In this guide, you will learn how to install and configure the latest stable version of Zabbix monitoring software on Debian 9.2 to monitor all major network infrastructure devices such as physical or virtual servers or VMs, routers, switches, firewall appliances, and other network IoT devices. Zabbix uses internal agents installed on remote devices that can be configured to monitor internal system resources, physical sensors, as well as software, CPU load, memory, disk space, etc. They can also check the status of network services such as HTTP, FTP, SMTP, IMAP or other network services via SNMP, TCP and ICMP checks, as well as IPMI, JMX, SSH and Telnet.
Zabbix is a modern open-source application for enterprise network monitoring. The back-end engine is written in C, and the front-end web interface is in PHP is deployed on Linux using Apache/Nginx, PHP, and MySQL/MariaDB components, also known as LAMP or LEMP stacks. Zabbix can be configured to notify system or network administrators by mail, SMS, chat, or other means of network, system, service, or other network outages and also generate graphs of network outages or performance.
Requirements
- Debian 9.2 installed on a bare-metal machine or on a virtual private server
- One of the server’s network interface cards configured with a static IP address
- Direct access to the root account via the console or remotely via SSHservice or sudo root privileges for a local or remote account
- A private or public domain name, depending on your deployment, with the correct DNS records configured for web services. If you don’t have a public or private domain name configured in your premises, you can also access the Zabbix web frontend using the server’s IP address
- A properly configured email service to send email notifications in case of system and network failures.
Initial configurations
Before you start installing and configuring the latest stable version of the Zabbix monitoring tool, you should ensure that your system meets all software requirements for compiling and installing the application. First, update your system repositories and software packages by running the following command.
apt update
apt upgrade
In the next step, run the following command to install some necessary utilities to manage your system from the command line.
apt install wget bash-completion unzip
Next, set the name for your system by running the following command. Replace the hostname variable accordingly.
hostnamectl set-hostname zabbix
Check the hostname and the hosts file of your machine by entering the following commands.
hostnamectl
cat /etc/hostname
hostname –s
Finally, restart the Debian server so that the kernel updates and hostname changes are applied correctly.
init 6
Zabbix is a network monitoring application that is mainly configured and controlled through the frontend web interface. The front-end functions are mainly based on the server-side PHP programming language. To execute the PHP file scripts of the application, a web server such as the Apache HTTP Server and a PHP Processing Gateway must be installed and operational in the system. To install the Apache web server and PHP interpreter along with all the required PHP modules that Zabbix needs to function properly, enter the following command in your server console.
apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-ldap php7.0-bcmath php7.0-mbstring php7.0-gd php7.0-xml php7.0-mcrypt php7.0-opcache
After installing Apache and PHP, test that the web server is running and listening for network connections on port 80 by entering the following command with root privileges.
netstat –tlpn
If the netstat network utility is not installed by default in your Debian system, run the following command to install it.
apt install net-tools
From the netstat command output, you can see that the Apache web server is listening for incoming network connections on port 80. You can also use the ss command for the same task, which is automatically installed in Debian 9.
ss- tulpn
If a firewall is enabled on your system, such as the UFW firewall application, you should add a new rule to allow HTTP traffic through the firewall by typing the following command.
ufw allow WWW
or
ufw allow 80/tcp
If you are using iptables raw rules to manage the firewall rules on your Debian server, add the following rule to allow incoming traffic through port 80 on the firewall to allow visitors to visit the Zabbix web interface.
apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload
Next, enable the following Apache modules and apply them to redirect HTTP connections to HTTPS by typing the following command.
a2enmod rewrite
systemctl restart apache2
Finally, test if the default Apache web page can be displayed in your clients’ browsers by calling the IP address of your Debian machine or the FQDN of your domain or server via the HTTP protocol. If you don’t know the IP address of your machine, you can run the commands ifconfig or ‘ip a’ to find out the IP address of your server. The default Apache page for Debian is displayed in your browser, as shown in the following screenshot.
http://your_domain.tld
To access the Zabbix monitoring application using the HTTPS protocol, which secures traffic for your clients, enable the Apache web server SSL module and SSL site configuration file with the following command. Also, enable the Apache Rewrite module to force users to visit the interface over HTTPS.
a2enmod ssl
a2ensite default-ssl.conf
Next, open the default Apache SSL site configuration file with a text editor and enable the URL rewrite rules by inserting the following lines of code after the DocumentRoot directive, as shown in the following example:
nano /etc/apache2/sites-enabled/default-ssl.conf
Excerpt from the SSL site configuration file:
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Also, modify the VirtualHost line to look like the following excerpt:
<VirtualHost *:443>
Close the SSL Apache file and open the /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as in the SSL configuration file. Add the lines of code after the DocumentRoot statement, as shown in the following example.
