Zabbix Tutorials: Example of zabbix_proxy.conf

	# This is a configuration file for Zabbix proxy daemon
	# To get more information about Zabbix, visit http://www.zabbix.com

	############ GENERAL PARAMETERS #################

	### Option: ProxyMode
	# Proxy operating mode.
	# 0 - proxy in the active mode
	# 1 - proxy in the passive mode
	#
	# Mandatory: no
	# Default:
	# ProxyMode=0

	### Option: Server
	# If ProxyMode is set to active mode:
	# IP address or DNS name (address:port) or cluster (address:port;address2:port) of Zabbix server to get configuration data from and send data to.
	# If port is not specified, default port is used.
	# Cluster nodes need to be separated by semicolon.
	# If ProxyMode is set to passive mode:
	# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server.
	# Incoming connections will be accepted only from the addresses listed here.
	# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
	# and '::/0' will allow any IPv4 or IPv6 address.
	# '0.0.0.0/0' can be used to allow any IPv4 address.
	# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
	#
	# Mandatory: yes
	# Default:
	# Server=

	Server=127.0.0.1

	### Option: Hostname
	# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server!
	# Value is acquired from HostnameItem if undefined.
	#
	# Mandatory: no
	# Default:
	# Hostname=

	Hostname=Zabbix proxy

	### Option: HostnameItem
	# Item used for generating Hostname if it is undefined.
	# Ignored if Hostname is defined.
	#
	# Mandatory: no
	# Default:
	# HostnameItem=system.hostname

	### Option: ListenPort
	# Listen port for trapper.
	#
	# Mandatory: no
	# Range: 1024-32767
	# Default:
	# ListenPort=10051

	### Option: SourceIP
	# Source IP address for outgoing connections.
	#
	# Mandatory: no
	# Default:
	# SourceIP=

	### Option: LogType
	# Specifies where log messages are written to:
	# system - syslog
	# file - file specified with LogFile parameter
	# console - standard output
	#
	# Mandatory: no
	# Default:
	# LogType=file

	### Option: LogFile
	# Log file name for LogType 'file' parameter.
	#
	# Mandatory: yes, if LogType is set to file, otherwise no
	# Default:
	# LogFile=

	LogFile=/tmp/zabbix_proxy.log

	### Option: LogFileSize
	# Maximum size of log file in MB.
	# 0 - disable automatic log rotation.
	#
	# Mandatory: no
	# Range: 0-1024
	# Default:
	# LogFileSize=1

	### Option: DebugLevel
	# Specifies debug level:
	# 0 - basic information about starting and stopping of Zabbix processes
	# 1 - critical information
	# 2 - error information
	# 3 - warnings
	# 4 - for debugging (produces lots of information)
	# 5 - extended debugging (produces even more information)
	#
	# Mandatory: no
	# Range: 0-5
	# Default:
	# DebugLevel=3

	### Option: EnableRemoteCommands
	# Whether remote commands from Zabbix server are allowed.
	# 0 - not allowed
	# 1 - allowed
	#
	# Mandatory: no
	# Default:
	# EnableRemoteCommands=0

	### Option: LogRemoteCommands
	# Enable logging of executed shell commands as warnings.
	# 0 - disabled
	# 1 - enabled
	#
	# Mandatory: no
	# Default:
	# LogRemoteCommands=0

	### Option: PidFile
	# Name of PID file.
	#
	# Mandatory: no
	# Default:
	# PidFile=/tmp/zabbix_proxy.pid

	### Option: SocketDir
	# IPC socket directory.
	# Directory to store IPC sockets used by internal Zabbix services.
	#
	# Mandatory: no
	# Default:
	# SocketDir=/tmp

