Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-24000

Encryption between frontend and PostgreSQL does not work

XMLWordPrintable

    • Icon: Problem report Problem report
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • 6.4.10
    • Frontend (F)
    • None

      Steps to reproduce:

      1. Configure DB encryption between backend and frontend
      2. In pg_hba.conf set configuration to as in screenshot:
      3. Zabbix server will start using encrypted connection as expected, but frontend will not be able to connect to the database:

      Result:
      Log file suggests that frontend uses unencrypted connection:

      2024-01-23 14:33:35.886 254764 zabbix: FATAL:  no pg_hba.conf entry for host "**.***.***.**", user "********", database "zabbix", SSL off

      Frontend configuration:

      $DB['ENCRYPTION'] = true;
$DB['KEY_FILE'] = '';
$DB['CERT_FILE'] = '';
$DB['CA_FILE'] = '/etc/ssl/pgsql/root.crt';
$DB['VERIFY_HOST'] = false;
$DB['CIPHER_LIST'] = '';

      As soon as the pg_hba.conf set to:

      Frontend is able to connect
      Expected:
      Frontend to use encrypted connections

        1. ex1.png
          ex1.png
          18 kB
        2. image-2024-01-29-08-43-57-272.png
          image-2024-01-29-08-43-57-272.png
          14 kB
        3. image-2024-01-29-08-53-51-642.png
          image-2024-01-29-08-53-51-642.png
          20 kB

            agavrilovs Aleksandrs Petrovs-Gavrilovs
            agavrilovs Aleksandrs Petrovs-Gavrilovs
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: