[ZBXNEXT-4574] Zabbix Sender as Proxy with TLS support Created: 2018 May 28  Updated: 2018 May 29

Status: Open
Project: ZABBIX FEATURE REQUESTS
Component/s: Proxy (P)
Affects Version/s: 3.4.8
Fix Version/s: None

Type: Change Request Priority: Minor
Reporter: Onno Steenbergen Assignee: Andris Zeila
Resolution: Unresolved Votes: 1
Labels: encryption, proxy, sender
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Currently zabbix_sender with TLS requires you to set PSK/CA on each host. For proxies you are allowed to configure a single PSK/CA as they execute instructions received from the server.

As a feature request I would like zabbix_sender to have an option to act like a proxy (single psk/ca for the machine sending the data)

Detailed use-case:

We are running a configuration system which also gathers statistics and uploads them to a customer specific zabbix installation. If device A of customer A reports its statistics it gets uploaded via zabbix_sender to zabbix instance A, if device B of customer B it goes to zabbix B, etc.

To enable TLS for this communication would require all hosts to have the PSK/CA set to the same value at least on the same server. Assigning each host a unique value will require complex a complex administration system (more than 100.000 hosts on less than 100 servers)



 Comments   
Comment by Onno Steenbergen [ 2018 May 29 ]

I build a proof-of-concept version of zabbix_sender that uses the proxy "history data" call and the TLS part works. I could share a patch file if needed, however the PoC version didn't solve my use-case.

A proxy can only add data to specific hosts and must execute all items. One a hosts is marked as monitored by a proxy the server will not execute checks like icmpping.

So the feature request would require a server change to allow a 'trapper proxy' to be able to write to all hosts without requiring all proxy features.

In summary: I would like to be able to use Zabbix Sender as I currently do but with TLS without hosts specific configuration.

Generated at Thu Mar 28 14:11:29 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.