	### NOTE: Support for Oracle DB is deprecated since Zabbix 7.0 and will be removed in future versions.

	### Option: DBHost
	# Database host name.
	# If set to localhost, socket is used for MySQL.
	# If set to empty string, socket is used for PostgreSQL.
	# If set to empty string, the Net Service Name connection method is used to connect to Oracle database; also see
	# the TNS_ADMIN environment variable to specify the directory where the tnsnames.ora file is located.
	#
	# Mandatory: no
	# Default:
	# DBHost=localhost

	### Option: DBName
	# Database name.
	# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
	# If the Net Service Name connection method is used to connect to Oracle database, specify the service name from
	# the tnsnames.ora file or set to empty string; also see the TWO_TASK environment variable if DBName is set to
	# empty string.
	# Warning: do not attempt to use the same database Zabbix server is using.
	#
	# Mandatory: yes
	# Default:
	# DBName=

	DBName=zabbix_proxy

	### Option: DBSchema
	# Schema name. Used for PostgreSQL.
	#
	# Mandatory: no
	# Default:
	# DBSchema=

	### Option: DBUser
	# Database user. Ignored for SQLite.
	#
	# Default:
	# DBUser=

	DBUser=zabbix

	### Option: DBPassword
	# Database password. Ignored for SQLite.
	# Comment this line if no password is used.
	#
	# Mandatory: no
	# Default:
	# DBPassword=

	### Option: DBSocket
	# Path to MySQL socket.
	#
	# Mandatory: no
	# Default:
	# DBSocket=

	# Option: DBPort
	# Database port when not using local socket. Ignored for SQLite.
	# If the Net Service Name connection method is used to connect to Oracle database, the port number from the
	# tnsnames.ora file will be used. The port number set here will be ignored.
	#
	# Mandatory: no
	# Default:
	# DBPort=

	### Option: AllowUnsupportedDBVersions
	# Allow proxy to work with unsupported database versions.
	# 0 - do not allow
	# 1 - allow
	#
	# Mandatory: no
	# Default:
	# AllowUnsupportedDBVersions=0

	######### PROXY SPECIFIC PARAMETERS #############

	### Option: ProxyLocalBuffer
	# Proxy will keep data locally for N hours, even if the data have already been synced with the server.
	# This parameter may be used if local data will be used by third party applications.
	#
	# Mandatory: no
	# Range: 0-720
	# Default:
	# ProxyLocalBuffer=0

	### Option: ProxyOfflineBuffer
	# Proxy will keep data for N hours in case if no connectivity with Zabbix Server.
	# Older data will be lost.
	#
	# Mandatory: no
	# Range: 1-720
	# Default:
	# ProxyOfflineBuffer=1

	### Option: ProxyBufferMode
	# Specifies history, discovery and auto registration data storage mechanism:
	# disk - data are stored in database and uploaded from database
	# memory - data are stored in memory and uploaded from memory.
	# If buffer runs out of memory the old data will be discarded.
	# On shutdown the buffer is discarded.
	# hybrid - the proxy buffer normally works like in memory mode until it runs out of memory or
	# the oldest record exceeds the configured age. If that happens the buffer is flushed
	# to database and it works like in disk mode until all data have been uploaded and
	# it starts working with memory again. On shutdown the memory buffer is flushed
	# to database.
	#
	# Mandatory: no
	# Values: disk, memory, hybrid
	# Default:
	# ProxyBufferMode=disk

	ProxyBufferMode=hybrid

	### Option: ProxyMemoryBufferSize
	# Size of shared memory cache for collected history, discovery and auto registration data, in bytes.
	# If enabled (not zero) proxy will keep history discovery and auto registration data in memory unless
	# cache is full or stored records are older than defined ProxyMemoryBufferAge.
	# This parameter cannot be used together with ProxyLocalBuffer parameter.
	#
	# Mandatory: no
	# Range: 0,128K-2G
	# Default:
	# ProxyMemoryBufferSize=0

