From aa38dcf4904f451a1e07b3141b5f1aebffd92be1 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Mon, 30 Mar 2020 15:54:35 -0400 Subject: [PATCH 01/12] Closes #3676: Reference VRF by name rather than RD during IP/prefix import --- docs/release-notes/version-2.7.md | 8 ++++++++ netbox/ipam/forms.py | 8 ++++---- netbox/ipam/tests/test_views.py | 17 +++++++++-------- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/docs/release-notes/version-2.7.md b/docs/release-notes/version-2.7.md index 047ee3549..3cf4522a7 100644 --- a/docs/release-notes/version-2.7.md +++ b/docs/release-notes/version-2.7.md @@ -1,5 +1,13 @@ # NetBox v2.7 Release Notes +## v2.7.12 (FUTURE) + +### Enhancements + +* [#3676](https://github.com/netbox-community/netbox/issues/3676) - Reference VRF by name rather than RD during IP/prefix import + +--- + ## v2.7.11 (2020-03-27) ### Enhancements diff --git a/netbox/ipam/forms.py b/netbox/ipam/forms.py index 7a4373fb0..b0f28060d 100644 --- a/netbox/ipam/forms.py +++ b/netbox/ipam/forms.py @@ -335,9 +335,9 @@ class PrefixForm(BootstrapMixin, TenancyForm, CustomFieldModelForm): class PrefixCSVForm(CustomFieldModelCSVForm): vrf = FlexibleModelChoiceField( queryset=VRF.objects.all(), - to_field_name='rd', + to_field_name='name', required=False, - help_text='Route distinguisher of parent VRF (or {ID})', + help_text='Name of parent VRF (or {ID})', error_messages={ 'invalid_choice': 'VRF not found.', } @@ -739,9 +739,9 @@ class IPAddressBulkAddForm(BootstrapMixin, TenancyForm, CustomFieldModelForm): class IPAddressCSVForm(CustomFieldModelCSVForm): vrf = FlexibleModelChoiceField( queryset=VRF.objects.all(), - to_field_name='rd', + to_field_name='name', required=False, - help_text='Route distinguisher of parent VRF (or {ID})', + help_text='Name of parent VRF (or {ID})', error_messages={ 'invalid_choice': 'VRF not found.', } diff --git a/netbox/ipam/tests/test_views.py b/netbox/ipam/tests/test_views.py index ba9db74f7..5c48cccfd 100644 --- a/netbox/ipam/tests/test_views.py +++ b/netbox/ipam/tests/test_views.py @@ -180,10 +180,10 @@ class PrefixTestCase(ViewTestCases.PrimaryObjectViewTestCase): } cls.csv_data = ( - "prefix,status", - "10.4.0.0/16,Active", - "10.5.0.0/16,Active", - "10.6.0.0/16,Active", + "vrf,prefix,status", + "VRF 1,10.4.0.0/16,Active", + "VRF 1,10.5.0.0/16,Active", + "VRF 1,10.6.0.0/16,Active", ) cls.bulk_edit_data = { @@ -207,6 +207,7 @@ class IPAddressTestCase(ViewTestCases.PrimaryObjectViewTestCase): VRF(name='VRF 1', rd='65000:1'), VRF(name='VRF 2', rd='65000:2'), ) + VRF.objects.bulk_create(vrfs) IPAddress.objects.bulk_create([ IPAddress(family=4, address=IPNetwork('192.0.2.1/24'), vrf=vrfs[0]), @@ -228,10 +229,10 @@ class IPAddressTestCase(ViewTestCases.PrimaryObjectViewTestCase): } cls.csv_data = ( - "address,status", - "192.0.2.4/24,Active", - "192.0.2.5/24,Active", - "192.0.2.6/24,Active", + "vrf,address,status", + "VRF 1,192.0.2.4/24,Active", + "VRF 1,192.0.2.5/24,Active", + "VRF 1,192.0.2.6/24,Active", ) cls.bulk_edit_data = { From fb2868f8bbe7ba0d5520aa1cc1ff3210f0967350 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Mon, 30 Mar 2020 16:44:04 -0400 Subject: [PATCH 02/12] Fixes #4418: Fail cleanly when trying to import multiple device types simultaneously --- docs/release-notes/version-2.7.md | 4 ++++ netbox/utilities/forms.py | 14 ++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/release-notes/version-2.7.md b/docs/release-notes/version-2.7.md index 3cf4522a7..630d9186a 100644 --- a/docs/release-notes/version-2.7.md +++ b/docs/release-notes/version-2.7.md @@ -6,6 +6,10 @@ * [#3676](https://github.com/netbox-community/netbox/issues/3676) - Reference VRF by name rather than RD during IP/prefix import +### Bug Fixes + +* [#4418](https://github.com/netbox-community/netbox/issues/4418) - Fail cleanly when trying to import multiple device types simultaneously + --- ## v2.7.11 (2020-03-27) diff --git a/netbox/utilities/forms.py b/netbox/utilities/forms.py index c17ff9299..fd528f827 100644 --- a/netbox/utilities/forms.py +++ b/netbox/utilities/forms.py @@ -698,7 +698,7 @@ class ImportForm(BootstrapMixin, forms.Form): """ data = forms.CharField( widget=forms.Textarea, - help_text="Enter object data in JSON or YAML format." + help_text="Enter object data in JSON or YAML format. Note: Only a single object/document is supported." ) format = forms.ChoiceField( choices=( @@ -717,14 +717,24 @@ class ImportForm(BootstrapMixin, forms.Form): if format == 'json': try: self.cleaned_data['data'] = json.loads(data) + # Check for multiple JSON objects + if type(self.cleaned_data['data']) is not dict: + raise forms.ValidationError({ + 'data': "Import is limited to one object at a time." + }) except json.decoder.JSONDecodeError as err: raise forms.ValidationError({ 'data': "Invalid JSON data: {}".format(err) }) else: + # Check for multiple YAML documents + if '\n---' in data: + raise forms.ValidationError({ + 'data': "Import is limited to one object at a time." + }) try: self.cleaned_data['data'] = yaml.load(data, Loader=yaml.SafeLoader) - except yaml.scanner.ScannerError as err: + except yaml.error.YAMLError as err: raise forms.ValidationError({ 'data': "Invalid YAML data: {}".format(err) }) From 221e014a25405fea9cd58e365d85ae5e286792b2 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Tue, 31 Mar 2020 11:36:53 -0400 Subject: [PATCH 03/12] Remove survey notification from README --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index be69a9e52..4203b7d87 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ ![NetBox](docs/netbox_logo.svg "NetBox logo") -**The [2020 NetBox user survey](https://docs.google.com/forms/d/1OVZuC4kQ-6kJbVf0bDB6vgkL9H96xF6phvYzby23elk/edit) is open!** Your feedback helps guide the project's long-term development. - NetBox is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. Initially conceived by the network engineering team at [DigitalOcean](https://www.digitalocean.com/), NetBox was developed specifically From 354f87c888af784d75322416d79de5e53e82f8c7 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 2 Apr 2020 10:06:01 -0400 Subject: [PATCH 04/12] Fixes #4439: Tweak display of unset custom integer fields --- docs/release-notes/version-2.7.md | 1 + netbox/templates/inc/custom_fields_panel.html | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/release-notes/version-2.7.md b/docs/release-notes/version-2.7.md index 630d9186a..67765c25c 100644 --- a/docs/release-notes/version-2.7.md +++ b/docs/release-notes/version-2.7.md @@ -9,6 +9,7 @@ ### Bug Fixes * [#4418](https://github.com/netbox-community/netbox/issues/4418) - Fail cleanly when trying to import multiple device types simultaneously +* [#4439](https://github.com/netbox-community/netbox/issues/4439) - Tweak display of unset custom integer fields --- diff --git a/netbox/templates/inc/custom_fields_panel.html b/netbox/templates/inc/custom_fields_panel.html index 00e009611..4f9b033b6 100644 --- a/netbox/templates/inc/custom_fields_panel.html +++ b/netbox/templates/inc/custom_fields_panel.html @@ -15,7 +15,7 @@ {% elif field.type == 'url' and value %} {{ value|truncatechars:70 }} - {% elif field.type == 'integer' or value %} + {% elif value %} {{ value }} {% elif field.required %} Not defined From 4ab3854d661153c90d1d78e344c7254d2d55f11b Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 2 Apr 2020 10:19:50 -0400 Subject: [PATCH 05/12] Fixes #4438: Fix exception when disconnecting a cable from a power feed --- docs/release-notes/version-2.7.md | 1 + netbox/dcim/models/__init__.py | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/docs/release-notes/version-2.7.md b/docs/release-notes/version-2.7.md index 67765c25c..fec39318d 100644 --- a/docs/release-notes/version-2.7.md +++ b/docs/release-notes/version-2.7.md @@ -9,6 +9,7 @@ ### Bug Fixes * [#4418](https://github.com/netbox-community/netbox/issues/4418) - Fail cleanly when trying to import multiple device types simultaneously +* [#4438](https://github.com/netbox-community/netbox/issues/4438) - Fix exception when disconnecting a cable from a power feed * [#4439](https://github.com/netbox-community/netbox/issues/4439) - Tweak display of unset custom integer fields --- diff --git a/netbox/dcim/models/__init__.py b/netbox/dcim/models/__init__.py index 902687617..63a320c78 100644 --- a/netbox/dcim/models/__init__.py +++ b/netbox/dcim/models/__init__.py @@ -1905,6 +1905,10 @@ class PowerFeed(ChangeLoggedModel, CableTermination, CustomFieldModel): super().save(*args, **kwargs) + @property + def parent(self): + return self.power_panel + def get_type_class(self): return self.TYPE_CLASS_MAP.get(self.type) From 1f3a21ba20ba735437f5f8c1597211bdfbf1647b Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 3 Apr 2020 12:13:36 -0400 Subject: [PATCH 06/12] Fixes #4449: Fix reservation edit/delete button URLs on rack view --- docs/release-notes/version-2.7.md | 1 + netbox/templates/dcim/rack.html | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/release-notes/version-2.7.md b/docs/release-notes/version-2.7.md index fec39318d..afce2ef70 100644 --- a/docs/release-notes/version-2.7.md +++ b/docs/release-notes/version-2.7.md @@ -11,6 +11,7 @@ * [#4418](https://github.com/netbox-community/netbox/issues/4418) - Fail cleanly when trying to import multiple device types simultaneously * [#4438](https://github.com/netbox-community/netbox/issues/4438) - Fix exception when disconnecting a cable from a power feed * [#4439](https://github.com/netbox-community/netbox/issues/4439) - Tweak display of unset custom integer fields +* [#4449](https://github.com/netbox-community/netbox/issues/4449) - Fix reservation edit/delete button URLs on rack view --- diff --git a/netbox/templates/dcim/rack.html b/netbox/templates/dcim/rack.html index ecd17172b..10cf492ac 100644 --- a/netbox/templates/dcim/rack.html +++ b/netbox/templates/dcim/rack.html @@ -287,12 +287,12 @@ {% if perms.dcim.change_rackreservation %} - + {% endif %} {% if perms.dcim.delete_rackreservation %} - + {% endif %} From 721368ea8d095b3882fc31d1f88637ae696a204b Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 3 Apr 2020 13:16:35 -0400 Subject: [PATCH 07/12] Closes #4147: Use absolute URLs in rack elevation SVG renderings --- docs/release-notes/version-2.7.md | 1 + netbox/dcim/api/views.py | 3 ++- netbox/dcim/elevations.py | 11 ++++++++--- netbox/dcim/models/__init__.py | 6 ++++-- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/release-notes/version-2.7.md b/docs/release-notes/version-2.7.md index afce2ef70..251b063ae 100644 --- a/docs/release-notes/version-2.7.md +++ b/docs/release-notes/version-2.7.md @@ -5,6 +5,7 @@ ### Enhancements * [#3676](https://github.com/netbox-community/netbox/issues/3676) - Reference VRF by name rather than RD during IP/prefix import +* [#4147](https://github.com/netbox-community/netbox/issues/4147) - Use absolute URLs in rack elevation SVG renderings ### Bug Fixes diff --git a/netbox/dcim/api/views.py b/netbox/dcim/api/views.py index 34ba0c47d..1041a0f41 100644 --- a/netbox/dcim/api/views.py +++ b/netbox/dcim/api/views.py @@ -225,7 +225,8 @@ class RackViewSet(CustomFieldModelViewSet): unit_width=data['unit_width'], unit_height=data['unit_height'], legend_width=data['legend_width'], - include_images=data['include_images'] + include_images=data['include_images'], + base_url=request.build_absolute_uri('/') ) return HttpResponse(drawing.tostring(), content_type='image/svg+xml') diff --git a/netbox/dcim/elevations.py b/netbox/dcim/elevations.py index a1af3968c..ea780b2d9 100644 --- a/netbox/dcim/elevations.py +++ b/netbox/dcim/elevations.py @@ -15,10 +15,15 @@ class RackElevationSVG: :param rack: A NetBox