Second VM Rocky Linux Zabbix Network Monitoring - sullivaneg/Raspberry-Pi-Proxmox-Lab GitHub Wiki

Overview

The goal of this lab is to install an open source network monitoring tool called Zabbix on a Rocky Linux VM. I'm creating a new VM because Open Project requires a lot of resources so I want to be able to turn it off to access this if I need to.

Installation

Documentation

  1. Create New Rocky VM (Entry]
  2. Install Rabbix repo
  • sudo rpm -Uvh https://repo.zabbix.com/zabbix/7.4/release/rocky/10/noarch/zabbix-release-latest-7.4.el10.noarch.rpm
  • sudo dnf clean all
  1. Install Zabbix server, frontend, agent
  • sudo dnf install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent
  1. SELinux Configuration
  • sudo setsebool -P httpd_can_connect_zabbix on
  • sudo setsebool -P httpd_can_network_connect_db on

Database Creation

Documentation

Install MariaDB

  1. sudo dnf update -y
  2. sudo dnf install -y mariadb-server
  3. sudo systemctl enable --now mariadb
  4. Checkpoint 1: Successfully Installed -> sudo systemctl status mariadb
    Screenshot 2025-11-29 at 10 53 21 PM

Secure the Installation

  1. sudo mysql_secure_installation
  • no current password
  • set root password
  • remove anonymous users
  • disallow root login remotely
  • remove test database
  • reload privilege table
  1. sudo marinade -u root -p -> enter password

Create Database and User

  1. create database zabbix character set utf8mb4 collate utf8mb4_bin;
  2. create user 'zabbix'@'localhost' identified by '<password>';
  3. grant all privileges on zabbix.* to 'zabbix'@'localhost';
  4. SET GLOBAL log_bin_trust_function_creators = 1;
  5. quit

Import Database schema

  1. zcat /usr/share/zabbix/sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbix
  2. Disable log_bin_trust_function_creators option after importing database schema
  • mariadb -uroot -p
  • set global log_bin_trust_function_creators = 0;
  • quit

Configure the database for Zabbix Server

  1. sudo nano /etc/zabbix/zabbix_server.conf
  2. DBPassword=password -> Make sure this is the zabbix user password

Start Zabbix Server and Agent Processes

  1. systemctl restart zabbix-server zabbix-agent httpd php-fpm
  2. systemctl enable zabbix-server zabbix-agent httpd php-fpm
  3. sudo firewall-cmd --zone=public --permanent --add-service=http
  4. sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
  5. sudo firewall-cmd --reload

Screenshot 2025-11-30 at 12 26 28 AM

  1. sudo firewall-cmd --zone=public --permanent --add-service=zabbix-server
  2. sudo firewall-cmd --reload
  3. sudo systemctl enable Zabbix-server httpd php-fpm --now
  4. Access Zabbix by /zabbix in a web browser
Screenshot 2025-11-30 at 12 41 53 AM

Zabbix Configuration

  1. Check Prerequisites
    Screenshot 2025-11-30 at 12 43 35 AM
  2. Configure DB Connection
  3. Settings
    Screenshot 2025-11-30 at 12 46 28 AM

Encrypting Connections from Web Interface

Create a self-signed certificate

  1. sudo mkdir -p /etc/zabbix/ssl && cd /etc/zabbix/ssl
  2. sudo dnf install openssl -y
  3. Generate CA Private Key -> sudo openssl genrsa -out ca.key 2048
  4. Generate Certificate -> sudo openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -> I used defaults
  5. Generate private key -> sudo openssl genrsa -out server.key 2048.​
  6. Cert signing request -> sudo openssl req -new -key server.key -out server.csr (set CN=zabbix-server)
  7. Sign the certificate -> sudo openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
  8. Generate frontend private key -> sudo openssl genrsa -out frontend.key 2048.
  9. Generate frontend Cert-signing request: sudo openssl req -new -key frontend.key -out frontend.csr (set CN=zabbix-frontend)
  10. Sign front end cert -> sudo openssl x509 -req -days 365 -in frontend.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out frontend.crt
  11. Set permissions -> sudo chown zabbix:zabbix *.key *.crt && sudo chmod 600 *.key && sudo chmod 644 *.crt

Change Config file

  1. sudo nano /etc/zabbix/zabbix_server.conf
  2. Change config file
TLSFrontendAccept=cert
TLSCAFile=/etc/zabbix/ssl/ca.crt
TLSCertFile=/etc/zabbix/ssl/server.crt
TLSKeyFile=/etc/zabbix/ssl/server.key
  1. sudo systemctl restart zabbix-server

Configure TLS from the Web Interface

Screenshot 2025-11-30 at 1 12 10 AM

Troubleshooting

  1. cd /etc/zabbix/ssl -> sudo chown zabbix:zabbix server.key frontend.key ca.key
  2. sudo chmod 600 server.key frontend.key ca.key
  3. sudo chmod 644 server.crt frontend.crt ca.crt -> Nope
  4. Issue: I forgot this line in the config file: TLSFrontendAccept=cert
  5. Restart zabbix-server -> Still not working
  6. Changing Directory permissions:
    Screenshot 2025-11-30 at 1 48 00 AM
  7. I'm just going to copy everything to the apache root directory
  • I moved everything to my apache root directory and only changed the file path of the key file on the web interface and now it works! Writing this note in case it breaks later.
Screenshot 2025-11-30 at 2 04 35 AM

Success

Screenshot 2025-11-30 at 2 11 45 AM
⚠️ **GitHub.com Fallback** ⚠️