diff --git a/contrib/uwsgi/netbox.service b/contrib/uwsgi/netbox.service new file mode 100644 index 000000000..161a97e1b --- /dev/null +++ b/contrib/uwsgi/netbox.service @@ -0,0 +1,22 @@ +[Unit] +Description=NetBox WSGI Service +Documentation=https://docs.netbox.dev/ +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple + +User=netbox +Group=netbox +PIDFile=/var/tmp/netbox.pid +WorkingDirectory=/opt/netbox + +ExecStart=/opt/netbox/venv/bin/uwsgi --ini /opt/netbox/uwsgi.ini + +Restart=on-failure +RestartSec=30 +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/contrib/uwsgi/nginx.conf b/contrib/uwsgi/nginx.conf new file mode 100644 index 000000000..ad8ee9e31 --- /dev/null +++ b/contrib/uwsgi/nginx.conf @@ -0,0 +1,31 @@ +server { + listen [::]:443 ssl ipv6only=off; + + # CHANGE THIS TO YOUR SERVER'S NAME + server_name netbox.example.com; + + ssl_certificate /etc/ssl/certs/netbox.crt; + ssl_certificate_key /etc/ssl/private/netbox.key; + + client_max_body_size 25m; + + location /static/ { + alias /opt/netbox/netbox/static/; + } + + location / { + include uwsgi_params; + uwsgi_pass 127.0.0.1:8001; + uwsgi_param Host $host; + uwsgi_param X-Real-IP $remote_addr; + uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for; + uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto; + } +} + +server { + # Redirect HTTP traffic to HTTPS + listen [::]:80 ipv6only=off; + server_name _; + return 301 https://$host$request_uri; +} diff --git a/contrib/uwsgi/uwsgi.ini b/contrib/uwsgi/uwsgi.ini new file mode 100644 index 000000000..d64803158 --- /dev/null +++ b/contrib/uwsgi/uwsgi.ini @@ -0,0 +1,18 @@ +[uwsgi] +; bind to the specified UNIX/TCP socket and port (usually localhost) +socket = 127.0.0.1:8001 + +; fail to start if any parameter in the configuration file isn’t explicitly understood by uWSGI. +strict = true + +; re-spawn and pre-fork workers +master = true + +; clear environment on exit +vacuum = true + +; exit if no app can be loaded +need-app = true + +; do not use multiple interpreters +single-interpreter = true diff --git a/docs/installation/uwsgi.md b/docs/installation/uwsgi.md index d4ab8780e..1f1115d0d 100644 --- a/docs/installation/uwsgi.md +++ b/docs/installation/uwsgi.md @@ -19,23 +19,24 @@ sudo sh -c "echo 'pyuwgsi' >> /opt/netbox/local_requirements.txt" ## Configuration -NetBox ships with a default configuration file for uWSGI. To use it, copy `/opt/netbox/contrib/uwsgi.ini` to `/opt/netbox/uwsgi.ini`. (We make a copy of this file rather than pointing to it directly to ensure that any local changes to it do not get overwritten by a future upgrade.) +NetBox ships with a default configuration file for uWSGI. To use it, copy `/opt/netbox/contrib/uwsgi/uwsgi.ini` to `/opt/netbox/uwsgi.ini`. (We make a copy of this file rather than pointing to it directly to ensure that any local changes to it do not get overwritten by a future upgrade.) ```no-highlight -sudo cp /opt/netbox/contrib/uwsgi.ini /opt/netbox/uwsgi.ini +sudo cp /opt/netbox/contrib/uwsgi/uwsgi.ini /opt/netbox/uwsgi.ini ``` While the provided configuration should suffice for most initial installations, you may wish to edit this file to change the bound IP address and/or port number, or to make performance-related adjustments. See [the uWSGI documentation](https://uwsgi-docs-additions.readthedocs.io/en/latest/Options.html) for the available configuration parameters and check the [Things to know](https://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html) page in the uWSGI documentation. Django also provides [additional documentation](https://docs.djangoproject.com/en/5.0/howto/deployment/wsgi/uwsgi/) on configuring uWSGI with a Django app. ## systemd Setup -We'll use systemd to control both uWSGI and NetBox's background worker process. First, copy `contrib/netbox.service` and `contrib/netbox-rq.service` to the `/etc/systemd/system/` directory and reload the systemd daemon. +We'll use systemd to control both uWSGI and NetBox's background worker process. First, copy `contrib/uwsgi/netbox.service` and `contrib/netbox-rq.service` to the `/etc/systemd/system/` directory and reload the systemd daemon. !!! warning "Check user & group assignment" The stock service configuration files packaged with NetBox assume that the service will run with the `netbox` user and group names. If these differ on your installation, be sure to update the service files accordingly. ```no-highlight -sudo cp -v /opt/netbox/contrib/*.service /etc/systemd/system/ +sudo cp -v /opt/netbox/contrib/netbox-rq.service /etc/systemd/system/ +sudo cp -v /opt/netbox/contrib/uwsgi/netbox.service /etc/systemd/system/ sudo systemctl daemon-reload ``` @@ -71,3 +72,13 @@ You should see output similar to the following: If the NetBox service fails to start, issue the command `journalctl -eu netbox` to check for log messages that may indicate the problem. Once you've verified that the WSGI workers are up and running, move on to HTTP server setup. + +## HTTP Server Installation + +For server installation, you will want to follow the NetBox [HTTP Server Setup](5-http-server.md) guide, however when copying the configuration file, instead of the default one for gunicorn you will want to use the provided uWSGI one: + +Once nginx is installed, copy the nginx configuration file provided by NetBox to `/etc/nginx/sites-available/netbox`. Be sure to replace `netbox.example.com` with the domain name or IP address of your installation. (This should match the value configured for `ALLOWED_HOSTS` in `configuration.py`.) + +```no-highlight +sudo cp /opt/netbox/contrib/uwsgi/nginx.conf /etc/nginx/sites-available/netbox +```