starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

CentOS7 install doc is not complete. #1568

New Issue
Closed
opened 2025-12-29 16:33:03 +01:00 by adam · 5 comments
adam commented 2025-12-29 16:33:03 +01:00
Owner
Copy Link

Originally created by @johhenrik on GitHub (Feb 23, 2018).

Issue type

[ ] Feature request
[ ] Bug report
[ x] Documentation

Environment

  • Python version: 3.4.5
  • NetBox version: 2.2.10

Description

There's some things missing from the Install documentation regarding CentOS. I have created some notes here to fill in the gaps. This is for CentOS 7.4.1708.

First, I think it would be good to mention in the beginning that Firewalld and SELinux will block access to netbox unless they are configured correctly. I have not bothered with that, but just thought I could add some instructions to turn them off. It could be good to know. If one runs SELinux and FIrewalld actively, I am sure they know how set them up.

Firewalld:

Turn off firewalld:

(stop firewall/iptables)
$ sudo systemctl stop firewalld

(Disable it, so it don't start up after reboot)
$ sudo systemctl disable firewalld

SELinux:

To check if SELinux is running

$ sudo sestatus  
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Above is an example output. To turn it off, edit /etc/selinux/config and change SELINUX=enforcing/permissive to disabled and reboot the server.

# This file controls the state of SELinux on the system.                                                                               
# SELINUX= can take one of these three values:                                                                                         
#     enforcing - SELinux security policy is enforced.                                                                                 
#     permissive - SELinux prints warnings instead of enforcing.                                                                       
#     disabled - No SELinux policy is loaded.                                                                                          
SELINUX=disabled

nginx

Install nginx on centos

$ sudo yum install -y nginx
$ cd /etc/nginx/conf.d/ 
$ sudo cat > netbox.conf <<EOF
server {
    listen 80;

    server_name netbox.example.com;

    client_max_body_size 25m;

    location /static/ {
        alias /opt/netbox/netbox/static/;
    }

    location / {
        proxy_pass http://127.0.0.1:8001;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
    }
}
EOF

Next you must comment out the default part in nginx cofing.

$ cd /etc/nginx/
$ vi nginx.conf

#    server {                                                                                                                          
#        listen       80 default_server;                                                                                               
#        listen       [::]:80 default_server;                                                                                          
#        server_name  _;                                                                                                               
#        root         /usr/share/nginx/html;                                                                                           

       # Load configuration files for the default server block.                                                                       

#        include /etc/nginx/default.d/*.conf;                                                                                          

#        location / {                                                                                                                  
#        }                                                                                                                             

#        error_page 404 /404.html;                                                                                                     
#            location = /40x.html {                                                                                                    
#        }                                                                                                                             

#        error_page 500 502 503 504 /50x.html;                                                                                         
#            location = /50x.html {                                                                                                    
#        }                                                                                                                             
#    }

Lastly for nginx, enable it to start after reboot and start it up now:

$ systemctl start nginx
$ systemctl enable nginx

Gunicorn (with nginx)

$ cd /opt/netbox
$ sudo cat > gunicorn_config.py <<EOF
command = '/bin/gunicorn'
pythonpath = '/opt/netbox/netbox'
bind = '127.0.0.1:8001'
workers = 3
user = 'nginx'
EOF

Supervisord (with nginx)

$ sudo yum install -y supervisor

$ cd /etc/supervisord.d/
$ cat > netbox.ini <<EOF
[program:netbox]
command = gunicorn -c /opt/netbox/gunicorn_config.py netbox.wsgi
directory = /opt/netbox/netbox/
user = nginx
EOF

