NetBox: Difference between revisions
imported>Vater |
m Acme to ACME link |
||
(7 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
[https://netbox.dev/ {{PAGENAME}}] | [https://netbox.dev/ {{PAGENAME}}] is available as a [[module]]. | ||
== | == Setup == | ||
=== | === Setup Secret Key === | ||
Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [https://docs.netbox.dev/en/stable/configuration/required-parameters/#secret_key]. | |||
You should '''NOT''' share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
mkdir -p /var/lib/netbox/ | |||
nix-shell -p openssl | |||
openssl rand -hex 50 > /var/lib/netbox/secret-key-file | |||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Configuration === | |||
==== Basic Configuration ==== | |||
The module will automatically set up a Redis instance and a PostgreSQL database.<syntaxhighlight lang="nix"> | |||
{ config, ... }: { | |||
networking.firewall.allowedTCPPorts = [ | networking.firewall.allowedTCPPorts = [ 80 ]; | ||
services.netbox = { | |||
enable = true; | |||
secretKeyFile = "/var/lib/netbox/secret-key-file"; | |||
}; | |||
services.nginx = { | |||
enable = true; | |||
user = "netbox"; # otherwise nginx cant access netbox files | |||
recommendedProxySettings = true; # otherwise you will get CSRF error while login | |||
virtualHosts.<name> = { | |||
locations = { | |||
"/" = { | |||
proxyPass = "http://[::1]:8001"; | |||
# proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}"; | |||
}; | |||
"/static/" = { alias = "${config.services.netbox.dataDir}/static/"; }; | |||
# | |||
# | |||
# | |||
}; | }; | ||
}; | }; | ||
}; | }; | ||
} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
==== With Transport encryption ==== | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
{ config, ... }: { | |||
networking.firewall.allowedTCPPorts = [ 80 443 ]; | |||
== | services.netbox = { | ||
enable = true; | |||
secretKeyFile = "/var/lib/netbox/secret-key-file"; | |||
}; | |||
services.nginx = { | |||
enable = true; | |||
forceSSL = true; | |||
user = "netbox"; # otherwise nginx cant access netbox files | |||
recommendedProxySettings = true; # otherwise you will get CSRF error while login | |||
recommendedTlsSettings = true; | |||
enableACME = true; | |||
virtualHosts.<name> = { | |||
locations = { | |||
"/" = { | |||
proxyPass = "http://[::1]:8001"; | |||
# proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}"; | |||
}; | |||
"/static/" = { alias = "${config.services.netbox.dataDir}/static/"; }; | |||
}; | |||
}; | |||
}; | |||
== | security.acme = { | ||
[ ... ] | |||
acceptTerms = true; | |||
}; | |||
} | |||
< | </syntaxhighlight>For more acme settings and further instruction, please look here [[ACME]]. | ||
For more nginx settings and further instruction, please look here [[Nginx|Nginx.]] | |||
=== | === Setup Superuser === | ||
There will be no user after the installation, so you need to register one manually. | |||
To do this, run: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
$ netbox-manage createsuperuser | |||
- | |||
Username (leave blank to use 'netbox'): | Username (leave blank to use 'netbox'): | ||
Email address: | Email address: | ||
Password: | Password: | ||
Password (again): | Password (again): | ||
Superuser created successfully. | Superuser created successfully. | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== | You can now log in with the given credentials. | ||
=== Troubleshooting === | |||
==== CSRF aborted message at login ==== | |||
If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser. | |||
It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure. | |||
== Documentation == | |||
: | * https://netbox.dev/ | ||
: | ** https://docs.netbox.dev/ | ||
[[Category:Guide]] | [[Category:Guide]] | ||
[[Category:Applications]] | [[Category:Applications]] |
Latest revision as of 19:47, 25 June 2024
NetBox is available as a module.
Setup
Setup Secret Key
Netbox uses a secret key to derive new hashes for passwords and HTTP cookies [1].
You should NOT share this key outside the configuration (i.e. in /nix/store) and it must be at least 50 characters long:
mkdir -p /var/lib/netbox/
nix-shell -p openssl
openssl rand -hex 50 > /var/lib/netbox/secret-key-file
Configuration
Basic Configuration
The module will automatically set up a Redis instance and a PostgreSQL database.
{ config, ... }: {
networking.firewall.allowedTCPPorts = [ 80 ];
services.netbox = {
enable = true;
secretKeyFile = "/var/lib/netbox/secret-key-file";
};
services.nginx = {
enable = true;
user = "netbox"; # otherwise nginx cant access netbox files
recommendedProxySettings = true; # otherwise you will get CSRF error while login
virtualHosts.<name> = {
locations = {
"/" = {
proxyPass = "http://[::1]:8001";
# proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
};
"/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
};
};
};
}
With Transport encryption
{ config, ... }: {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.netbox = {
enable = true;
secretKeyFile = "/var/lib/netbox/secret-key-file";
};
services.nginx = {
enable = true;
forceSSL = true;
user = "netbox"; # otherwise nginx cant access netbox files
recommendedProxySettings = true; # otherwise you will get CSRF error while login
recommendedTlsSettings = true;
enableACME = true;
virtualHosts.<name> = {
locations = {
"/" = {
proxyPass = "http://[::1]:8001";
# proxyPass = "http://${config.services.netbox.listenAddress}:${config.services.netbox.port}";
};
"/static/" = { alias = "${config.services.netbox.dataDir}/static/"; };
};
};
};
security.acme = {
[ ... ]
acceptTerms = true;
};
}
For more acme settings and further instruction, please look here ACME.
For more nginx settings and further instruction, please look here Nginx.
Setup Superuser
There will be no user after the installation, so you need to register one manually.
To do this, run:
$ netbox-manage createsuperuser
Username (leave blank to use 'netbox'):
Email address:
Password:
Password (again):
Superuser created successfully.
You can now log in with the given credentials.
Troubleshooting
CSRF aborted message at login
If you still get an CSRF aborted message while trying to log in after doing everything above, please try to use another browser.
It could be these problem https://stackoverflow.com/questions/11516635/django-does-not-send-csrf-token-again-after-browser-cookies-has-been-cleared but I'm not sure.