1# This is a configuration file for Zabbix proxy daemon 2# To get more information about Zabbix, visit http://www.zabbix.com 3 4############ GENERAL PARAMETERS ################# 5 6### Option: ProxyMode 7# Proxy operating mode. 8# 0 - proxy in the active mode 9# 1 - proxy in the passive mode 10# 11# Mandatory: no 12# Default: 13# ProxyMode=0 14 15### Option: Server 16# If ProxyMode is set to active mode: 17# IP address or DNS name of Zabbix server to get configuration data from and send data to. 18# If ProxyMode is set to passive mode: 19# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix server. 20# Incoming connections will be accepted only from the addresses listed here. 21# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally 22# and '::/0' will allow any IPv4 or IPv6 address. 23# '0.0.0.0/0' can be used to allow any IPv4 address. 24# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com 25# 26# Mandatory: yes 27# Default: 28# Server= 29 30Server=127.0.0.1 31 32### Option: ServerPort 33# Port of Zabbix trapper on Zabbix server. 34# For a proxy in the passive mode this parameter will be ignored. 35# 36# Mandatory: no 37# Range: 1024-32767 38# Default: 39# ServerPort=10051 40 41### Option: Hostname 42# Unique, case sensitive Proxy name. Make sure the Proxy name is known to the server! 43# Value is acquired from HostnameItem if undefined. 44# 45# Mandatory: no 46# Default: 47# Hostname= 48 49Hostname=Zabbix proxy 50 51### Option: HostnameItem 52# Item used for generating Hostname if it is undefined. 53# Ignored if Hostname is defined. 54# 55# Mandatory: no 56# Default: 57# HostnameItem=system.hostname 58 59### Option: ListenPort 60# Listen port for trapper. 61# 62# Mandatory: no 63# Range: 1024-32767 64# Default: 65# ListenPort=10051 66 67### Option: SourceIP 68# Source IP address for outgoing connections. 69# 70# Mandatory: no 71# Default: 72# SourceIP= 73 74### Option: LogType 75# Specifies where log messages are written to: 76# system - syslog 77# file - file specified with LogFile parameter 78# console - standard output 79# 80# Mandatory: no 81# Default: 82# LogType=file 83 84### Option: LogFile 85# Log file name for LogType 'file' parameter. 86# 87# Mandatory: yes, if LogType is set to file, otherwise no 88# Default: 89# LogFile= 90 91LogFile=/tmp/zabbix_proxy.log 92 93### Option: LogFileSize 94# Maximum size of log file in MB. 95# 0 - disable automatic log rotation. 96# 97# Mandatory: no 98# Range: 0-1024 99# Default: 100# LogFileSize=1 101 102### Option: DebugLevel 103# Specifies debug level: 104# 0 - basic information about starting and stopping of Zabbix processes 105# 1 - critical information 106# 2 - error information 107# 3 - warnings 108# 4 - for debugging (produces lots of information) 109# 5 - extended debugging (produces even more information) 110# 111# Mandatory: no 112# Range: 0-5 113# Default: 114# DebugLevel=3 115 116### Option: EnableRemoteCommands 117# Whether remote commands from Zabbix server are allowed. 118# 0 - not allowed 119# 1 - allowed 120# 121# Mandatory: no 122# Default: 123# EnableRemoteCommands=0 124 125### Option: LogRemoteCommands 126# Enable logging of executed shell commands as warnings. 127# 0 - disabled 128# 1 - enabled 129# 130# Mandatory: no 131# Default: 132# LogRemoteCommands=0 133 134### Option: PidFile 135# Name of PID file. 136# 137# Mandatory: no 138# Default: 139# PidFile=/tmp/zabbix_proxy.pid 140 141### Option: SocketDir 142# IPC socket directory. 143# Directory to store IPC sockets used by internal Zabbix services. 144# 145# Mandatory: no 146# Default: 147# SocketDir=/tmp 148 149### Option: DBHost 150# Database host name. 151# If set to localhost, socket is used for MySQL. 152# If set to empty string, socket is used for PostgreSQL. 153# 154# Mandatory: no 155# Default: 156# DBHost=localhost 157 158### Option: DBName 159# Database name. 160# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored. 161# Warning: do not attempt to use the same database Zabbix server is using. 