Rack instance :param include_images: If true, the SVG document will embed front/rear device face images, where available + :param base_url: Base URL for links within the SVG document. If none, links will be relative. """ - def __init__(self, rack, include_images=True): + def __init__(self, rack, include_images=True, base_url=None): self.rack = rack self.include_images = include_images + if base_url is not None: + self.base_url = base_url.rstrip('/') + else: + self.base_url = '' def _get_device_description(self, device): return '{} ({}) — {} ({}U) {} {}'.format( @@ -69,7 +74,7 @@ class RackElevationSVG: color = device.device_role.color link = drawing.add( drawing.a( - href=reverse('dcim:device', kwargs={'pk': device.pk}), + href='{}{}'.format(self.base_url, reverse('dcim:device', kwargs={'pk': device.pk})), target='_top', fill='black' ) @@ -81,7 +86,7 @@ class RackElevationSVG: # Embed front device type image if one exists if self.include_images and device.device_type.front_image: - url = device.device_type.front_image.url + url = '{}{}'.format(self.base_url, device.device_type.front_image.url) image = drawing.image(href=url, insert=start, size=end, class_='device-image') image.fit(scale='slice') link.add(image) diff --git a/netbox/dcim/models/__init__.py b/netbox/dcim/models/__init__.py index 63a320c78..f8a15ced9 100644 --- a/netbox/dcim/models/__init__.py +++ b/netbox/dcim/models/__init__.py @@ -682,7 +682,8 @@ class Rack(ChangeLoggedModel, CustomFieldModel): unit_width=RACK_ELEVATION_UNIT_WIDTH_DEFAULT, unit_height=RACK_ELEVATION_UNIT_HEIGHT_DEFAULT, legend_width=RACK_ELEVATION_LEGEND_WIDTH_DEFAULT, - include_images=True + include_images=True, + base_url=None ): """ Return an SVG of the rack elevation @@ -693,8 +694,9 @@ class Rack(ChangeLoggedModel, CustomFieldModel): height of the elevation :param legend_width: Width of the unit legend, in pixels :param include_images: Embed front/rear device images where available + :param base_url: Base URL for links and images. If none, URLs will be relative. """ - elevation = RackElevationSVG(self, include_images=include_images) + elevation = RackElevationSVG(self, include_images=include_images, base_url=base_url) return elevation.render(face, unit_width, unit_height, legend_width) From 630788731eede86f930d5295b24ca28ec4042484 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 3 Apr 2020 13:44:41 -0400 Subject: [PATCH 08/12] Closes #4448: Allow connecting cables between two circuit terminations --- docs/release-notes/version-2.7.md | 1 + netbox/dcim/constants.py | 2 +- netbox/templates/circuits/inc/circuit_termination.html | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/release-notes/version-2.7.md b/docs/release-notes/version-2.7.md index 251b063ae..78afbf06d 100644 --- a/docs/release-notes/version-2.7.md +++ b/docs/release-notes/version-2.7.md @@ -6,6 +6,7 @@ * [#3676](https://github.com/netbox-community/netbox/issues/3676) - Reference VRF by name rather than RD during IP/prefix import * [#4147](https://github.com/netbox-community/netbox/issues/4147) - Use absolute URLs in rack elevation SVG renderings +* [#4448](https://github.com/netbox-community/netbox/issues/4448) - Allow connecting cables between two circuit terminations ### Bug Fixes diff --git a/netbox/dcim/constants.py b/netbox/dcim/constants.py index 78a418283..f938b6f14 100644 --- a/netbox/dcim/constants.py +++ b/netbox/dcim/constants.py @@ -92,5 +92,5 @@ COMPATIBLE_TERMINATION_TYPES = { 'interface': ['interface', 'circuittermination', 'frontport', 'rearport'], 'frontport': ['consoleport', 'consoleserverport', 'interface', 'frontport', 'rearport', 'circuittermination'], 'rearport': ['consoleport', 'consoleserverport', 'interface', 'frontport', 'rearport', 'circuittermination'], - 'circuittermination': ['interface', 'frontport', 'rearport'], + 'circuittermination': ['interface', 'frontport', 'rearport', 'circuittermination'], } diff --git a/netbox/templates/circuits/inc/circuit_termination.html b/netbox/templates/circuits/inc/circuit_termination.html index 970f48f21..8db715711 100644 --- a/netbox/templates/circuits/inc/circuit_termination.html +++ b/netbox/templates/circuits/inc/circuit_termination.html @@ -66,6 +66,7 @@
  • Interface
  • Front Port
  • Rear Port
    • +
  • Circuit Termination
    • From 1ffbeba181028da871e31b65c503141e01a7ef8f Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 3 Apr 2020 13:47:58 -0400 Subject: [PATCH 09/12] #4439: Fix null integer field display --- netbox/templates/inc/custom_fields_panel.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/templates/inc/custom_fields_panel.html b/netbox/templates/inc/custom_fields_panel.html index 4f9b033b6..8c1872273 100644 --- a/netbox/templates/inc/custom_fields_panel.html +++ b/netbox/templates/inc/custom_fields_panel.html @@ -15,7 +15,7 @@ {% elif field.type == 'url' and value %} {{ value|truncatechars:70 }} - {% elif value %} + {% elif value is not None %} {{ value }} {% elif field.required %} Not defined From af405a8ab2b3d1e9ca5e1e2f72e1f0afc133395c Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 3 Apr 2020 15:35:45 -0400 Subject: [PATCH 10/12] Closes #4391: Extend installation docs to include enabling SSL --- docs/installation/4-http-daemon.md | 44 ++++++++++++++++++++++-------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/docs/installation/4-http-daemon.md b/docs/installation/4-http-daemon.md index 4ab28dca7..29912f66c 100644 --- a/docs/installation/4-http-daemon.md +++ b/docs/installation/4-http-daemon.md @@ -5,6 +5,18 @@ We'll set up a simple WSGI front end using [gunicorn](http://gunicorn.org/) for !!! info For the sake of brevity, only Ubuntu 18.04 instructions are provided here, but this sort of web server and WSGI configuration is not unique to NetBox. Please consult your distribution's documentation for assistance if needed. +## Obtain an SSL Certificate + +To enable HTTPS access to NetBox, you'll need a valid SSL certificate. You can purchase one from a trusted commercial provider, obtain one for free from [Let's Encrypt](https://letsencrypt.org/getting-started/), or generate your own (although self-signed certificates are generally untrusted). Both the public certificate and private key files need to be installed on your NetBox server in a location that is readable by the `netbox` user. + +The command below can be used to generate a self-signed certificate for testing purposes, however it is strongly recommended to use a certificate from a trusted authority in production. Two files will be created: the public certificate (`netbox.crt`) and the private key (`netbox.key`). The certificate is published to the world, whereas the private key must be kept secret at all times. + +```no-highlight +# openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ +-keyout /etc/ssl/private/netbox.key \ +-out /etc/ssl/certs/netbox.crt +``` + ## HTTP Daemon Installation ### Option A: nginx @@ -19,10 +31,13 @@ Once nginx is installed, save the following configuration to `/etc/nginx/sites-a ```nginx server { - listen 80; + listen 443 ssl; server_name netbox.example.com; + ssl_certificate /etc/ssl/certs/netbox.crt; + ssl_certificate_key /etc/ssl/private/netbox.key; + client_max_body_size 25m; location /static/ { @@ -36,6 +51,14 @@ server { proxy_set_header X-Forwarded-Proto $scheme; } } + +server { + # Redirect HTTP traffic to HTTPS + listen 80; + server_name _; + return 301 https://$host$request_uri; +} + ``` Then, delete `/etc/nginx/sites-enabled/default` and create a symlink in the `sites-enabled` directory to the configuration file you just created. @@ -52,8 +75,6 @@ Restart the nginx service to use the new configuration. # service nginx restart ``` -To enable SSL, consider this guide on [securing nginx