Zabbix 与 Traefik 代理

tag-icon tag-icon reverse-proxy web-hosting zabbix zabbix-agent traefik
Zabbix 与 Traefik 代理

我目前正在设置 Zabbix 环境以进行 IT 监控。Zabbix 在 Traefik V2(.10.5) 代理后面运行。

有两个域正在使用:inframon.***.local用于前端和agent-ep.inframon.***.local用于主动检查端点。

我无法让主动检查发挥作用。被动检查工作正常。但说实话,我宁愿使用主动检查。

对于前端,这是 Traefik 动态配置:

# services/Zabbix.toml
[http.services]
        [http.services.ZabbixFrontend.loadBalancer]
                [[http.services.ZabbixFrontend.loadBalancer.servers]]
                        url = "http://ZabbixFrontend:8080"

# routers/Zabbix.toml
[http.routers]
    [http.routers.ZabbixFrontend]
        entryPoints = ["WebSecure"]
        rule = "Host(`inframon.***.local`)"
        service = "ZabbixFrontend"
        tls = true
        middlewares = []
           
[[tls.certificates]]
    certFile = "/etc/certs/Zabbix/Zabbix.crt"
    keyFile = "/etc/certs/Zabbix/Zabbix.key"

这工作得很好。

现在,这是主动检查代理端点 (至端口 10051) 的 TCP 路由/服务的动态配置

# service/ZabbixAgent.toml
[tcp.services]
    [tcp.services.ZabbixAgentEP.loadBalancer]
        [[tcp.services.ZabbixAgentEP.loadBalancer.servers]]
            url = "ZabbixServer:10051"

# routers/ZabbixAgent.toml
[tcp.routers]
    [tcp.routers.ZabbixAgentEP]
        entryPoints = ["ZabbixAgentEP"]
        rule = "HostSNI(`agent-ep.inframon.***.local`)"
        service = "ZabbixAgentEP"
        tls = true
   
[[tls.certificates]]
    certFile = "/etc/certs/ZabbixAgentEP/ZabbixAgentEP.crt"
    keyFile = "/etc/certs/ZabbixAgentEP/ZabbixAgentEP.key"

使用的 SSL/TLS 证书是使用公司内部 CA 创建的。

这是代理配置文件:

SourceIP=<MachineIP>
Server=<ZabbixHostIP>,inframon.***.local,agent-ep.inframon.***.local
ListenIP=<MachineIP>
ServerActive=agent-ep.inframon.***.local
Hostname=TestMachine

现在,每当我启动代理时,都会得到以下响应(来自日志文件)

 # systemctl restart zabbix-agent ; tail -f /var/log/zabbix/zabbix_agentd.log
323155:20231027:123659.542 IPv6 support:          YES
323155:20231027:123659.542 TLS support:           YES
323155:20231027:123659.542 **************************
323155:20231027:123659.542 using configuration file: /etc/zabbix/zabbix_agentd.conf
323155:20231027:123659.542 agent #0 started [main process]
323156:20231027:123659.543 agent #1 started [collector]
323157:20231027:123659.543 agent #2 started [listener #1]
323158:20231027:123659.543 agent #3 started [listener #2]
323159:20231027:123659.544 agent #4 started [listener #3]
323160:20231027:123659.544 agent #5 started [active checks #1]
323160:20231027:123705.547 Unable to receive from [agent-ep.inframon.***.local]:10051 [ZBX_TCP_READ() timed out]
323160:20231027:123705.547 Active check configuration update started to fail

我怀疑这与 Traefik Proxy 有关。就是有东西无法通过 - 但我似乎无法确定是什么原因。

这里还有谁更有经验吗?

相关内容