162# 163# Mandatory: yes 164# Default: 165# DBName= 166 167DBName=zabbix_proxy 168 169### Option: DBSchema 170# Schema name. Used for PostgreSQL. 171# 172# Mandatory: no 173# Default: 174# DBSchema= 175 176### Option: DBUser 177# Database user. Ignored for SQLite. 178# 179# Default: 180# DBUser= 181 182DBUser=zabbix 183 184### Option: DBPassword 185# Database password. Ignored for SQLite. 186# Comment this line if no password is used. 187# 188# Mandatory: no 189# Default: 190# DBPassword= 191 192### Option: DBSocket 193# Path to MySQL socket. 194# 195# Mandatory: no 196# Default: 197# DBSocket= 198 199# Option: DBPort 200# Database port when not using local socket. Ignored for SQLite. 201# 202# Mandatory: no 203# Default: 204# DBPort= 205 206######### PROXY SPECIFIC PARAMETERS ############# 207 208### Option: ProxyLocalBuffer 209# Proxy will keep data locally for N hours, even if the data have already been synced with the server. 210# This parameter may be used if local data will be used by third party applications. 211# 212# Mandatory: no 213# Range: 0-720 214# Default: 215# ProxyLocalBuffer=0 216 217### Option: ProxyOfflineBuffer 218# Proxy will keep data for N hours in case if no connectivity with Zabbix Server. 219# Older data will be lost. 220# 221# Mandatory: no 222# Range: 1-720 223# Default: 224# ProxyOfflineBuffer=1 225 226### Option: HeartbeatFrequency 227# Frequency of heartbeat messages in seconds. 228# Used for monitoring availability of Proxy on server side. 229# 0 - heartbeat messages disabled. 230# For a proxy in the passive mode this parameter will be ignored. 231# 232# Mandatory: no 233# Range: 0-3600 234# Default: 235# HeartbeatFrequency=60 236 237### Option: ConfigFrequency 238# How often proxy retrieves configuration data from Zabbix Server in seconds. 239# For a proxy in the passive mode this parameter will be ignored. 240# 241# Mandatory: no 242# Range: 1-3600*24*7 243# Default: 244# ConfigFrequency=3600 245 246### Option: DataSenderFrequency 247# Proxy will send collected data to the Server every N seconds. 248# For a proxy in the passive mode this parameter will be ignored. 249# 250# Mandatory: no 251# Range: 1-3600 252# Default: 253# DataSenderFrequency=1 254 255############ ADVANCED PARAMETERS ################ 256 257### Option: StartPollers 258# Number of pre-forked instances of pollers. 259# 260# Mandatory: no 261# Range: 0-1000 262# Default: 263# StartPollers=5 264 265### Option: StartIPMIPollers 266# Number of pre-forked instances of IPMI pollers. 267# The IPMI manager process is automatically started when at least one IPMI poller is started. 268# 269# Mandatory: no 270# Range: 0-1000 271# Default: 272# StartIPMIPollers=0 273 274### Option: StartPreprocessors 275# Number of pre-forked instances of preprocessing workers. 276# The preprocessing manager process is automatically started when preprocessor worker is started. 277# 278# Mandatory: no 279# Range: 1-1000 280# Default: 281# StartPreprocessors=3 282 283### Option: StartPollersUnreachable 284# Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java). 285# At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers 286# are started. 287# 288# Mandatory: no 289# Range: 0-1000 290# Default: 291# StartPollersUnreachable=1 292 293### Option: StartTrappers 294# Number of pre-forked instances of trappers. 295# Trappers accept incoming connections from Zabbix sender and active agents. 296# 297# Mandatory: no 298# Range: 0-1000 299# Default: 300# StartTrappers=5 301 302### Option: StartPingers 303# Number of pre-forked instances of ICMP pingers. 304# 305# Mandatory: no 306# Range: 0-1000 307# Default: 308# StartPingers=1 309 310### Option: StartDiscoverers 311# Number of pre-forked instances of discoverers. 312# 313# Mandatory: no 314# Range: 0-250 315# Default: 316# StartDiscoverers=1 317 318### Option: StartHTTPPollers 319# Number of pre-forked instances of HTTP pollers. 