	ProxyMemoryBufferSize=16M

	### Option: ProxyMemoryBufferAge
	# Maximum age of data in proxy memory buffer, in seconds.
	# When enabled (not zero) and records in proxy memory buffer are older, then it forces proxy buffer
	# to switch to database mode until all records are uploaded to server.
	# This parameter must be less or equal to ProxyOfflineBuffer parameter.
	#
	# Mandatory: no
	# Range: 0,600-864000
	# Default:
	# ProxyMemoryBufferAge=0

	### Option: ConfigFrequency - Deprecated, use ProxyConfigFrequency
	# How often proxy retrieves configuration data from Zabbix Server in seconds.
	# For a proxy in the passive mode this parameter will be ignored.
	# Mandatory: no

	### Option: ProxyConfigFrequency
	# How often proxy retrieves configuration data from Zabbix Server in seconds.
	# For a proxy in the passive mode this parameter will be ignored.
	#
	# Mandatory: no
	# Range: 1-3600247
	# Default:
	# ProxyConfigFrequency=10

	### Option: DataSenderFrequency
	# Proxy will send collected data to the Server every N seconds.
	# For a proxy in the passive mode this parameter will be ignored.
	#
	# Mandatory: no
	# Range: 1-3600
	# Default:
	# DataSenderFrequency=1

	############ ADVANCED PARAMETERS ################

	### Option: StartPollers
	# Number of pre-forked instances of pollers.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartPollers=5

	### Option: StartAgentPollers
	# Number of pre-forked instances of asynchronous Zabbix agent pollers. Also see MaxConcurrentChecksPerPoller.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartAgentPollers=1

	### Option: StartHTTPAgentPollers
	# Number of pre-forked instances of asynchronous HTTP agent pollers. Also see MaxConcurrentChecksPerPoller.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartHTTPAgentPollers=1

	### Option: StartSNMPPollers
	# Number of pre-forked instances of asynchronous SNMP pollers. Also see MaxConcurrentChecksPerPoller.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartSNMPPollers=1

	### Option: MaxConcurrentChecksPerPoller
	# Maximum number of asynchronous checks that can be executed at once by each HTTP agent poller or agent poller.
	#
	# Mandatory: no
	# Range: 1-1000
	# Default:
	# MaxConcurrentChecksPerPoller=1000

	### Option: StartIPMIPollers
	# Number of pre-forked instances of IPMI pollers.
	# The IPMI manager process is automatically started when at least one IPMI poller is started.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartIPMIPollers=0

	### Option: StartPreprocessors
	# Number of pre-started instances of preprocessing workers.
	#
	# Mandatory: no
	# Range: 1-1000
	# Default:
	# StartPreprocessors=3

	### Option: StartPollersUnreachable
	# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
	# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
	# are started.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartPollersUnreachable=1

	### Option: StartTrappers
	# Number of pre-forked instances of trappers.
	# Trappers accept incoming connections from Zabbix sender and active agents.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartTrappers=5

	### Option: StartPingers
	# Number of pre-forked instances of ICMP pingers.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartPingers=1

	### Option: StartDiscoverers
	# Number of pre-started instances of discovery workers.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartDiscoverers=5

	### Option: StartHTTPPollers
	# Number of pre-forked instances of HTTP pollers.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartHTTPPollers=1

	### Option: JavaGateway
	# IP address (or hostname) of Zabbix Java gateway.
	# Only required if Java pollers are started.
	#
	# Mandatory: no
	# Default:
	# JavaGateway=

	### Option: JavaGatewayPort
	# Port that Zabbix Java gateway listens on.
	#
	# Mandatory: no
	# Range: 1024-32767
	# Default:
	# JavaGatewayPort=10052

	### Option: StartJavaPollers
	# Number of pre-forked instances of Java pollers.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartJavaPollers=0

	### Option: StartVMwareCollectors
	# Number of pre-forked vmware collector instances.
	#
	# Mandatory: no
	# Range: 0-250
	# Default:
	# StartVMwareCollectors=0

