Web UI unavailable after migration from Cenos7 to Rocky Linux 8
Kris0x0000 opened this issue · 5 comments
I'm using dockerized zabbix 5.0. It've worked fine until in-place upgrade from Centos7 to Rocky linux 8. Now it works only from inside of the zabbix-web-apache-mysql container. From the docker host it has no connection.
curl from the web container:
curl -vvv http://127.0.0.1:8080
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Edge"/>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="Author" content="Zabbix SIA" />
<title>Composed installation: Zabbix</title>
<link rel="icon" href="favicon.ico">
curl from the docker host:
curl -vvv 127.0.0.1:8080
* Rebuilt URL to: 127.0.0.1:8080/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.61.1
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
lsof -Pi
lsof -Pi | grep "8080"
docker-pr 1152020 root 4u IPv4 9603312 0t0 TCP localhost:8080 (LISTEN)
docker ps | grep zabbix
docker ps | grep zabbix
b312fa9d9fcb zabbix/zabbix-agent:alpine-5.0.22 "/sbin/tini -- /usr/…" 4 hours ago Up 4 hours zabbix-docker-50_zabbix-agent_1
af75ba9a841a zabbix/zabbix-web-apache-mysql:alpine-5.0.22 "docker-entrypoint.s…" 4 hours ago Up 4 hours (healthy) 127.0.0.1:8080->8080/tcp, 8443/tcp zabbix-docker-50_zabbix-web-apache-mysql_1
9fa9b3aea444 my/zabbix "/sbin/tini -- /usr/…" 4 hours ago Up 4 hours 0.0.0.0:10051->10051/tcp, :::10051->10051/tcp zabbix-docker-50_zabbix-server_1
0ff85d1af06e mysql:8.0 "docker-entrypoint.s…" 4 hours ago Up 4 hours zabbix-docker-50_mysql-server_1
firewall-cmd --zone=docker --list-all
docker (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: be17954e014c ... docker0 ...
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
docker-compose.yaml:
version: '3.5'
services:
zabbix-server:
#image: zabbix/zabbix-server-mysql:alpine-5.0-latest
image: my/zabbix
ports:
- "10051:10051"
volumes:
- /etc/localtime:/etc/localtime:ro
#- /etc/timezone:/etc/timezone:ro
- ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
- ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
- ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
- ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
#- snmptraps:/var/lib/zabbix/snmptraps:rw
links:
- mysql-server:mysql-server
# - zabbix-java-gateway:zabbix-java-gateway
ulimits:
nproc: 65535
nofile:
soft: 20000
hard: 40000
deploy:
resources:
limits:
cpus: '0.50'
memory: 1G
reservations:
cpus: '0.3'
memory: 512M
env_file:
- .env_db_mysql
- .env_srv
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
depends_on:
- mysql-server
networks:
zbx_net_backend:
aliases:
- zabbix-server
- zabbix-server-mysql
- zabbix-server-alpine-mysql
- zabbix-server-mysql-alpine
zbx_net_frontend:
stop_grace_period: 30s
sysctls:
- net.ipv4.ip_local_port_range=1024 65000
- net.ipv4.conf.all.accept_redirects=0
- net.ipv4.conf.all.secure_redirects=0
- net.ipv4.conf.all.send_redirects=0
labels:
com.zabbix.description: "Zabbix server with MySQL database support"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-server"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "alpine"
zabbix-web-apache-mysql:
image: zabbix/zabbix-web-apache-mysql:alpine-5.0.22
ports:
- "127.0.0.1:8080:8080"
links:
- mysql-server:mysql-server
- zabbix-server:zabbix-server
volumes:
- /etc/localtime:/etc/localtime:ro
# - /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
- ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
- ./zbx_env/etc/zabbix/apache.conf:/etc/zabbix/apache.conf
deploy:
resources:
limits:
cpus: '0.50'
memory: 512M
reservations:
cpus: '0.3'
memory: 256M
env_file:
- .env_db_mysql
- .env_web
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
depends_on:
- mysql-server
- zabbix-server
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/"]
interval: 10s
timeout: 5s
retries: 3
start_period: 30s
networks:
zbx_net_backend:
aliases:
- zabbix-web-apache-mysql
- zabbix-web-apache-alpine-mysql
- zabbix-web-apache-mysql-alpine
zbx_net_frontend:
stop_grace_period: 10s
sysctls:
- net.core.somaxconn=65535
labels:
com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-frontend"
com.zabbix.webserver: "apache2"
com.zabbix.dbtype: "mysql"
com.zabbix.os: "alpine"
zabbix-agent:
image: zabbix/zabbix-agent:alpine-5.0.22