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Finally, restart the Apache daemon to apply all the rules configured so far and visit your domain using the HTTP protocol. Since you are using the self-signed certificate pairs automatically issued by Apache during installation, an error warning should be displayed in the browser, as shown in the following screenshot.
systemctl restart apache2
https://yourdomain.tld
Accept the warning to continue and be redirected to Apache’s default web page using the HTTPS protocol. The following page will be displayed in your browser.
If the UFW firewall application blocks incoming network connections to the HTTPS port, you should add a new rule to allow HTTPS traffic through the firewall by entering the following command.
ufw allow ‘WWW Full’
or
ufw allow 443/tcp
If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow incoming traffic through port 443 in the firewall so that visitors can safely browse your domain name.
iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
systemctl iptables-persistent save
systemctl iptables-persistent reload
In the next step, we need to make some more changes to the PHP default configuration file to ensure that the following PHP variables required by Zabbix are enabled and that the PHP time zone setting is configured correctly and matches the geographic location of your system. Open the /etc/php/7.0/apache2/php.ini file for editing and make sure the following lines are set up as follows. Also, make a backup copy of the PHP configuration file first.
cp /etc/php/7.0/apache2/php.ini{,.backup}nano /etc/php/7.0/apache2/php.ini
Search, edit and change the following variables inphp.iniconfiguration file:
max_execution_time 300 memory_limit 128M max_input_time 300 post_max_size 16M upload_max_filesize 2M max_input_time 300 always_populate_raw_post_data -1 session.auto_start = 0 mbstring.func_overload = 0 date.timezone = Europe/London
Replace the variable time.zone according to your physical time by checking the list of time zones in the PHP documents at the following link: http://php.net/manual/en/timezones.php.
If you want to increase the loading speed of your web pages using the OPCache plugin for PHP7, add the following OPCache settings to the end of the PHP interpreter configuration file as described below:
opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
Close the php.ini configuration file and check the end of the PHP configuration file to see if the OPCache variables have been added correctly by entering the following command.
tail /etc/php/7.0/apache2/php.ini
After you have made all the changes described above, restart the Apache daemon with the following command to apply the new changes.
systemctl restart apache2
Finally, create a PHP info file by running the following command and verify that the PHP time zone is configured correctly by accessing the PHP info file in a browser at the following URL (see figure below). Scroll down to the date settings to verify the PHP time zone configuration.
echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php
https://domain.tld/info.php
Zabbix monitoring software stores users, contacts and other collected data in a specific RDBMS database, such as MySQL, SQLite, Oracle, IBM DB2 or PostgreSQL. In this guide, we configure Zabbix with the MariaDB database, a fork of the MySQL database, as the backend. Enter the following command to install the MariaDB database and the PHP module needed to access the MySQL database.
apt install mariadb-server mariadb-client php7.0-mysql
After you install MariaDB, verify that the daemon is running and waiting for connections on localhost, port 3306, by running the netstat or ss command.
netstat –tlpn | grep mysql
Then log in to the MySQL console and secure the MariaDB root account by running the following commands.
mysql -h localhost
use mysql; update user set plugin='' where user='root'; flush privileges; exit
In the next step, secure MariaDB by running the mysql_secure_installation script included in the installation packages from the Debian Stretch repositories. As the script runs, it asks a series of questions about securing the MariaDB database, such as changing the MySQL root password, removing anonymous users, disabling removed root logins, and deleting the test database. Run the script using the command below and make sure you answer yes to all questions to fully secure the MySQL daemon. Use the excerpt from the script below as a guide.
sudo mysql_secure_installation
To test the security of MariaDB, try logging into the database from the console without a root password. Access to the database should be denied if no password is provided for the root account. If the password is provided, you can log in to the MySQL console, as shown in the screenshot below.
mysql -h localhost -u root
mysql -h localhost -u root –p
Next, log in to the MariaDB database console of the Zabbix application database and specify a user with a password to manage this database by entering the following commands. Replace this database name, user and password accordingly.
mysql –u root -p
create database zabbix_db character set utf8 collate utf8_bin; grant all privileges on zabbix_db.* to 'zabbix_user'@'localhost' identified by 'zabbix_pass'; flush privileges; exit
To apply all the changes made so far, restart the MySQL and Apache daemons and verify that the daemons are running by entering the following commands.
systemctl restart mysql apache2
systemctl status mysql apache2
Install and configure Zabbix
After meeting all system requirements for installing our web monitoring application, install Zabbix via precompiled binary packages provided in the official Zabbix repositories for Debian 9. The installation is done via the Debian 9 apt package manager. First, download the official Zabbix repositories and install them on your system using the following commands.
wget http://repo.zabbix.com/zabbix/3.4/debian/pool/main/z/zabbix-release/zabbix-release_3.4-1+stretch_all.deb
dpkg -i zabbix-release_3.4-1+stretch_all.deb
apt update
After the Zabbix repository packages are present in your Debian system, install the Zabbix server and the Zabbix PHP frontend application via the apt package manager by entering the following commands with root privileges.