with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04). - ### Option B: Apache ```no-highlight @@ -63,15 +84,16 @@ To enable SSL, consider this guide on [securing nginx with Let's Encrypt](https: Once Apache is installed, proceed with the following configuration (Be sure to modify the `ServerName` appropriately): ```apache - + ProxyPreserveHost On ServerName netbox.example.com - Alias /static /opt/netbox/netbox/static + SSLEngine on + SSLCertificateFile /etc/ssl/certs/netbox.crt + SSLCertificateKeyFile /etc/ssl/private/netbox.key - # Needed to allow token-based API authentication - WSGIPassAuthorization on + Alias /static /opt/netbox/netbox/static Options Indexes FollowSymLinks MultiViews @@ -89,12 +111,12 @@ Once Apache is installed, proceed with the following configuration (Be sure to m ``` -Save the contents of the above example in `/etc/apache2/sites-available/netbox.conf`, enable the `proxy` and `proxy_http` modules, and reload Apache: +Save the contents of the above example in `/etc/apache2/sites-available/netbox.conf`. + +Finally, ensure that the required Apache modules are enabled, enable the `netbox` site and reload Apache: ```no-highlight -# a2enmod proxy -# a2enmod proxy_http -# a2enmod headers +# a2enmod ssl proxy proxy_http headers # a2ensite netbox # service apache2 restart ``` From ad08935c57977109b4ae7908cd95941033357b1e Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 3 Apr 2020 15:46:48 -0400 Subject: [PATCH 11/12] Move nginx/Apache configs to discrete files --- contrib/apache.conf | 26 +++++++++++ contrib/nginx.conf | 29 ++++++++++++ docs/installation/4-http-daemon.md | 74 ++++-------------------------- 3 files changed, 65 insertions(+), 64 deletions(-) create mode 100644 contrib/apache.conf create mode 100644 contrib/nginx.conf diff --git a/contrib/apache.conf b/contrib/apache.conf new file mode 100644 index 000000000..1804e380d --- /dev/null +++ b/contrib/apache.conf @@ -0,0 +1,26 @@ + + ProxyPreserveHost On + + # CHANGE THIS TO YOUR SERVER'S NAME + ServerName netbox.example.com + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/netbox.crt + SSLCertificateKeyFile /etc/ssl/private/netbox.key + + Alias /static /opt/netbox/netbox/static + + + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Require all granted + + + + ProxyPass ! + + + RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} + ProxyPass / http://127.0.0.1:8001/ + ProxyPassReverse / http://127.0.0.1:8001/ + diff --git a/contrib/nginx.conf b/contrib/nginx.conf new file mode 100644 index 000000000..1230f3ce4 --- /dev/null +++ b/contrib/nginx.conf @@ -0,0 +1,29 @@ +server { + listen 443 ssl; + + # CHANGE THIS TO YOUR SERVER'S NAME + server_name netbox.example.com; + + ssl_certificate /etc/ssl/certs/netbox.crt; + ssl_certificate_key /etc/ssl/private/netbox.key; + + client_max_body_size 25m; + + location /static/ { + alias /opt/netbox/netbox/static/; + } + + location / { + proxy_pass http://127.0.0.1:8001; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +server { + # Redirect HTTP traffic to HTTPS + listen 80; + server_name _; + return 301 https://$host$request_uri; +} diff --git a/docs/installation/4-http-daemon.md b/docs/installation/4-http-daemon.md index 29912f66c..d9190e39f 100644 --- a/docs/installation/4-http-daemon.md +++ b/docs/installation/4-http-daemon.md @@ -27,38 +27,10 @@ The following will serve as a minimal nginx configuration. Be sure to modify you # apt-get install -y nginx ``` -Once nginx is installed, save the following configuration to `/etc/nginx/sites-available/netbox`. Be sure to replace `netbox.example.com` with the domain name or IP address of your installation. (This should match the value configured for `ALLOWED_HOSTS` in `configuration.py`.) - -```nginx -server { - listen 443 ssl; - - server_name netbox.example.com; - - ssl_certificate /etc/ssl/certs/netbox.crt; - ssl_certificate_key /etc/ssl/private/netbox.key; - - client_max_body_size 25m; - - location /static/ { - alias /opt/netbox/netbox/static/; - } - - location / { - proxy_pass http://127.0.0.1:8001; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - } -} - -server { - # Redirect HTTP traffic to HTTPS - listen 80; - server_name _; - return 301 https://$host$request_uri; -} +Once nginx is installed, copy the default nginx configuration file to `/etc/nginx/sites-available/netbox`. Be sure to replace `netbox.example.com` with the domain name or IP address of your installation. (This should match the value configured for `ALLOWED_HOSTS` in `configuration.py`.) +```no-highlight +# cp /opt/netbox/contrib/nginx.conf /etc/nginx/sites-available/netbox ``` Then, delete `/etc/nginx/sites-enabled/default` and create a symlink in the `sites-enabled` directory to the configuration file you just created. @@ -69,7 +41,7 @@ Then, delete `/etc/nginx/sites-enabled/default` and create a symlink in the `sit # ln -s /etc/nginx/sites-available/netbox ``` -Restart the nginx service to use the new configuration. +Finally, restart the `nginx` service to use the new configuration. ```no-highlight # service nginx restart @@ -77,43 +49,19 @@ Restart the nginx service to use the new configuration. ### Option B: Apache +Begin by installing Apache: + ```no-highlight # apt-get install -y apache2 libapache2-mod-wsgi-py3 ``` -Once Apache is installed, proceed with the following configuration (Be sure to modify the `ServerName` appropriately): +Next, copy the default configuration file to `/etc/apache2/sites-available/`. Be sure to modify the `ServerName` parameter appropriately. -```apache - - ProxyPreserveHost On - - ServerName netbox.example.com - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/netbox.crt - SSLCertificateKeyFile /etc/ssl/private/netbox.key - - Alias /static /opt/netbox/netbox/static - - - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Require all granted - - - - ProxyPass ! - - - RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} - ProxyPass / http://127.0.0.1:8001/ - ProxyPassReverse / http://127.0.0.1:8001/ - +```no-highlight +# cp /opt/netbox/contrib/apache.conf /etc/apache2/sites-available/netbox.conf ``` -Save the contents of the above example in `/etc/apache2/sites-available/netbox.conf`. - -Finally, ensure that the required Apache modules are enabled, enable the `netbox` site and reload Apache: +Finally, ensure that the required Apache modules are enabled, enable the `netbox` site, and reload Apache: ```no-highlight # a2enmod ssl proxy proxy_http headers @@ -121,8 +69,6 @@ Finally, ensure that the required Apache modules are enabled, enable the `netbox # service apache2 restart ``` -To enable SSL, consider this guide on [securing Apache with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04). - !!! note Certain components of NetBox (such as the display of rack elevation diagrams) rely on the use of embedded objects. Ensure that your HTTP server configuration does not override the `X-Frame-Options` response header set by NetBox. From 5f6b63e978426bced60cd82bbda26b27f3522c92 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 3 Apr 2020 16:03:50 -0400 Subject: [PATCH 12/12] Remove extraneous package from Apache installation instructions --- docs/installation/4-http-daemon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/installation/4-http-daemon.md b/docs/installation/4-http-daemon.md index d9190e39f..9124354cf 100644 --- a/docs/installation/4-http-daemon.md +++ b/docs/installation/4-http-daemon.md @@ -52,7 +52,7 @@ Finally, restart the `nginx` service to use the new configuration. Begin by installing Apache: ```no-highlight -# apt-get install -y apache2 libapache2-mod-wsgi-py3 +# apt-get install -y apache2 ``` Next, copy the default configuration file to `/etc/apache2/sites-available/`. Be sure to modify the `ServerName` parameter appropriately.