	### Option: VMwareFrequency
	# How often Zabbix will connect to VMware service to obtain a new data.
	#
	# Mandatory: no
	# Range: 10-86400
	# Default:
	# VMwareFrequency=60

	### Option: VMwarePerfFrequency
	# How often Zabbix will connect to VMware service to obtain performance data.
	#
	# Mandatory: no
	# Range: 10-86400
	# Default:
	# VMwarePerfFrequency=60

	### Option: VMwareCacheSize
	# Size of VMware cache, in bytes.
	# Shared memory size for storing VMware data.
	# Only used if VMware collectors are started.
	#
	# Mandatory: no
	# Range: 256K-2G
	# Default:
	# VMwareCacheSize=8M

	### Option: VMwareTimeout
	# Specifies how many seconds vmware collector waits for response from VMware service.
	#
	# Mandatory: no
	# Range: 1-300
	# Default:
	# VMwareTimeout=10

	### Option: SNMPTrapperFile
	# Temporary file used for passing data from SNMP trap daemon to the proxy.
	# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
	#
	# Mandatory: no
	# Default:
	# SNMPTrapperFile=/tmp/zabbix_traps.tmp

	### Option: StartSNMPTrapper
	# If 1, SNMP trapper process is started.
	#
	# Mandatory: no
	# Range: 0-1
	# Default:
	# StartSNMPTrapper=0

	### Option: ListenIP
	# List of comma delimited IP addresses that the trapper should listen on.
	# Trapper will listen on all network interfaces if this parameter is missing.
	#
	# Mandatory: no
	# Default:
	# ListenIP=0.0.0.0

	### Option: HousekeepingFrequency
	# How often Zabbix will perform housekeeping procedure (in hours).
	# Housekeeping is removing outdated information from the database.
	# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
	# hours of outdated information are deleted in one housekeeping cycle.
	# To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start.
	# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
	# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
	# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
	#
	# Mandatory: no
	# Range: 0-24
	# Default:
	# HousekeepingFrequency=1

	### Option: CacheSize
	# Size of configuration cache, in bytes.
	# Shared memory size, for storing hosts and items data.
	#
	# Mandatory: no
	# Range: 128K-64G
	# Default:
	# CacheSize=8M

	### Option: StartDBSyncers
	# Number of pre-forked instances of DB Syncers.
	#
	# Mandatory: no
	# Range: 1-100
	# Default:
	# StartDBSyncers=4

	### Option: HistoryCacheSize
	# Size of history cache, in bytes.
	# Shared memory size for storing history data.
	#
	# Mandatory: no
	# Range: 128K-2G
	# Default:
	# HistoryCacheSize=16M

	### Option: HistoryIndexCacheSize
	# Size of history index cache, in bytes.
	# Shared memory size for indexing history cache.
	#
	# Mandatory: no
	# Range: 128K-2G
	# Default:
	# HistoryIndexCacheSize=4M

	### Option: Timeout
	# Specifies how long we wait for agent, SNMP device or external check (in seconds).
	#
	# Mandatory: no
	# Range: 1-30
	# Default:
	# Timeout=3

	Timeout=4

	### Option: TrapperTimeout
	# Specifies how many seconds trapper may spend processing new data.
	#
	# Mandatory: no
	# Range: 1-300
	# Default:
	# TrapperTimeout=300

	### Option: UnreachablePeriod
	# After how many seconds of unreachability treat a host as unavailable.
	#
	# Mandatory: no
	# Range: 1-3600
	# Default:
	# UnreachablePeriod=45

	### Option: UnavailableDelay
	# How often host is checked for availability during the unavailability period, in seconds.
	#
	# Mandatory: no
	# Range: 1-3600
	# Default:
	# UnavailableDelay=60

	### Option: UnreachableDelay
	# How often host is checked for availability during the unreachability period, in seconds.
	#
	# Mandatory: no
	# Range: 1-3600
	# Default:
	# UnreachableDelay=15

