PcChip · April 20, 2026 19:31
diff --git a/zabbixproxy.sh b/zabbixproxy.sh
 #!/usr/bin/env bash
 set -euo pipefail

 export DEBIAN_FRONTEND=noninteractive

 ZABBIX_VERSION="7.4"
 ZABBIX_RELEASE_DEB="zabbix-release_latest_${ZABBIX_VERSION}+ubuntu24.04_all.deb"
 ZABBIX_RELEASE_URL="https://repo.zabbix.com/zabbix/${ZABBIX_VERSION}/release/ubuntu/pool/main/z/zabbix-release/${ZABBIX_RELEASE_DEB}"

 CONFIG_FILE="/etc/zabbix/zabbix_proxy.conf"
 PSK_FILE="/etc/zabbix/zabbix_proxy.psk"
 DB_FILE="/var/lib/zabbix/zabbix_proxy.db"
 LOG_FILE="/var/log/zabbix/zabbix_proxy.log"

 AUTO_UPDATE_SCRIPT="/usr/local/sbin/zabbix-proxy-self-update.sh"
 AUTO_UPDATE_SERVICE="/etc/systemd/system/zabbix-proxy-self-update.service"
 AUTO_UPDATE_TIMER="/etc/systemd/system/zabbix-proxy-self-update.timer"

 if [ "$(id -u)" -ne 0 ]; then
    echo "This script must be run as root."
    echo "Example:"
    echo '  curl -fsSL "https://gist.githubusercontent.com/PcChip/8437be3144448da12eff1caec0bcfde1/raw/1678eb15a132ea229f426419f97c3b0e889403e7/zabbixproxy.sh" -o /tmp/zabbixproxy.sh && sudo bash /tmp/zabbixproxy.sh'
    exit 1
 fi

 if ! command -v apt >/dev/null 2>&1; then
    echo "apt not found. This script is intended for Ubuntu."
    exit 1
 fi

 LOCAL_HOSTNAME="$(hostname)"

 printf "Enter the Zabbix server IP address or DNS name: "
 read -r ZABBIX_SERVER

 if [ -z "${ZABBIX_SERVER}" ]; then
    echo "Zabbix server value cannot be blank."
    exit 1
 fi

 set_config_value() {
    local KEY="$1"
    local VALUE="$2"
    local FILE="$3"

    if grep -Eq "^[[:space:]]*#?[[:space:]]*${KEY}[[:space:]]*=" "$FILE"; then
        sed -i -E "s|^[[:space:]]*#?[[:space:]]*${KEY}[[:space:]]*=.*|${KEY}=${VALUE}|" "$FILE"
    else
        printf '\n%s=%s\n' "$KEY" "$VALUE" >> "$FILE"
    fi

    awk -v key="$KEY" '
        BEGIN { seen=0 }
        $0 ~ "^[[:space:]]*" key "[[:space:]]*=" {
            seen++
            if (seen > 1) next
        }
        { print }
    ' "$FILE" > "${FILE}.tmp" && mv "${FILE}.tmp" "$FILE"
 }

 echo
 echo "Installing prerequisite packages..."
 apt update
 apt install -y wget ca-certificates gnupg openssl

 echo "Installing Zabbix repository package..."
 TMP_DEB="/tmp/${ZABBIX_RELEASE_DEB}"
 wget -O "${TMP_DEB}" "${ZABBIX_RELEASE_URL}"
 dpkg -i "${TMP_DEB}"

 echo "Refreshing package lists..."
 apt update

 echo "Installing Zabbix proxy packages..."
 apt install -y zabbix-proxy-sqlite3 zabbix-sql-scripts

 echo "Preparing directories..."
 mkdir -p /var/lib/zabbix
 mkdir -p /var/log/zabbix
 chown zabbix:zabbix /var/lib/zabbix
 chmod 755 /var/lib/zabbix
 touch "${LOG_FILE}"
 chown zabbix:zabbix "${LOG_FILE}"
 chmod 640 "${LOG_FILE}"

 echo "Generating PSK..."
 OLD_UMASK="$(umask)"
 umask 077
 openssl rand -hex 32 > "${PSK_FILE}"
 umask "${OLD_UMASK}"
 chown zabbix:zabbix "${PSK_FILE}"
 chmod 600 "${PSK_FILE}"

