starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Broken API and Rack Elevations links - multiple reverse proxy #3945

New Issue
Closed
opened 2025-12-29 18:32:12 +01:00 by adam · 7 comments
adam commented 2025-12-29 18:32:12 +01:00
Owner
Copy Link

Originally created by @Dzordzu on GitHub (Aug 5, 2020).

Environment

  • Python version: 3.7.8 (as in dockerized version of netbox)
  • NetBox version: v2.8.8

Steps to Reproduce

  1. Get your netbox behind reverse proxy (ex. use dockerized Netbox (v 0.24.1) + nginx)
  2. Populate devices in racks
  3. Try to follow any link in a generated Rack Elevations (svg) image

Nginx config

To be sure - config seems to be correct

server {
   listen 80;
   server_name netbox.example.com;

   client_max_body_size 25m;
   add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';

   location / {
       proxy_pass http://127.0.0.1:8080;
       proxy_set_header X-Forwarded-Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-Proto $scheme;
   }

Expected Behavior

SVG uses relative path, import absolute path from django config ex. https://netbox.example.com/dcim/devices/2

Observed Behavior

Instead of redirecting to ex. https://netbox.example.com/dcim/devices/2 we've got http://localhost:8080/dcim/devices/2

Possible causes

https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.get_host

Originally created by @Dzordzu on GitHub (Aug 5, 2020). ### Environment * Python version: 3.7.8 (as in dockerized version of netbox) * NetBox version: v2.8.8 ### Steps to Reproduce 1. Get your netbox behind reverse proxy (ex. use dockerized Netbox (v 0.24.1) + nginx) 2. Populate devices in racks 3. Try to follow any link in a generated Rack Elevations (svg) image ### Nginx config To be sure - config seems to be correct ```nginx server { listen 80; server_name netbox.example.com; client_max_body_size 25m; add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"'; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; } ``` ### Expected Behavior SVG uses relative path, import absolute path from django config ex. `https://netbox.example.com/dcim/devices/2` ### Observed Behavior Instead of redirecting to ex. `https://netbox.example.com/dcim/devices/2` we've got `http://localhost:8080/dcim/devices/2` ### Possible causes https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.get_host
adam closed this issue 2025-12-29 18:32:12 +01:00
adam commented 2025-12-29 18:32:13 +01:00
Author
Owner
Copy Link

@Dzordzu commented on GitHub (Aug 5, 2020):

It's also an API issue

@Dzordzu commented on GitHub (Aug 5, 2020): It's also an API issue
adam commented 2025-12-29 18:32:13 +01:00
Author
Owner
Copy Link

@Dzordzu commented on GitHub (Aug 5, 2020):

Also I know about existence of the #4526

@Dzordzu commented on GitHub (Aug 5, 2020): Also I know about existence of the #4526
adam commented 2025-12-29 18:32:13 +01:00
Author
Owner
Copy Link

@drmsoffall commented on GitHub (Aug 5, 2020):

I don't think this is a bug, but a configuration issue. I suggest you check out the netbox-discuss mailing list for these kinds of questions.

Specifically, try this thread: https://groups.google.com/d/topic/netbox-discuss/r0KNv3oCatI/discussion

@drmsoffall commented on GitHub (Aug 5, 2020): I don't think this is a bug, but a configuration issue. I suggest you check out the [netbox-discuss mailing list](https://groups.google.com/forum/#!forum/netbox-discuss) for these kinds of questions. Specifically, try this thread: https://groups.google.com/d/topic/netbox-discuss/r0KNv3oCatI/discussion
adam commented 2025-12-29 18:32:13 +01:00
Author
Owner
Copy Link

@Dzordzu commented on GitHub (Aug 5, 2020):

The point is that it's a bug. Suppose you have the following architecture:

proxy1 -> proxy2 -> host with netbox

If you've got an access only to the last one, and proxy2 passes it's own config, then you are in a big trouble. The good thing would be adding a simple variable to the configuration.py that would force netbox/django to use other header from request / variable from the configuration.

One possible solution could be using middleware as described in a note

@Dzordzu commented on GitHub (Aug 5, 2020): The point is that it's a bug. Suppose you have the following architecture: ``` proxy1 -> proxy2 -> host with netbox ``` If you've got an access only to the last one, and proxy2 passes it's own config, then you are in a big trouble. The good thing would be adding a simple variable to the `configuration.py` that would force netbox/django to use other header from request / variable from the configuration. One possible solution could be using middleware as described in a [note](https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.get_host)
adam commented 2025-12-29 18:32:13 +01:00
Author
Owner
Copy Link

@lampwins commented on GitHub (Aug 10, 2020):

As pointed out in several previous issues, this problem can be solved with HTTP server configuration. Specifically, in this case, it appears proxy1 and/or proxy2 are not injecting the X-Forwarded-Host header. You can work around this by setting the header in your nginx config to whatever hostname value you want.

@lampwins commented on GitHub (Aug 10, 2020): As pointed out in several previous issues, this problem can be solved with HTTP server configuration. Specifically, in this case, it appears proxy1 and/or proxy2 are not injecting the X-Forwarded-Host header. You can work around this by setting the header in your nginx config to whatever hostname value you want.
adam commented 2025-12-29 18:32:13 +01:00
Author
Owner
Copy Link

@Dzordzu commented on GitHub (Aug 18, 2020):

@lampwins As I stated, My configuration is done in a proper way. They ARE injecting X-Forwarded-Host. The issue appears, when both hosts are sending header (it's a django issue)

@Dzordzu commented on GitHub (Aug 18, 2020): @lampwins As I stated, My configuration is done in a proper way. They ARE injecting X-Forwarded-Host. The issue appears, when both hosts are sending header (it's a django issue)
adam commented 2025-12-29 18:32:13 +01:00
Author
Owner
Copy Link

@Dzordzu commented on GitHub (Aug 18, 2020):

It should be reopened

@Dzordzu commented on GitHub (Aug 18, 2020): It should be reopened
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#3945
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?