$ sudo systemctl start supervisord
$ sudo systemctl enable supervisord
Originally created by @johhenrik on GitHub (Feb 23, 2018). <!-- Before opening a new issue, please search through the existing issues to see if your topic has already been addressed. Note that you may need to remove the "is:open" filter from the search bar to include closed issues. Check the appropriate type for your issue below by placing an x between the brackets. For assistance with installation issues, or for any other issues other than those listed below, please raise your topic for discussion on our mailing list: https://groups.google.com/forum/#!forum/netbox-discuss Please note that issues which do not fall under any of the below categories will be closed. Due to an excessive backlog of feature requests, we are not currently accepting any proposals which extend NetBox's feature scope. Do not prepend any sort of tag to your issue's title. An administrator will review your issue and assign labels as appropriate. ---> ### Issue type [ ] Feature request <!-- An enhancement of existing functionality --> [ ] Bug report <!-- Unexpected or erroneous behavior --> [ x] Documentation <!-- A modification to the documentation --> <!-- Please describe the environment in which you are running NetBox. (Be sure to verify that you are running the latest stable release of NetBox before submitting a bug report.) If you are submitting a bug report and have made any changes to the code base, please first validate that your bug can be recreated while running an official release. --> ### Environment * Python version: 3.4.5 * NetBox version: 2.2.10 <!-- BUG REPORTS must include: * A list of the steps needed for someone else to reproduce the bug * A description of the expected and observed behavior * Any relevant error messages (screenshots may also help) FEATURE REQUESTS must include: * A detailed description of the proposed functionality * A use case for the new feature * A rough description of any necessary changes to the database schema * Any relevant third-party libraries which would be needed --> ### Description There's some things missing from the Install documentation regarding CentOS. I have created some notes here to fill in the gaps. This is for CentOS 7.4.1708. First, I think it would be good to mention in the beginning that Firewalld and SELinux will block access to netbox unless they are configured correctly. I have not bothered with that, but just thought I could add some instructions to turn them off. It could be good to know. If one runs SELinux and FIrewalld actively, I am sure they know how set them up. ------ Firewalld: Turn off firewalld: (stop firewall/iptables) `$ sudo systemctl stop firewalld` (Disable it, so it don't start up after reboot) `$ sudo systemctl disable firewalld` -------- SELinux: To check if SELinux is running ``` $ sudo sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 ``` Above is an example output. To turn it off, edit /etc/selinux/config and change SELINUX=enforcing/permissive to disabled and reboot the server. ``` # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled ``` ------- nginx Install nginx on centos ``` $ sudo yum install -y nginx $ cd /etc/nginx/conf.d/ $ sudo cat > netbox.conf <<EOF server { listen 80; server_name netbox.example.com; client_max_body_size 25m; location /static/ { alias /opt/netbox/netbox/static/; } location / { proxy_pass http://127.0.0.1:8001; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"'; } } EOF ``` Next you must comment out the default part in nginx cofing. ``` $ cd /etc/nginx/ $ vi nginx.conf # server { # listen 80 default_server; # listen [::]:80 default_server; # server_name _; # root /usr/share/nginx/html; # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # location / { # } # error_page 404 /404.html; # location = /40x.html { # } # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } ``` Lastly for nginx, enable it to start after reboot and start it up now: ``` $ systemctl start nginx $ systemctl enable nginx ``` --------- Gunicorn (with nginx) ``` $ cd /opt/netbox $ sudo cat > gunicorn_config.py <<EOF command = '/bin/gunicorn' pythonpath = '/opt/netbox/netbox' bind = '127.0.0.1:8001' workers = 3 user = 'nginx' EOF ``` ---------- Supervisord (with nginx) ``` $ sudo yum install -y supervisor $ cd /etc/supervisord.d/ $ cat > netbox.ini <<EOF [program:netbox] command = gunicorn -c /opt/netbox/gunicorn_config.py netbox.wsgi directory = /opt/netbox/netbox/ user = nginx EOF $ sudo systemctl start supervisord $ sudo systemctl enable supervisord ```
adam closed this issue 2025-12-29 16:33:03 +01:00
adam commented 2025-12-29 16:33:04 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Feb 26, 2018):

The installation docs are intentionally kept brief to avoid increasing the maintenance burden by replicating information that's already available elsewhere. We include examples for nginx and Apache configuration only for Ubuntu because their configuration is not substantially different under CentOS.

First, I think it would be good to mention in the beginning that Firewalld and SELinux will block access to netbox unless they are configured correctly.

These are not unique to NetBox. The documentation makes no assumptions about the user's environment and we cannot blindly recommend disabling either of these. Following the docs as they currently exist will successfully install NetBox on a stock CentOS 7.4 instance.

@jeremystretch commented on GitHub (Feb 26, 2018): The installation docs are intentionally kept brief to avoid increasing the maintenance burden by replicating information that's already available elsewhere. We include examples for nginx and Apache configuration only for Ubuntu because their configuration is not substantially different under CentOS. > First, I think it would be good to mention in the beginning that Firewalld and SELinux will block access to netbox unless they are configured correctly. These are not unique to NetBox. The documentation makes no assumptions about the user's environment and we cannot blindly recommend disabling either of these. Following the docs as they currently exist will successfully install NetBox on a stock CentOS 7.4 instance.
adam commented 2025-12-29 16:33:04 +01:00
Author
Owner
Copy Link

@johhenrik commented on GitHub (Feb 26, 2018):

Ok, seems fair. I just assumed it was missing, since there were CentOS instructions all the way up to the last part, therefor I thought I should add the missing pieces. :)

@johhenrik commented on GitHub (Feb 26, 2018): Ok, seems fair. I just assumed it was missing, since there were CentOS instructions all the way up to the last part, therefor I thought I should add the missing pieces. :)
adam commented 2025-12-29 16:33:04 +01:00
Author
Owner
Copy Link

@jmutai commented on GitHub (Oct 3, 2018):

Use this complete guide to install Netbox on CentOS 7

https://computingforgeeks.com/how-to-install-netbox-on-centos-7-with-apache-and-supervisord/

@jmutai commented on GitHub (Oct 3, 2018): Use this complete guide to install Netbox on CentOS 7 https://computingforgeeks.com/how-to-install-netbox-on-centos-7-with-apache-and-supervisord/
adam commented 2025-12-29 16:33:04 +01:00
Author
Owner
Copy Link

@ghost commented on GitHub (Oct 22, 2018):

Use this complete guide to install Netbox on CentOS 7

https://computingforgeeks.com/how-to-install-netbox-on-centos-7-with-apache-and-supervisord/

great write-up

@ghost commented on GitHub (Oct 22, 2018): > Use this complete guide to install Netbox on CentOS 7 > > https://computingforgeeks.com/how-to-install-netbox-on-centos-7-with-apache-and-supervisord/ great write-up
adam commented 2025-12-29 16:33:04 +01:00
Author
Owner
Copy Link

@djtech7 commented on GitHub (Jul 24, 2019):

I was able to make some changes so netbox could run safely with selinux in enforcing mode. I choose to change the default port to 8008 to make it easier, you could also use a different policy with the default port of 8000 but I preferred using the httpd policy which has 8008.

Allow application to access DB on a remote system:
setsebool -P httpd_can_network_connect on;setsebool httpd_can_network_connect on

Change the context of files for the default location of the netbox install:
semanage fcontext -a -t httpd_sys_content_t '/opt/netbox(/.*)?';restorecon -R /opt/netbox

Now start the process in this context:
runcon -u system_u -r system_r -t httpd_t python3.6 /opt/netbox/netbox/manage.py runserver 127.0.0.1:8008 --insecure

@djtech7 commented on GitHub (Jul 24, 2019): I was able to make some changes so netbox could run safely with selinux in enforcing mode. I choose to change the default port to 8008 to make it easier, you could also use a different policy with the default port of 8000 but I preferred using the httpd policy which has 8008. Allow application to access DB on a remote system: setsebool -P httpd_can_network_connect on;setsebool httpd_can_network_connect on Change the context of files for the default location of the netbox install: semanage fcontext -a -t httpd_sys_content_t '/opt/netbox(/.*)?';restorecon -R /opt/netbox Now start the process in this context: runcon -u system_u -r system_r -t httpd_t python3.6 /opt/netbox/netbox/manage.py runserver 127.0.0.1:8008 --insecure
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#1568
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?