 PSK_IDENTITY="${LOCAL_HOSTNAME}-psk"

 echo "Backing up config..."
 cp "${CONFIG_FILE}" "${CONFIG_FILE}.bak.$(date +%Y%m%d%H%M%S)"

 echo "Configuring ${CONFIG_FILE} ..."
 set_config_value "ProxyMode" "0" "${CONFIG_FILE}"
 set_config_value "Server" "${ZABBIX_SERVER}" "${CONFIG_FILE}"
 set_config_value "Hostname" "${LOCAL_HOSTNAME}" "${CONFIG_FILE}"
 set_config_value "LogFile" "${LOG_FILE}" "${CONFIG_FILE}"
 set_config_value "DBName" "${DB_FILE}" "${CONFIG_FILE}"
 set_config_value "StartVMwareCollectors" "2" "${CONFIG_FILE}"
 set_config_value "TLSConnect" "psk" "${CONFIG_FILE}"
 set_config_value "TLSAccept" "psk" "${CONFIG_FILE}"
 set_config_value "TLSPSKIdentity" "${PSK_IDENTITY}" "${CONFIG_FILE}"
 set_config_value "TLSPSKFile" "${PSK_FILE}" "${CONFIG_FILE}"
 chown root:root "${CONFIG_FILE}"
 chmod 644 "${CONFIG_FILE}"

 echo "Installing automatic daily update script..."
 cat > "${AUTO_UPDATE_SCRIPT}" <<'EOF'
 #!/usr/bin/env bash
 set -euo pipefail

 export DEBIAN_FRONTEND=noninteractive

 LOGGER_TAG="zabbix-proxy-self-update"

 log() {
    logger -t "${LOGGER_TAG}" "$1"
    echo "$1"
 }

 log "Starting daily Zabbix proxy update check."

 apt-get update

 BEFORE="$(dpkg-query -W -f='${Version}' zabbix-proxy-sqlite3 2>/dev/null || true)"

 apt-get install -y --only-upgrade zabbix-proxy-sqlite3 zabbix-sql-scripts

 AFTER="$(dpkg-query -W -f='${Version}' zabbix-proxy-sqlite3 2>/dev/null || true)"

 if [ -n "${BEFORE}" ] && [ "${BEFORE}" != "${AFTER}" ]; then
    log "Zabbix proxy upgraded from ${BEFORE} to ${AFTER}; restarting service."
    systemctl restart zabbix-proxy
 else
    log "No Zabbix proxy package change detected."
 fi

 log "Daily Zabbix proxy update check completed."
 EOF

 chmod 755 "${AUTO_UPDATE_SCRIPT}"
 chown root:root "${AUTO_UPDATE_SCRIPT}"

 echo "Installing automatic daily update systemd unit..."
 cat > "${AUTO_UPDATE_SERVICE}" <<EOF
 [Unit]
 Description=Daily Zabbix proxy package update
 Wants=network-online.target
 After=network-online.target

 [Service]
 Type=oneshot
 ExecStart=${AUTO_UPDATE_SCRIPT}
 EOF

 cat > "${AUTO_UPDATE_TIMER}" <<'EOF'
 [Unit]
 Description=Run daily Zabbix proxy package update

 [Timer]
 OnCalendar=daily
 RandomizedDelaySec=1800
 Persistent=true

 [Install]
 WantedBy=timers.target
 EOF

 chmod 644 "${AUTO_UPDATE_SERVICE}" "${AUTO_UPDATE_TIMER}"
 chown root:root "${AUTO_UPDATE_SERVICE}" "${AUTO_UPDATE_TIMER}"

 echo "Reloading systemd and enabling daily update timer..."
 systemctl daemon-reload
 systemctl enable --now zabbix-proxy-self-update.timer

 echo "Enabling and starting zabbix-proxy..."
 systemctl enable zabbix-proxy
 if ! systemctl restart zabbix-proxy; then
    echo
    echo "zabbix-proxy failed to start. Recent journal output:"
    journalctl -u zabbix-proxy.service -n 100 --no-pager || true
    exit 1
 fi

 echo
 echo "Done."
 echo
 echo "Proxy hostname: ${LOCAL_HOSTNAME}"
 echo "Server: ${ZABBIX_SERVER}"
 PUBLIC_IP="$(curl -4 -fsSL icanhazip.com 2>/dev/null || true)"
 echo "Public IP: ${PUBLIC_IP}"
 echo "DB file: ${DB_FILE}"
 echo "Log file: ${LOG_FILE}"
 echo "PSK identity: ${PSK_IDENTITY}"
 echo "PSK file: ${PSK_FILE}"
 echo
 echo "PSK value:"
 cat "${PSK_FILE}"
 echo
 echo "Configure the same PSK identity and PSK value on the proxy entry in the Zabbix frontend."
 echo
 echo "Auto-update timer status:"
 systemctl --no-pager --full status zabbix-proxy-self-update.timer || true
 echo
 echo "Proxy service status:"
 systemctl --no-pager --full status zabbix-proxy || true
	#!/usr/bin/env bash
	set -euo pipefail

	export DEBIAN_FRONTEND=noninteractive

	ZABBIX_VERSION="7.4"
	ZABBIX_RELEASE_DEB="zabbix-release_latest_${ZABBIX_VERSION}+ubuntu24.04_all.deb"
	ZABBIX_RELEASE_URL="https://repo.zabbix.com/zabbix/${ZABBIX_VERSION}/release/ubuntu/pool/main/z/zabbix-release/${ZABBIX_RELEASE_DEB}"