320# 321# Mandatory: no 322# Range: 0-1000 323# Default: 324# StartHTTPPollers=1 325 326### Option: JavaGateway 327# IP address (or hostname) of Zabbix Java gateway. 328# Only required if Java pollers are started. 329# 330# Mandatory: no 331# Default: 332# JavaGateway= 333 334### Option: JavaGatewayPort 335# Port that Zabbix Java gateway listens on. 336# 337# Mandatory: no 338# Range: 1024-32767 339# Default: 340# JavaGatewayPort=10052 341 342### Option: StartJavaPollers 343# Number of pre-forked instances of Java pollers. 344# 345# Mandatory: no 346# Range: 0-1000 347# Default: 348# StartJavaPollers=0 349 350### Option: StartVMwareCollectors 351# Number of pre-forked vmware collector instances. 352# 353# Mandatory: no 354# Range: 0-250 355# Default: 356# StartVMwareCollectors=0 357 358### Option: VMwareFrequency 359# How often Zabbix will connect to VMware service to obtain a new data. 360# 361# Mandatory: no 362# Range: 10-86400 363# Default: 364# VMwareFrequency=60 365 366### Option: VMwarePerfFrequency 367# How often Zabbix will connect to VMware service to obtain performance data. 368# 369# Mandatory: no 370# Range: 10-86400 371# Default: 372# VMwarePerfFrequency=60 373 374### Option: VMwareCacheSize 375# Size of VMware cache, in bytes. 376# Shared memory size for storing VMware data. 377# Only used if VMware collectors are started. 378# 379# Mandatory: no 380# Range: 256K-2G 381# Default: 382# VMwareCacheSize=8M 383 384### Option: VMwareTimeout 385# Specifies how many seconds vmware collector waits for response from VMware service. 386# 387# Mandatory: no 388# Range: 1-300 389# Default: 390# VMwareTimeout=10 391 392### Option: SNMPTrapperFile 393# Temporary file used for passing data from SNMP trap daemon to the proxy. 394# Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. 395# 396# Mandatory: no 397# Default: 398# SNMPTrapperFile=/tmp/zabbix_traps.tmp 399 400### Option: StartSNMPTrapper 401# If 1, SNMP trapper process is started. 402# 403# Mandatory: no 404# Range: 0-1 405# Default: 406# StartSNMPTrapper=0 407 408### Option: ListenIP 409# List of comma delimited IP addresses that the trapper should listen on. 410# Trapper will listen on all network interfaces if this parameter is missing. 411# 412# Mandatory: no 413# Default: 414# ListenIP=0.0.0.0 415 416### Option: HousekeepingFrequency 417# How often Zabbix will perform housekeeping procedure (in hours). 418# Housekeeping is removing outdated information from the database. 419# To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency 420# hours of outdated information are deleted in one housekeeping cycle. 421# To lower load on proxy startup housekeeping is postponed for 30 minutes after proxy start. 422# With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option. 423# In this case the period of outdated information deleted in one housekeeping cycle is 4 times the 424# period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days. 425# 426# Mandatory: no 427# Range: 0-24 428# Default: 429# HousekeepingFrequency=1 430 431### Option: CacheSize 432# Size of configuration cache, in bytes. 433# Shared memory size, for storing hosts and items data. 434# 435# Mandatory: no 436# Range: 128K-64G 437# Default: 438# CacheSize=8M 439 440### Option: StartDBSyncers 441# Number of pre-forked instances of DB Syncers. 442# 443# Mandatory: no 444# Range: 1-100 445# Default: 446# StartDBSyncers=4 447 448### Option: HistoryCacheSize 449# Size of history cache, in bytes. 450# Shared memory size for storing history data. 451# 452# Mandatory: no 453# Range: 128K-2G 454# Default: 455# HistoryCacheSize=16M 456 457### Option: HistoryIndexCacheSize 458# Size of history index cache, in bytes. 459# Shared memory size for indexing history cache. 460# 461# Mandatory: no 462# Range: 128K-2G 463# Default: 464# HistoryIndexCacheSize=4M 465 466### Option: Timeout 467# Specifies how long we wait for agent, SNMP device or external check (in seconds). 