	## Option: StartODBCPollers
	# Number of pre-forked ODBC poller instances.
	#
	# Mandatory: no
	# Range: 0-1000
	# Default:
	# StartODBCPollers=1

	### Option: ExternalScripts
	# Full path to location of external scripts.
	# Default depends on compilation options.
	# To see the default path run command "zabbix_proxy --help".
	#
	# Mandatory: no
	# Default:
	# ExternalScripts=${datadir}/zabbix/externalscripts

	### Option: FpingLocation
	# Location of fping.
	# Make sure that fping binary has root ownership and SUID flag set.
	#
	# Mandatory: no
	# Default:
	# FpingLocation=/usr/sbin/fping

	### Option: Fping6Location
	# Location of fping6.
	# Make sure that fping6 binary has root ownership and SUID flag set.
	# Make empty if your fping utility is capable to process IPv6 addresses.
	#
	# Mandatory: no
	# Default:
	# Fping6Location=/usr/sbin/fping6

	### Option: SSHKeyLocation
	# Location of public and private keys for SSH checks and actions.
	#
	# Mandatory: no
	# Default:
	# SSHKeyLocation=

	### Option: LogSlowQueries
	# How long a database query may take before being logged (in milliseconds).
	# Only works if DebugLevel set to 3 or 4.
	# 0 - don't log slow queries.
	#
	# Mandatory: no
	# Range: 1-3600000
	# Default:
	# LogSlowQueries=0

	LogSlowQueries=3000

	### Option: TmpDir
	# Temporary directory.
	#
	# Mandatory: no
	# Default:
	# TmpDir=/tmp

	### Option: AllowRoot
	# Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy
	# will try to switch to the user specified by the User configuration option instead.
	# Has no effect if started under a regular user.
	# 0 - do not allow
	# 1 - allow
	#
	# Mandatory: no
	# Default:
	# AllowRoot=0

	### Option: User
	# Drop privileges to a specific, existing user on the system.
	# Only has effect if run as 'root' and AllowRoot is disabled.
	#
	# Mandatory: no
	# Default:
	# User=zabbix

	### Option: Include
	# You may include individual files or all files in a directory in the configuration file.
	# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
	#
	# Mandatory: no
	# Default:
	# Include=

	# Include=/usr/local/etc/zabbix_proxy.general.conf
	# Include=/usr/local/etc/zabbix_proxy.conf.d/
	# Include=/usr/local/etc/zabbix_proxy.conf.d/*.conf

	### Option: SSLCertLocation
	# Location of SSL client certificates.
	# This parameter is used only in web monitoring.
	# Default depends on compilation options.
	# To see the default path run command "zabbix_proxy --help".
	#
	# Mandatory: no
	# Default:
	# SSLCertLocation=${datadir}/zabbix/ssl/certs

	### Option: SSLKeyLocation
	# Location of private keys for SSL client certificates.
	# This parameter is used only in web monitoring.
	# Default depends on compilation options.
	# To see the default path run command "zabbix_proxy --help".
	#
	# Mandatory: no
	# Default:
	# SSLKeyLocation=${datadir}/zabbix/ssl/keys

	### Option: SSLCALocation
	# Location of certificate authority (CA) files for SSL server certificate verification.
	# If not set, system-wide directory will be used.
	# This parameter is used in web monitoring, HTTP agent items and for communication with Vault.
	#
	# Mandatory: no
	# Default:
	# SSLCALocation=

	####### LOADABLE MODULES #######

	### Option: LoadModulePath
	# Full path to location of proxy modules.
	# Default depends on compilation options.
	# To see the default path run command "zabbix_proxy --help".
	#
	# Mandatory: no
	# Default:
	# LoadModulePath=${libdir}/modules

	### Option: LoadModule
	# Module to load at proxy startup. Modules are used to extend functionality of the proxy.
	# Formats:
	# LoadModule=<module.so>
	# LoadModule=<path/module.so>
	# LoadModule=</abs_path/module.so>
	# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name.
	# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored.
	# It is allowed to include multiple LoadModule parameters.
	#
	# Mandatory: no
	# Default:
	# LoadModule=

