sending this information to the Zabbix server, so the proxy works on behalf of the server. Used for scaling, centralizing Zabbix.

Installing the required sophie

$ sudo dnf install -y zabbix-proxy-sqlite3 zabbix-agent policycoreutils-python-utils nano

Create a directory for the database and assign the owner of the directory

$ sudo mkdir /var/lib/zabbix/
$ sudo chown -R zabbix. /var/lib/zabbix/

If you create a directory different from / var / lib / zabbix, in the future there will be problems with SeLinux

Open the zabbix proxy settings file and edit it

$ sudo grep -vE '(^[[:space:]]*([#;!].*)?$)' /etc/zabbix/zabbix_proxy.conf

Server=192.168.31.10     #адрес нашего zabbix сервера
Hostname=srv-zbproxy-01          #имя прокси сервера
LogFile=/var/log/zabbix/zabbix_proxy.log
LogFileSize=1024
PidFile=/var/run/zabbix/zabbix_proxy.pid
SocketDir=/var/run/zabbix
DBName=/var/lib/zabbix/zabbix_proxy /путь до базы данных.
DBUser=zabbix
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
Timeout=4
LogSlowQueries=3000
StatsAllowedIP=127.0.0.1

Launch zabbix-proxy (be sure to generate selinux rules in the future)

$ sudo systemctl start zabbix-proxy

The service will not start.

Add SELinux rules so that it does not block the zabbix proxy

$ cd /tmp
$ sudo grep zabbix_proxy /var/log/audit/audit.log | grep denied | audit2allow -m zabbix_proxy > zabbix_proxy.te
$ sudo grep zabbix_proxy /var/log/audit/audit.log | grep denied | audit2allow -M zabbix_proxy
$ sudo semodule -i zabbix_proxy.pp

Now you can start zabbix proxy, add it to startup and check the status

$ sudo systemctl start zabbix-proxy
$ sudo systemctl enable zabbix-proxy
$ sudo systemctl status zabbix-proxy

We look at the logs

$ sudo tail -f /var/log/zabbix/zabbix_proxy.log

Configuring PSK encryption.

Generate our PSK and save it

$ openssl rand -hex 32 | sudo tee /var/lib/zabbix/proxy.psk

Change proxy.psk owner

$ sudo chown zabbix. /var/lib/zabbix/proxy.psk

Editing the zabbix proxy config, adding lines for PSK encryption

$ sudo nano /etc/zabbix/zabbix_proxy.conf
...
####### TLS-RELATED PARAMETERS #######
TLSConnect=psk

TLSPSKIdentity=srv-zbproxy-01
TLSPSKFile=/var/lib/zabbix/proxy.psk

We restart the service

$ sudo systemctl restart zabbix-proxy

Zabbix proxy is configured. Next, you need to register it on the Zabbix Server and add our PSK encryption key there.