468# 469# Mandatory: no 470# Range: 1-30 471# Default: 472# Timeout=3 473 474Timeout=4 475 476### Option: TrapperTimeout 477# Specifies how many seconds trapper may spend processing new data. 478# 479# Mandatory: no 480# Range: 1-300 481# Default: 482# TrapperTimeout=300 483 484### Option: UnreachablePeriod 485# After how many seconds of unreachability treat a host as unavailable. 486# 487# Mandatory: no 488# Range: 1-3600 489# Default: 490# UnreachablePeriod=45 491 492### Option: UnavailableDelay 493# How often host is checked for availability during the unavailability period, in seconds. 494# 495# Mandatory: no 496# Range: 1-3600 497# Default: 498# UnavailableDelay=60 499 500### Option: UnreachableDelay 501# How often host is checked for availability during the unreachability period, in seconds. 502# 503# Mandatory: no 504# Range: 1-3600 505# Default: 506# UnreachableDelay=15 507 508### Option: ExternalScripts 509# Full path to location of external scripts. 510# Default depends on compilation options. 511# To see the default path run command "zabbix_proxy --help". 512# 513# Mandatory: no 514# Default: 515# ExternalScripts=${datadir}/zabbix/externalscripts 516 517### Option: FpingLocation 518# Location of fping. 519# Make sure that fping binary has root ownership and SUID flag set. 520# 521# Mandatory: no 522# Default: 523# FpingLocation=/usr/local/sbin/fping 524 525### Option: Fping6Location 526# Location of fping6. 527# Make sure that fping6 binary has root ownership and SUID flag set. 528# Make empty if your fping utility is capable to process IPv6 addresses. 529# 530# Mandatory: no 531# Default: 532# Fping6Location=/usr/local/sbin/fping6 533 534### Option: SSHKeyLocation 535# Location of public and private keys for SSH checks and actions. 536# 537# Mandatory: no 538# Default: 539# SSHKeyLocation= 540 541### Option: LogSlowQueries 542# How long a database query may take before being logged (in milliseconds). 543# Only works if DebugLevel set to 3 or 4. 544# 0 - don't log slow queries. 545# 546# Mandatory: no 547# Range: 1-3600000 548# Default: 549# LogSlowQueries=0 550 551LogSlowQueries=3000 552 553### Option: TmpDir 554# Temporary directory. 555# 556# Mandatory: no 557# Default: 558# TmpDir=/tmp 559 560### Option: AllowRoot 561# Allow the proxy to run as 'root'. If disabled and the proxy is started by 'root', the proxy 562# will try to switch to the user specified by the User configuration option instead. 563# Has no effect if started under a regular user. 564# 0 - do not allow 565# 1 - allow 566# 567# Mandatory: no 568# Default: 569# AllowRoot=0 570 571### Option: User 572# Drop privileges to a specific, existing user on the system. 573# Only has effect if run as 'root' and AllowRoot is disabled. 574# 575# Mandatory: no 576# Default: 577# User=zabbix 578 579### Option: Include 580# You may include individual files or all files in a directory in the configuration file. 581# Installing Zabbix will create include directory in /usr/local/etc/zabbix5, unless modified during the compile time. 582# 583# Mandatory: no 584# Default: 585# Include= 586 587# Include=/usr/local/etc/zabbix5/zabbix_proxy.general.conf 588# Include=/usr/local/etc/zabbix5/zabbix_proxy.conf.d/ 589# Include=/usr/local/etc/zabbix5/zabbix_proxy.conf.d/*.conf 590 591### Option: SSLCertLocation 592# Location of SSL client certificates. 593# This parameter is used only in web monitoring. 594# Default depends on compilation options. 595# To see the default path run command "zabbix_proxy --help". 596# 597# Mandatory: no 598# Default: 599# SSLCertLocation=${datadir}/zabbix/ssl/certs 600 601### Option: SSLKeyLocation 602# Location of private keys for SSL client certificates. 603# This parameter is used only in web monitoring. 604# Default depends on compilation options. 605# To see the default path run command "zabbix_proxy --help". 606# 607# Mandatory: no 608# Default: 609# SSLKeyLocation=${datadir}/zabbix/ssl/keys 610 611### Option: SSLCALocation 612# Location of certificate authority (CA) files for SSL server certificate verification. 