ports:
- "10050:10050"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
- ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
- ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
- ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
links:
- zabbix-server:zabbix-server
deploy:
resources:
limits:
cpus: '0.2'
memory: 128M
reservations:
cpus: '0.1'
memory: 64M
mode: global
env_file:
- .env_agent
privileged: true
pid: "host"
networks:
zbx_net_backend:
aliases:
- zabbix-agent
- zabbix-agent-passive
- zabbix-agent-alpine
stop_grace_period: 5s
labels:
com.zabbix.description: "Zabbix agent"
com.zabbix.company: "Zabbix LLC"
com.zabbix.component: "zabbix-agentd"
com.zabbix.os: "alpine"
mysql-server:
image: mysql:8.0
command:
- mysqld
- --character-set-server=utf8
- --collation-server=utf8_bin
- --default-authentication-plugin=mysql_native_password
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
env_file:
- .env_db_mysql
secrets:
- MYSQL_USER
- MYSQL_PASSWORD
- MYSQL_ROOT_PASSWORD
stop_grace_period: 1m
networks:
zbx_net_backend:
aliases:
- mysql-server
- zabbix-database
- mysql-database
db_data_mysql:
image: busybox
volumes:
- ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
networks:
zbx_net_frontend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
driver: default
config:
- subnet: 172.16.238.0/24
zbx_net_backend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
internal: true
ipam:
driver: default
config:
- subnet: 172.16.239.0/24
secrets:
MYSQL_USER:
file: ./.MYSQL_USER
MYSQL_PASSWORD:
file: ./.MYSQL_PASSWORD
MYSQL_ROOT_PASSWORD:
file: ./.MYSQL_ROOT_PASSWORD
What do you have in - ./zbx_env/etc/zabbix/apache.conf:/etc/zabbix/apache.conf?
What do you have in - ./zbx_env/etc/zabbix/apache.conf:/etc/zabbix/apache.conf?
./zbx_env/etc/zabbix/apache.conf :
<VirtualHost *:8080>
DocumentRoot /usr/share/zabbix/
ServerName zabbix
DirectoryIndex index.php
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
AddType application/x-httpd-php-source .phps
<Directory "/usr/share/zabbix">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "/usr/share/zabbix/conf">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/app">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/include">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/local">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/locale">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
<Directory "/usr/share/zabbix/vendor">
Require all denied
<files *.php>
Order deny,allow
Deny from all
</files>
</Directory>
</VirtualHost>
Looks like some network issue. Do you see your request in the http access log? Maybe it is better to use podman instead of docker on Rocky 8?
Hi, finally I was able to resolve the issue. The resolution was to change subnet for zbx_net_frontend
for any other than 172.16.238.0/24. It looks like there was same orphaned network interfaces in the system.
Even though they were not listed by "docker networks ls" they were still in the system "ip a".
changed from this:
networks:
zbx_net_frontend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
driver: default
config:
- subnet: 172.16.238.0/24
zbx_net_backend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
internal: true
ipam:
driver: default
config:
- subnet: 172.16.239.0/24
to this:
networks:
zbx_net_frontend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
ipam:
driver: default
config:
- subnet: 172.16.233.0/24
zbx_net_backend:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "true"
internal: true
ipam:
driver: default
config:
- subnet: 172.16.239.0/24
ip a | grep -C2 "172.16.238."
4: br-1ee8472c9885: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:ff:54:35:92 brd ff:ff:ff:ff:ff:ff
inet 172.16.238.1/24 brd 172.16.238.255 scope global br-1ee8472c9885
valid_lft forever preferred_lft forever
5: br-24974ef4178c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
--
805: br-7d1c7e8f727f: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:cf:fc:ea:16 brd ff:ff:ff:ff:ff:ff
inet 172.16.238.1/24 brd 172.16.238.255 scope global br-7d1c7e8f727f
valid_lft forever preferred_lft forever
inet6 fe80::42:cfff:fefc:ea16/64 scope link
Great! But strange that you are able to create multiple networks with the same IP ranges.