Zabbix 2.4.6 on Centos 7.1 – Part 3

We start of installing stunnel and prerequisites on the zabbix server (and not proxy)

When we first install stunnel, we have to make our certificates that we then can use to encrypt our zabbix traffic.

To make the keys (note the -days on the openssl)

So we got the keys, next we need to copy it to our proxies:
root@192.168.220.132 (where root is your username and ip adress of the proxy server, preferable you should use another username then root)

Stunnel Config files:

Nextup we use are going to config the stunnel config file. We will make a new one and name it:

In the config file, add the following lines:

For the proxy, where xxx.xxx.xxx.xxx is the ip adres of your zabbix server:
/etc/stunnel/stunnel.conf

if you want a systemd config service file you can use the following file
make it in /etc/systemd/system/stunnel.service:

Make sure stunnel starts at reboot and start the service:

Next up, is we need to add the server in the zabbix web page.
Go to Administration, Proxies, Add Proxy, Give your proxy a name and choose proxy mode Active (proxy takes initiative)
ZabbixProxy
We need to have a port per proxy and we want to and open it up in our router (where the zabbix server is installed).
So in the proxy configuration of Zabbix, we need to point to it’s own local ip adress or 127.0.0.1, Stunnel listens on this local port, encrypts it using the certificate and then forwards it to the ip adress we choose in the stunnel config file.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.