apt install zabbix-server-mysql zabbix-frontend-php
You may also want to install the Zabbix agent client in your Debian system to monitor local system resources. The Zabbix client agent can be installed with the following command.
apt install zabbix-agent
After you install the Zabbix server, PHP frontend and agent, you need to restart the Apache web server so that the Zabbix configuration file installed in the web server’s root directory is applied.
systemctl restart apache2
Next, import the initial Zabbix database schema and data from the MySQL database that was created specifically for the Zabbix application by running the following command.
zcat /usr/share/doc/zabbix-server-mysql/create.sql.gz | mysql -u zabbix_user zabbix_db -p
After installing the Zabbix database schema in MySQL, enter the following command to test that the schema was imported correctly. The console should display a list of tables, as shown in the following figure.
mysql -u zabbix_user zabbix_db -p -e 'show tables'
In the next step, start configuring the Zabbix server. Open the Zabbix server configuration file for editing with the following command.
nano /etc/zabbix/zabbix_server.conf
Then, find and update the following lines to include the name of your database and the credentials you created for Zabbix.
DBHost=localhost DBName=zabbix_db DBUser=zabbix_user DBPassword=zabbix_password
Also, be sure to leave the following options as default (commented out).
#ListenPort=10051 #DBSocket=/tmp/mysql.sock
Save and close the Zabbix server configuration file and open the Zabbix agent configuration file for editing by running the following command.
nano /etc/zabbix/zabbix_agentd.conf
Search the Zabbix agent configuration file for the following lines and update them as shown in the following file excerpt:
Server=127.0.0.1 ListenPort=10050
After modifying the above lines, save and close the Zabbix agent configuration file and restart the Zabbix server and agent by running the following command sequence.
systemctl restart zabbix-server.service
systemctl restart zabbix-agent.service
Verify that the server and agent are working in the system and enable the services system-wide by entering the following commands. Use the netstat or ss command to list the ports on which the Zabbix server and agent are listening. The Zabbix agent should be bound to and listening on port 10050/TCP and the Zabbix server on port 10051/TCP.
systemctl status zabbix-server.service zabbix-agent.service
systemctl enable zabbix-server.service zabbix-agent.service
netstat -tlpn| grep zabbix
Now begin installing and configuring the Zabbix front-end application by opening a browser and navigating to your server IP address or domain name using the HTTPS protocol. The full URL address should look like the following example.
https://your_domian.com/zabbix/setup.php
You should see a welcome message on the first setup screen in your browser. Click the Next Step button to start the installation process.
On the next screen, the Zabbix installer will run a series of system and PHP gateway checks to determine if all the required PHP variables and modules are installed and properly configured in your system (see the following figures). Scroll down to verify that all PHP requirements are met and click the Next Step button to continue.
On the next installation screen, add the MySQL database name and credentials you previously set up for Zabbix and click the Next Step button to continue.
Next, in the Hostname field, enter localhost and the port number of the Zabbix server running on your localhost (10051). Also add a name for this Zabbix installation and click the Next Step button to proceed to the next installation screen. Use the following screenshot as a guide.
On the next screen, you should see a summary of the pre-installation of Zabbix in your browser. Verify that all setup parameters are configured correctly and click the Next Step button to begin configuring and installing Zabbix.
A congratulatory message should be displayed in your browser after the web installer has configured and installed the Zabbix frontend. You can find the PHP frontend configurations in the file /usr/share/zabbix/conf/zabbix.conf.php.
To log in to the Zabbix web frontend, navigate to your server IP address or domain name using the HTTPS protocol and add the following URL address to /zabbix/index.php
https://your_domain.tld/zabbix/index.php
The default login credentials for Zabbix are:
Username:Admin
Password:zabbix
After you successfully log in to the Zabbix web frontend, you should be able to manage the Zabbix configuration dashboard to add new hosts and monitor your network servers, devices, and other network and system resources.
To force visitors to be automatically redirected to the Zabbix web frontend using the HTTPS protocol, create a new .htaccess file in the root directory of your web server with the following content.
nano /var/www/html/.htaccess
.htaccessExtract from the file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
Options -Indexes
RewriteRule ^$ /zabbix [L,R=301]
</IfModule>That’s it! You have successfully installed and configured the network monitoring application Zabbix 3.4 on Debian 9.2. However, since the Apache HTTP server uses self-signed certificates to encrypt traffic between the server and the client’s browser, a warning message is generated and displayed every time your domain is accessed. In this case, you should purchase a certificate issued by a trusted certificate authority or get a free pair of certificates from Let’s Encrypt CA.
Other custom installation configurations for Zabbix can be found on the documentation page at the following address: https://www.zabbix.com/documentation/3.4/start