	### Option: StatsAllowedIP
	# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances.
	# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests
	# will be accepted.
	# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
	# and '::/0' will allow any IPv4 or IPv6 address.
	# '0.0.0.0/0' can be used to allow any IPv4 address.
	# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
	#
	# Mandatory: no
	# Default:
	# StatsAllowedIP=
	StatsAllowedIP=127.0.0.1

	####### TLS-RELATED PARAMETERS #######

	### Option: TLSConnect
	# How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy.
	# Only one value can be specified:
	# unencrypted - connect without encryption
	# psk - connect using TLS and a pre-shared key
	# cert - connect using TLS and a certificate
	#
	# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
	# Default:
	# TLSConnect=unencrypted

	### Option: TLSAccept
	# What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy.
	# Multiple values can be specified, separated by comma:
	# unencrypted - accept connections without encryption
	# psk - accept connections secured with TLS and a pre-shared key
	# cert - accept connections secured with TLS and a certificate
	#
	# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
	# Default:
	# TLSAccept=unencrypted

	### Option: TLSCAFile
	# Full pathname of a file containing the top-level CA(s) certificates for
	# peer certificate verification.
	#
	# Mandatory: no
	# Default:
	# TLSCAFile=

	### Option: TLSCRLFile
	# Full pathname of a file containing revoked certificates.
	#
	# Mandatory: no
	# Default:
	# TLSCRLFile=

	### Option: TLSServerCertIssuer
	# Allowed server certificate issuer.
	#
	# Mandatory: no
	# Default:
	# TLSServerCertIssuer=

	### Option: TLSServerCertSubject
	# Allowed server certificate subject.
	#
	# Mandatory: no
	# Default:
	# TLSServerCertSubject=

	### Option: TLSCertFile
	# Full pathname of a file containing the proxy certificate or certificate chain.
	#
	# Mandatory: no
	# Default:
	# TLSCertFile=

	### Option: TLSKeyFile
	# Full pathname of a file containing the proxy private key.
	#
	# Mandatory: no
	# Default:
	# TLSKeyFile=

	### Option: TLSPSKIdentity
	# Unique, case sensitive string used to identify the pre-shared key.
	#
	# Mandatory: no
	# Default:
	# TLSPSKIdentity=

	### Option: TLSPSKFile
	# Full pathname of a file containing the pre-shared key.
	#
	# Mandatory: no
	# Default:
	# TLSPSKFile=

	####### For advanced users - TLS ciphersuite selection criteria #######

	### Option: TLSCipherCert13
	# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
	# Override the default ciphersuite selection criteria for certificate-based encryption.
	#
	# Mandatory: no
	# Default:
	# TLSCipherCert13=

	### Option: TLSCipherCert
	# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
	# Override the default ciphersuite selection criteria for certificate-based encryption.
	# Example for GnuTLS:
	# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
	# Example for OpenSSL:
	# EECDH+aRSA+AES128:RSA+aRSA+AES128
	#
	# Mandatory: no
	# Default:
	# TLSCipherCert=

	### Option: TLSCipherPSK13
	# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
	# Override the default ciphersuite selection criteria for PSK-based encryption.
	# Example:
	# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
	#
	# Mandatory: no
	# Default:
	# TLSCipherPSK13=

	### Option: TLSCipherPSK
	# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
	# Override the default ciphersuite selection criteria for PSK-based encryption.
	# Example for GnuTLS:
	# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
	# Example for OpenSSL:
	# kECDHEPSK+AES128:kPSK+AES128
	#
	# Mandatory: no
	# Default:
	# TLSCipherPSK=

	### Option: TLSCipherAll13
	# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
	# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
	# Example:
	# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
	#
	# Mandatory: no
	# Default:
	# TLSCipherAll13=