613# If not set, system-wide directory will be used. 614# This parameter is used only in web monitoring. 615# 616# Mandatory: no 617# Default: 618# SSLCALocation= 619 620####### LOADABLE MODULES ####### 621 622### Option: LoadModulePath 623# Full path to location of proxy modules. 624# Default depends on compilation options. 625# To see the default path run command "zabbix_proxy --help". 626# 627# Mandatory: no 628# Default: 629# LoadModulePath=${libdir}/modules 630 631### Option: LoadModule 632# Module to load at proxy startup. Modules are used to extend functionality of the proxy. 633# Formats: 634# LoadModule=<module.so> 635# LoadModule=<path/module.so> 636# LoadModule=</abs_path/module.so> 637# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. 638# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. 639# It is allowed to include multiple LoadModule parameters. 640# 641# Mandatory: no 642# Default: 643# LoadModule= 644 645### Option: StatsAllowedIP 646# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances. 647# Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests 648# will be accepted. 649# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally 650# and '::/0' will allow any IPv4 or IPv6 address. 651# '0.0.0.0/0' can be used to allow any IPv4 address. 652# Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com 653# 654# Mandatory: no 655# Default: 656# StatsAllowedIP= 657StatsAllowedIP=127.0.0.1 658 659####### TLS-RELATED PARAMETERS ####### 660 661### Option: TLSConnect 662# How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy. 663# Only one value can be specified: 664# unencrypted - connect without encryption 665# psk - connect using TLS and a pre-shared key 666# cert - connect using TLS and a certificate 667# 668# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) 669# Default: 670# TLSConnect=unencrypted 671 672### Option: TLSAccept 673# What incoming connections to accept from Zabbix server. Used for a passive proxy, ignored on an active proxy. 674# Multiple values can be specified, separated by comma: 675# unencrypted - accept connections without encryption 676# psk - accept connections secured with TLS and a pre-shared key 677# cert - accept connections secured with TLS and a certificate 678# 679# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) 680# Default: 681# TLSAccept=unencrypted 682 683### Option: TLSCAFile 684# Full pathname of a file containing the top-level CA(s) certificates for 685# peer certificate verification. 686# 687# Mandatory: no 688# Default: 689# TLSCAFile= 690 691### Option: TLSCRLFile 692# Full pathname of a file containing revoked certificates. 693# 694# Mandatory: no 695# Default: 696# TLSCRLFile= 697 698### Option: TLSServerCertIssuer 699# Allowed server certificate issuer. 700# 701# Mandatory: no 702# Default: 703# TLSServerCertIssuer= 704 705### Option: TLSServerCertSubject 706# Allowed server certificate subject. 707# 708# Mandatory: no 709# Default: 710# TLSServerCertSubject= 711 712### Option: TLSCertFile 713# Full pathname of a file containing the proxy certificate or certificate chain. 714# 715# Mandatory: no 716# Default: 717# TLSCertFile= 718 719### Option: TLSKeyFile 720# Full pathname of a file containing the proxy private key. 721# 722# Mandatory: no 723# Default: 724# TLSKeyFile= 725 726### Option: TLSPSKIdentity 727# Unique, case sensitive string used to identify the pre-shared key. 728# 729# Mandatory: no 730# Default: 731# TLSPSKIdentity= 732 733### Option: TLSPSKFile 734# Full pathname of a file containing the pre-shared key. 735# 736# Mandatory: no 737# Default: 738# TLSPSKFile= 739 740####### For advanced users - TLS ciphersuite selection criteria ####### 741 742### Option: TLSCipherCert13 743# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. 744# Override the default ciphersuite selection criteria for certificate-based encryption. 