Public | Automated Build

Last pushed: 2 years ago
Short Description
SSH tunnel to connect the Zabbix server to an agent running on a public internet server.
Full Description


While running a Zabbix server at home using the nice, I want it to connect to the agents on my public servers. To not expose the Zabbix agents to the internet, I run it only on the localhost interface. iptables would be an option, but my home IP is dynamic and changes from time to time. To make the connection between the Zabbix server and agents, I run an ssh tunnel, controled by autssh.

Setup docker container

Either you build the image by yourself, already including the private key file, then follow the first three steps. Or you can mount a host volume includig your generated id_rsa file by adding the option -v /path/to/your/id_rsa:/root/.ssh/id_rsa

Clone Repository

git clone

Generate your own keys

ssh-keygen -t rsa -b 4096 -f ./id_rsa -C ""

Build new image

docker build -t siedi/zabbix-autossh .

Setup server with Zabbix agent

(borrowed from

Assuming you have already installed the zabbix-agent, e.g. with

aptitude install zabbix-agent

Edit /etc/zabbix/zabbix_agentd.conf and make the following changes


Add a new user we are using for the ssh tunnel

adduser --system --group zabbixagent

Copy the previously generated public key file to /home/zabbixagent/.ssh/authorized_keys

Set the right permissions

chown -R zabbixagent:zabbixagent /home/zabbixagent
chmod 440 /home/zabbixagent/.ssh/authorized_keys

Run the container

Start the container and the ssh tunnel

docker run -d --name autossh-yourserver -t -i siedi/zabbix-autossh -p 2222

Link that container in your Zabbix Server container, e.g.

docker run \
    -d \
    --name zabbix \
    -p 8085:80 \
    -p 10051:10051 \
    -v /etc/localtime:/etc/localtime:ro \
    --link zabbix-db:zabbix.db \
    --link autossh-yourserver:yourserver \
    --env="ZS_DBHost=zabbix.db" \

Add Agent to Zabbix

In the Zabbix server add the new host to your configuration. In the agent config of that host add "yourserver" as the DNS name. Port is default.

You can also add a discovery rule by scanning the IP range

Docker Pull Command
Source Repository