Difference between revisions of "Netbox"
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
	
|  (Created page with "# Migrating -https://netbox.readthedocs.io/en/stable/administration/replicating-netbox/  # Kubernetetes Options - Try and Use this - https://github.com/netbox-community/netbox...") | |||
| Line 1: | Line 1: | ||
| + | # Guides | ||
| + | - https://docs.netbox.dev/installation/6-ldap/ | ||
| + | |||
| # Migrating | # Migrating | ||
| -https://netbox.readthedocs.io/en/stable/administration/replicating-netbox/ | -https://netbox.readthedocs.io/en/stable/administration/replicating-netbox/ | ||
Latest revision as of 12:05, 20 January 2024
Guides
Migrating
-https://netbox.readthedocs.io/en/stable/administration/replicating-netbox/
Kubernetetes Options - Try and Use this
- https://github.com/netbox-community/netbox-docker/wiki/Deployment
- https://github.com/CENGN/netbox-kubernetes
- https://github.com/vishnoisuresh/netbox-kubernetes
Using Docker with LDAP
create space
git clone https://github.com/netbox-community/netbox-docker cd netbox-docker mkdir netbox-media-files && chmod -R 0777 netbox-media-files # Usually you would use volume and let that manage perms. You will want to lock this down from 0777
docker-compose.override.yml - change as needed
version: '3.4'
services:
  netbox:
    image: &NetboxImage netboxcommunity/netbox:${VERSION-latest-ldap}
    # ports:
    # - 8000:8080
    environment:
      REMOTE_AUTH_ENABLED: "true"
      REMOTE_AUTH_BACKEND: 'netbox.authentication.LDAPBackend'
      AUTH_LDAP_SERVER_URI: "ldap://ldap.example.com"
      AUTH_LDAP_BIND_DN: "CN=svc-ldap-r,OU=service,DC=example,DC=com"
      AUTH_LDAP_BIND_PASSWORD: "<my password>"
      AUTH_LDAP_USER_SEARCH_BASEDN: "ou=Employee Accounts,dc=example,dc=com"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "OU=Domain Users,DC=example,dc=com"
      AUTH_LDAP_IS_ADMIN_DN: "CN=netbox-admin,OU=security,DC=example,DC=com"
      AUTH_LDAP_IS_SUPERUSER_DN: "CN=netbox-superuser,OU=security,DC=example,DC=com"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=netbox-require-group,OU=security,DC=example,DC=com"
      LDAP_IGNORE_CERT_ERRORS: "false"
      AUTH_LDAP_MIRROR_GROUPS: "false"
      # AUTH_LDAP_FIND_GROUP_PERMS: "true"
      AUTH_LDAP_CACHE_GROUPS: "True"
      AUTH_LDAP_GROUP_CACHE_TIMEOUT: 600
      LOGIN_REQUIRED: "true"
      # AUTH_LDAP_GROUP_TYPE: "NestedGroupOfNamesType"  # This does not work in newer versions for software
      DB_NAME: netbox2  # netbox is default
    volumes:
    - ./startup_scripts:/opt/netbox/startup_scripts:z,ro
    - ./initializers:/opt/netbox/initializers:z,ro
    - ./configuration:/etc/netbox/config:z,ro
    - ./reports:/etc/netbox/reports:z,ro
    - ./scripts:/etc/netbox/scripts:z,ro
      # - netbox-media-files:/opt/netbox/netbox/media:z
    - ./netbox-media-files:/opt/netbox/netbox/media:z
  netbox-worker:
    image: *NetboxImage
Wipe netbox database or just create a new and and change name in docker-compose.overide.yml
docker exec -it cfb61805xxxx psql -U netbox -c "CREATE DATABASE netbox2" cat new-netbox.sql | docker exec -i cfb61805xxxx psql -U netbox -d netbox2
Updating
docker-compose stop docker-compose pull docker-compose up -d
Reverse Proxy Example
sudo openssl req -x509 -nodes -days 700 -newkey rsa:4096 -keyout /etc/ssl/private/netbox.example.com.key -out /etc/ssl/certs/netbox.example.com.crt -subj "/C=US/ST=Utah/L=SLC/O=Example Corp/OU=Testing/CN=netbox.example.com"
/etc/nginx/conf.d/netbox.conf
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate /etc/ssl/certs/netbox.example.com.crt;
    ssl_certificate_key /etc/ssl/private/netbox.example.com.key;
    # server_name example.com www.example.com;
    server_name _;
    # server_name netbox.extendhealth.com;
    # root /var/www/html;
    root /dev/null;
    location / {
        client_max_body_size 10m;
        proxy_pass http://192.168.x.x:8080/;  # This would be container ip or name
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        # proxy_set_header X-NginX-Proxy true;
    }
}