2
  • CentOS Linux release 7.5.1804 (Core)
  • Linux localhost.localdomain 4.19.0-1.el7.elrepo.x86_64
  • PHP 5.4.16 (cli)
  • PHP 5.4.16 (fpm-fcgi)
  • nginx/1.14.1
  • Zabbix 4.0.2

Hello. I want to upgrade from PHP54 to PHP73 version on my Zabbix Server. yum update shows nothing, but yum list displays php 7.2 and 7.3 packets available (remi-safe repo).

  1. If I can't update just with yum update, how can I make this?
  2. If I want to keep my Zabbix server safe after updating, what files should I edit?
rGA145
  • 155
  • 2
  • 11

1 Answers1

0

As you can run multiple PHP versions at the same time you can install the new PHP packages via:

yum install -y php73-<package name>

AFAIK zabbix 4.0 is compatible with php7.3 so you just need to re-point to a new php-fpm7.3 in nginx when done installing and running all the dependencies.

Your nginx zabbix.conf should contain this:

    location ~ \.php$ {
        if (!-f $request_filename) { return 404; }
        expires                 epoch;
        include                 /etc/nginx/fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index           index.php;
        fastcgi_pass            unix:/var/run/php/php7.3-fpm.sock;
        # "as it takes the alias directive into account,..."
        fastcgi_param SCRIPT_FILENAME $request_filename;
    }

for php7.3. Please know example was taken from Debian so CentOS paths are probably different - take a look directly on the system and adjust. After updating the conf you should restart nginx for changes to take effect.

It goes without saying you should backup everything and ideally experiment on non-production environment :)

As for security hardening of zabbix front-end ? 0) Use only SSL configuration to provide log-in

  1. Use only strong passwords
  2. Disable "Admin" and "guest" accounts
  3. Monitor for any brute-force attempts via WAF and block them
  4. Do not allow access to the login page to audience that does not need it
Roman Spiak
  • 166
  • 5