745# 746# Mandatory: no 747# Default: 748# TLSCipherCert13= 749 750### Option: TLSCipherCert 751# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. 752# Override the default ciphersuite selection criteria for certificate-based encryption. 753# Example for GnuTLS: 754# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 755# Example for OpenSSL: 756# EECDH+aRSA+AES128:RSA+aRSA+AES128 757# 758# Mandatory: no 759# Default: 760# TLSCipherCert= 761 762### Option: TLSCipherPSK13 763# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. 764# Override the default ciphersuite selection criteria for PSK-based encryption. 765# Example: 766# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 767# 768# Mandatory: no 769# Default: 770# TLSCipherPSK13= 771 772### Option: TLSCipherPSK 773# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. 774# Override the default ciphersuite selection criteria for PSK-based encryption. 775# Example for GnuTLS: 776# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL 777# Example for OpenSSL: 778# kECDHEPSK+AES128:kPSK+AES128 779# 780# Mandatory: no 781# Default: 782# TLSCipherPSK= 783 784### Option: TLSCipherAll13 785# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. 786# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. 787# Example: 788# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 789# 790# Mandatory: no 791# Default: 792# TLSCipherAll13= 793 794### Option: TLSCipherAll 795# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. 796# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. 797# Example for GnuTLS: 798# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 799# Example for OpenSSL: 800# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 801# 802# Mandatory: no 803# Default: 804# TLSCipherAll= 805 806### Option: DBTLSConnect 807# Setting this option enforces to use TLS connection to database. 808# required - connect using TLS 809# verify_ca - connect using TLS and verify certificate 810# verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost 811# matches its certificate 812# On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and 813# "verify_full". 814# On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. 815# Default is not to set any option and behavior depends on database configuration 816# 817# Mandatory: no 818# Default: 819# DBTLSConnect= 820 821### Option: DBTLSCAFile 822# Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. 823# Supported only for MySQL and PostgreSQL 824# 825# Mandatory: no 826# (yes, if DBTLSConnect set to one of: verify_ca, verify_full) 827# Default: 828# DBTLSCAFile= 829 830### Option: DBTLSCertFile 831# Full pathname of file containing Zabbix proxy certificate for authenticating to database. 832# Supported only for MySQL and PostgreSQL 833# 834# Mandatory: no 835# Default: 836# DBTLSCertFile= 837 838### Option: DBTLSKeyFile 839# Full pathname of file containing the private key for authenticating to database. 840# Supported only for MySQL and PostgreSQL 841# 842# Mandatory: no 843# Default: 844# DBTLSKeyFile= 845 846### Option: DBTLSCipher 847# The list of encryption ciphers that Zabbix proxy permits for TLS protocols up through TLSv1.2 848# Supported only for MySQL 849# 850# Mandatory no 851# Default: 852# DBTLSCipher= 853 854### Option: DBTLSCipher13 855# The list of encryption ciphersuites that Zabbix proxy permits for TLSv1.3 protocol 856# Supported only for MySQL, starting from version 8.0.16 857# 858# Mandatory no 859# Default: 860# DBTLSCipher13= 861 862####### For advanced users - TCP-related fine-tuning parameters ####### 863 864## Option: ListenBacklog 865# The maximum number of pending connections in the queue. This parameter is passed to 866# listen() function as argument 'backlog' (see "man listen"). 867# 868# Mandatory: no 869# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum) 870# Default: SOMAXCONN (hard-coded constant, depends on system) 871# ListenBacklog= 872