	CONFIG_FILE="/etc/zabbix/zabbix_proxy.conf"
	PSK_FILE="/etc/zabbix/zabbix_proxy.psk"
	DB_FILE="/var/lib/zabbix/zabbix_proxy.db"
	LOG_FILE="/var/log/zabbix/zabbix_proxy.log"

	AUTO_UPDATE_SCRIPT="/usr/local/sbin/zabbix-proxy-self-update.sh"
	AUTO_UPDATE_SERVICE="/etc/systemd/system/zabbix-proxy-self-update.service"
	AUTO_UPDATE_TIMER="/etc/systemd/system/zabbix-proxy-self-update.timer"

	if [ "$(id -u)" -ne 0 ]; then
	echo "This script must be run as root."
	echo "Example:"
	echo ' curl -fsSL "https://gist.githubusercontent.com/PcChip/8437be3144448da12eff1caec0bcfde1/raw/1678eb15a132ea229f426419f97c3b0e889403e7/zabbixproxy.sh" -o /tmp/zabbixproxy.sh && sudo bash /tmp/zabbixproxy.sh'
	exit 1
	fi

	if ! command -v apt >/dev/null 2>&1; then
	echo "apt not found. This script is intended for Ubuntu."
	exit 1
	fi

	LOCAL_HOSTNAME="$(hostname)"

	printf "Enter the Zabbix server IP address or DNS name: "
	read -r ZABBIX_SERVER

	if [ -z "${ZABBIX_SERVER}" ]; then
	echo "Zabbix server value cannot be blank."
	exit 1
	fi

	set_config_value() {
	local KEY="$1"
	local VALUE="$2"
	local FILE="$3"

	if grep -Eq "^[[:space:]]#?[[:space:]]${KEY}[[:space:]]*=" "$FILE"; then
	sed -i -E "s\|^[[:space:]]#?[[:space:]]${KEY}[[:space:]]=.\|${KEY}=${VALUE}\|" "$FILE"
	else
	printf '\n%s=%s\n' "$KEY" "$VALUE" >> "$FILE"
	fi

	awk -v key="$KEY" '
	BEGIN { seen=0 }
	$0 ~ "^[[:space:]]" key "[[:space:]]=" {
	seen++
	if (seen > 1) next
	}
	{ print }
	' "$FILE" > "${FILE}.tmp" && mv "${FILE}.tmp" "$FILE"
	}

	echo
	echo "Installing prerequisite packages..."
	apt update
	apt install -y wget ca-certificates gnupg openssl

	echo "Installing Zabbix repository package..."
	TMP_DEB="/tmp/${ZABBIX_RELEASE_DEB}"
	wget -O "${TMP_DEB}" "${ZABBIX_RELEASE_URL}"
	dpkg -i "${TMP_DEB}"

	echo "Refreshing package lists..."
	apt update

	echo "Installing Zabbix proxy packages..."
	apt install -y zabbix-proxy-sqlite3 zabbix-sql-scripts

	echo "Preparing directories..."
	mkdir -p /var/lib/zabbix
	mkdir -p /var/log/zabbix
	chown zabbix:zabbix /var/lib/zabbix
	chmod 755 /var/lib/zabbix
	touch "${LOG_FILE}"
	chown zabbix:zabbix "${LOG_FILE}"
	chmod 640 "${LOG_FILE}"

	echo "Generating PSK..."
	OLD_UMASK="$(umask)"
	umask 077
	openssl rand -hex 32 > "${PSK_FILE}"
	umask "${OLD_UMASK}"
	chown zabbix:zabbix "${PSK_FILE}"
	chmod 600 "${PSK_FILE}"

	PSK_IDENTITY="${LOCAL_HOSTNAME}-psk"

	echo "Backing up config..."
	cp "${CONFIG_FILE}" "${CONFIG_FILE}.bak.$(date +%Y%m%d%H%M%S)"

	echo "Configuring ${CONFIG_FILE} ..."
	set_config_value "ProxyMode" "0" "${CONFIG_FILE}"
	set_config_value "Server" "${ZABBIX_SERVER}" "${CONFIG_FILE}"
	set_config_value "Hostname" "${LOCAL_HOSTNAME}" "${CONFIG_FILE}"
	set_config_value "LogFile" "${LOG_FILE}" "${CONFIG_FILE}"
	set_config_value "DBName" "${DB_FILE}" "${CONFIG_FILE}"
	set_config_value "StartVMwareCollectors" "2" "${CONFIG_FILE}"
	set_config_value "TLSConnect" "psk" "${CONFIG_FILE}"
	set_config_value "TLSAccept" "psk" "${CONFIG_FILE}"
	set_config_value "TLSPSKIdentity" "${PSK_IDENTITY}" "${CONFIG_FILE}"
	set_config_value "TLSPSKFile" "${PSK_FILE}" "${CONFIG_FILE}"
	chown root:root "${CONFIG_FILE}"
	chmod 644 "${CONFIG_FILE}"

	echo "Installing automatic daily update script..."
	cat > "${AUTO_UPDATE_SCRIPT}" <<'EOF'
	#!/usr/bin/env bash
	set -euo pipefail

	export DEBIAN_FRONTEND=noninteractive

	LOGGER_TAG="zabbix-proxy-self-update"

	log() {
	logger -t "${LOGGER_TAG}" "$1"
	echo "$1"
	}

	log "Starting daily Zabbix proxy update check."

	apt-get update

	BEFORE="$(dpkg-query -W -f='${Version}' zabbix-proxy-sqlite3 2>/dev/null \|\| true)"

	apt-get install -y --only-upgrade zabbix-proxy-sqlite3 zabbix-sql-scripts

	AFTER="$(dpkg-query -W -f='${Version}' zabbix-proxy-sqlite3 2>/dev/null \|\| true)"

	if [ -n "${BEFORE}" ] && [ "${BEFORE}" != "${AFTER}" ]; then
	log "Zabbix proxy upgraded from ${BEFORE} to ${AFTER}; restarting service."
	systemctl restart zabbix-proxy
	else
	log "No Zabbix proxy package change detected."
	fi

	log "Daily Zabbix proxy update check completed."
	EOF

	chmod 755 "${AUTO_UPDATE_SCRIPT}"
	chown root:root "${AUTO_UPDATE_SCRIPT}"

	echo "Installing automatic daily update systemd unit..."
	cat > "${AUTO_UPDATE_SERVICE}" <<EOF
	[Unit]
	Description=Daily Zabbix proxy package update
	Wants=network-online.target
	After=network-online.target

	[Service]
	Type=oneshot
	ExecStart=${AUTO_UPDATE_SCRIPT}
	EOF

	cat > "${AUTO_UPDATE_TIMER}" <<'EOF'
	[Unit]
	Description=Run daily Zabbix proxy package update

	[Timer]
	OnCalendar=daily
	RandomizedDelaySec=1800
	Persistent=true

	[Install]
	WantedBy=timers.target
	EOF

	chmod 644 "${AUTO_UPDATE_SERVICE}" "${AUTO_UPDATE_TIMER}"
	chown root:root "${AUTO_UPDATE_SERVICE}" "${AUTO_UPDATE_TIMER}"

	echo "Reloading systemd and enabling daily update timer..."
	systemctl daemon-reload
	systemctl enable --now zabbix-proxy-self-update.timer

	echo "Enabling and starting zabbix-proxy..."
	systemctl enable zabbix-proxy
	if ! systemctl restart zabbix-proxy; then
	echo
	echo "zabbix-proxy failed to start. Recent journal output:"
	journalctl -u zabbix-proxy.service -n 100 --no-pager \|\| true
	exit 1
	fi

	echo
	echo "Done."
	echo
	echo "Proxy hostname: ${LOCAL_HOSTNAME}"
	echo "Server: ${ZABBIX_SERVER}"
	PUBLIC_IP="$(curl -4 -fsSL icanhazip.com 2>/dev/null \|\| true)"
	echo "Public IP: ${PUBLIC_IP}"
	echo "DB file: ${DB_FILE}"
	echo "Log file: ${LOG_FILE}"
	echo "PSK identity: ${PSK_IDENTITY}"
	echo "PSK file: ${PSK_FILE}"
	echo
	echo "PSK value:"
	cat "${PSK_FILE}"
	echo
	echo "Configure the same PSK identity and PSK value on the proxy entry in the Zabbix frontend."
	echo
	echo "Auto-update timer status:"
	systemctl --no-pager --full status zabbix-proxy-self-update.timer \|\| true
	echo
	echo "Proxy service status:"
	systemctl --no-pager --full status zabbix-proxy \|\| true
No results found