	### Option: TLSCipherAll
	# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
	# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
	# Example for GnuTLS:
	# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
	# Example for OpenSSL:
	# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
	#
	# Mandatory: no
	# Default:
	# TLSCipherAll=

	### Option: DBTLSConnect
	# Setting this option enforces to use TLS connection to database.
	# required - connect using TLS
	# verify_ca - connect using TLS and verify certificate
	# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost
	# matches its certificate
	# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and
	# "verify_full".
	# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported.
	# Default is not to set any option and behavior depends on database configuration
	#
	# Mandatory: no
	# Default:
	# DBTLSConnect=

	### Option: DBTLSCAFile
	# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification.
	# Supported only for MySQL and PostgreSQL
	#
	# Mandatory: no
	# (yes, if DBTLSConnect set to one of: verify_ca, verify_full)
	# Default:
	# DBTLSCAFile=

	### Option: DBTLSCertFile
	# Full pathname of file containing Zabbix proxy certificate for authenticating to database.
	# Supported only for MySQL and PostgreSQL
	#
	# Mandatory: no
	# Default:
	# DBTLSCertFile=

	### Option: DBTLSKeyFile
	# Full pathname of file containing the private key for authenticating to database.
	# Supported only for MySQL and PostgreSQL
	#
	# Mandatory: no
	# Default:
	# DBTLSKeyFile=

	### Option: DBTLSCipher
	# The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2
	# Supported only for MySQL
	#
	# Mandatory no
	# Default:
	# DBTLSCipher=

	### Option: DBTLSCipher13
	# The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol
	# Supported only for MySQL, starting from version 8.0.16
	#
	# Mandatory no
	# Default:
	# DBTLSCipher13=

	### Option: Vault
	# Specifies vault:
	# HashiCorp - HashiCorp KV Secrets Engine - Version 2
	# CyberArk - CyberArk Central Credential Provider
	#
	# Mandatory: no
	# Default:
	# Vault=HashiCorp

	### Option: VaultToken
	# Vault authentication token that should have been generated exclusively for Zabbix proxy with read only permission to path
	# specified in optional VaultDBPath configuration parameter.
	# It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time.
	#
	# Mandatory: no
	# (yes, if Vault is explicitly set to HashiCorp)
	# Default:
	# VaultToken=

	### Option: VaultURL
	# Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified.
	#
	# Mandatory: no
	# Default:
	# VaultURL=https://127.0.0.1:8200

	### Option: VaultDBPath
	# Vault path or query depending on the Vault from where credentials for database will be retrieved by keys.
	# Keys used for HashiCorp are 'password' and 'username'.
	# Example path:
	# secret/zabbix/database
	# Keys used for CyberArk are 'Content' and 'UserName'.
	# Example query:
	# AppID=zabbix_server&Query=Safe=passwordSafe;Object=zabbix_proxy_database
	# This option can only be used if DBUser and DBPassword are not specified.
	#
	# Mandatory: no
	# Default:
	# VaultDBPath=

	### Option: VaultTLSCertFile
	# Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format.
	# If the certificate file contains also the private key, leave the SSL key file field empty. The directory
	# containing this file is specified by configuration parameter SSLCertLocation.
	#
	# Mandatory: no
	# Default:
	# VaultTLSCertFile=

	### Option: VaultTLSKeyFile
	# Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format.
	# The directory containing this file is specified by configuration parameter SSLKeyLocation.
	#
	# Mandatory: no
	# Default:
	# VaultTLSKeyFile=

	####### For advanced users - TCP-related fine-tuning parameters #######

	## Option: ListenBacklog
	# The maximum number of pending connections in the queue. This parameter is passed to
	# listen() function as argument 'backlog' (see "man listen").
	#
	# Mandatory: no
	# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
	# Default: SOMAXCONN (hard-coded constant, depends on system)
	# ListenBacklog=

view raw zabbix_proxy.conf hosted with

by GitHub

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND