mirror/netbox-docker
1
0
Fork 1
mirror of https://github.com/netbox-community/netbox-docker.git synced 2026-02-07 06:24:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mirror:release
Branches Tags
mirror:release
mirror:develop
mirror:4.0.0
mirror:3.4.2
mirror:3.4.1
mirror:3.4.0
mirror:3.3.0
mirror:3.2.1
mirror:3.2.0
mirror:3.1.1
mirror:3.1.0
mirror:3.0.2
mirror:3.0.1
mirror:3.0.0
mirror:2.9.1
mirror:2.9.0
mirror:2.8.0
mirror:2.7.0
mirror:2.6.1
mirror:2.6.0
mirror:2.5.3
mirror:2.5.2
mirror:2.5.1
mirror:2.5.0
mirror:2.4.0
mirror:2.3.0
mirror:2.2.0
mirror:2.1.0
mirror:2.0.0
mirror:1.6.1
mirror:1.6.0
mirror:1.5.1
mirror:1.5.0
mirror:1.4.1
mirror:1.4.0
mirror:1.3.1
mirror:1.3.0
mirror:1.2.0
mirror:1.1.0
mirror:1.0.2
mirror:1.0.1
mirror:1.0.0
mirror:0.27.0
mirror:0.26.2
mirror:0.26.1
mirror:0.26.0
mirror:0.25.0
mirror:0.24.1
mirror:0.24.0
mirror:0.23.0
mirror:0.22.0
mirror:0.21.1
mirror:0.21.0
mirror:0.20.0
mirror:0.19.4
mirror:0.19.3
mirror:0.19.2
mirror:0.19.1
mirror:0.19.0
mirror:0.18.2
mirror:0.18.1
mirror:0.18.0
mirror:0.17.1
mirror:0.17.0
mirror:0.16.0
mirror:0.15.0
mirror:0.14.0
mirror:0.13.1
mirror:0.13.0
mirror:0.12.0
mirror:0.11.0
mirror:0.10.0
mirror:0.9.0
mirror:0.8.0
mirror:0.7.0
mirror:0.6.0
mirror:0.5.1
mirror:0.5.0
mirror:0.4.0
mirror:0.3.1
..
compare: mirror:3.2.0
Branches Tags
mirror:develop
mirror:release
mirror:4.0.0
mirror:3.4.2
mirror:3.4.1
mirror:3.4.0
mirror:3.3.0
mirror:3.2.1
mirror:3.2.0
mirror:3.1.1
mirror:3.1.0
mirror:3.0.2
mirror:3.0.1
mirror:3.0.0
mirror:2.9.1
mirror:2.9.0
mirror:2.8.0
mirror:2.7.0
mirror:2.6.1
mirror:2.6.0
mirror:2.5.3
mirror:2.5.2
mirror:2.5.1
mirror:2.5.0
mirror:2.4.0
mirror:2.3.0
mirror:2.2.0
mirror:2.1.0
mirror:2.0.0
mirror:1.6.1
mirror:1.6.0
mirror:1.5.1
mirror:1.5.0
mirror:1.4.1
mirror:1.4.0
mirror:1.3.1
mirror:1.3.0
mirror:1.2.0
mirror:1.1.0
mirror:1.0.2
mirror:1.0.1
mirror:1.0.0
mirror:0.27.0
mirror:0.26.2
mirror:0.26.1
mirror:0.26.0
mirror:0.25.0
mirror:0.24.1
mirror:0.24.0
mirror:0.23.0
mirror:0.22.0
mirror:0.21.1
mirror:0.21.0
mirror:0.20.0
mirror:0.19.4
mirror:0.19.3
mirror:0.19.2
mirror:0.19.1
mirror:0.19.0
mirror:0.18.2
mirror:0.18.1
mirror:0.18.0
mirror:0.17.1
mirror:0.17.0
mirror:0.16.0
mirror:0.15.0
mirror:0.14.0
mirror:0.13.1
mirror:0.13.0
mirror:0.12.0
mirror:0.11.0
mirror:0.10.0
mirror:0.9.0
mirror:0.8.0
mirror:0.7.0
mirror:0.6.0
mirror:0.5.1
mirror:0.5.0
mirror:0.4.0
mirror:0.3.1

No commits in common. "release" and "3.2.0" have entirely different histories.
release ... 3.2.0

24 changed files with 285 additions and 209 deletions
Show Stats Expand all files Collapse all files

9
.editorconfig-checker.json → .ecrc
View File

@ -2,12 +2,17 @@
"Verbose": false,
"Debug": false,
"IgnoreDefaults": false,
"SpacesAfterTabs": false,
"SpacesAftertabs": false,
"NoColor": false,
"Exclude": ["LICENSE", "\\.initializers", "\\.vscode"],
"Exclude": [
"LICENSE",
"\\.initializers",
"\\.vscode"
],
"AllowedContentTypes": [],
"PassedFiles": [],
"Disable": {
// set these options to true to disable specific checks
"EndOfLine": false,
"Indentation": false,
"InsertFinalNewline": false,

3
.editorconfig
View File

@ -9,6 +9,3 @@ indent_size = 2
[*.py]
indent_size = 4
[VERSION]
insert_final_newline = false

2
.flake8
View File

@ -4,4 +4,4 @@ extend-ignore = E203, W503
per-file-ignores =
configuration/*:E131,E251,E266,E302,E305,E501,E722
startup_scripts/startup_script_utils/__init__.py:F401
docker/*:E266,E722,E501
docker/*:E266,E722

12
.github/workflows/push.yml vendored
View File

@ -23,29 +23,25 @@ jobs:
packages: read
statuses: write
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v4
with:
# Full git history is needed to get a proper
# list of changed files within `super-linter`
fetch-depth: 0
- name: Lint Code Base
uses: super-linter/super-linter@v8
uses: super-linter/super-linter@v7
env:
DEFAULT_BRANCH: develop
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SUPPRESS_POSSUM: true
LINTER_RULES_PATH: /
VALIDATE_ALL_CODEBASE: false
VALIDATE_BIOME_FORMAT: false
VALIDATE_CHECKOV: false
VALIDATE_DOCKERFILE: false
VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
VALIDATE_GITLEAKS: false
VALIDATE_JSCPD: false
VALIDATE_PYTHON_PYLINT: false
VALIDATE_TRIVY: false
FILTER_REGEX_EXCLUDE: (.*/)?(LICENSE|configuration/.*)
EDITORCONFIG_FILE_NAME: .editorconfig-checker.json
EDITORCONFIG_FILE_NAME: .ecrc
DOCKERFILE_HADOLINT_FILE_NAME: .hadolint.yaml
MARKDOWN_CONFIG_FILE: .markdown-lint.yml
PYTHON_BLACK_CONFIG_FILE: pyproject.toml
@ -74,7 +70,7 @@ jobs:
steps:
- id: git-checkout
name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@v4
- id: buildx-setup
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

22
.github/workflows/release.yml vendored
View File

@ -13,13 +13,11 @@ jobs:
build:
strategy:
matrix:
build:
- { "cmd": "./build-latest.sh", "branch": "release" }
- { "cmd": "./build.sh main", "branch": "release" }
# Build pre release images from our develop branch
# This is used to test the latest changes before they are merged into the main branch
- { "cmd": "PRERELEASE=true ./build-latest.sh", "branch": "develop" }
- { "cmd": "./build.sh feature", "branch": "develop" }
build_cmd:
- ./build-latest.sh
- PRERELEASE=true ./build-latest.sh
- ./build.sh feature
- ./build.sh main
platform:
- linux/amd64,linux/arm64
fail-fast: false
@ -32,18 +30,16 @@ jobs:
steps:
- id: source-checkout
name: Checkout
uses: actions/checkout@v6
with:
ref: ${{ matrix.build.branch }}
uses: actions/checkout@v4
- id: set-netbox-docker-version
name: Get Version of NetBox Docker
run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT"
shell: bash
- id: check-build-needed
name: Check if the build is needed for '${{ matrix.build.cmd }}'
name: Check if the build is needed for '${{ matrix.build_cmd }}'
env:
CHECK_ONLY: "true"
run: ${{ matrix.build.cmd }}
run: ${{ matrix.build_cmd }}
# docker.io
- id: docker-io-login
name: Login to docker.io
@ -81,7 +77,7 @@ jobs:
if: steps.check-build-needed.outputs.skipped != 'true'
- id: build-and-push
name: Push the image
run: ${{ matrix.build.cmd }} --push
run: ${{ matrix.build_cmd }} --push
if: steps.check-build-needed.outputs.skipped != 'true'
env:
BUILDX_PLATFORM: ${{ matrix.platform }}

35
Dockerfile
View File

@ -1,7 +1,7 @@
ARG FROM
FROM ${FROM} AS builder
COPY --from=ghcr.io/astral-sh/uv:0.9 /uv /usr/local/bin/
COPY --from=ghcr.io/astral-sh/uv:0.5 /uv /usr/local/bin/
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update -qq \
&& apt-get upgrade \
@ -27,14 +27,12 @@ ARG NETBOX_PATH
COPY ${NETBOX_PATH}/requirements.txt requirements-container.txt /
ENV VIRTUAL_ENV=/opt/netbox/venv
RUN \
# Gunicorn is not needed because we use Granian
# Gunicorn is not needed because we use Nginx Unit
sed -i -e '/gunicorn/d' /requirements.txt && \
# We need 'social-auth-core[all]' in the Docker image. But if we put it in our own requirements-container.txt
# we have potential version conflicts and the build will fail.
# That's why we just replace it in the original requirements.txt.
sed -i -e 's/social-auth-core/social-auth-core\[all\]/g' /requirements.txt && \
# The same is true for 'django-storages'
sed -i -e 's/django-storages/django-storages\[azure,boto3,dropbox,google,libcloud,sftp\]/g' /requirements.txt && \
/usr/local/bin/uv pip install \
-r /requirements.txt \
-r /requirements-container.txt
@ -62,6 +60,15 @@ RUN export DEBIAN_FRONTEND=noninteractive \
openssl \
python3 \
tini \
&& curl --silent --output /usr/share/keyrings/nginx-keyring.gpg \
https://unit.nginx.org/keys/nginx-keyring.gpg \
&& echo "deb [signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://packages.nginx.org/unit/ubuntu/ noble unit" \
> /etc/apt/sources.list.d/unit.list \
&& apt-get update -qq \
&& apt-get install \
--yes -qq --no-install-recommends \
unit=1.34.1-1~noble \
unit-python3.12=1.34.1-1~noble \
&& rm -rf /var/lib/apt/lists/*
# Copy the modified 'requirements*.txt' files, to have the files actually used during installation
@ -75,24 +82,24 @@ COPY ${NETBOX_PATH} /opt/netbox
COPY docker/configuration.docker.py /opt/netbox/netbox/netbox/configuration.py
COPY docker/ldap_config.docker.py /opt/netbox/netbox/netbox/ldap_config.py
COPY docker/docker-entrypoint.sh /opt/netbox/docker-entrypoint.sh
COPY docker/housekeeping.sh /opt/netbox/housekeeping.sh
COPY docker/launch-netbox.sh /opt/netbox/launch-netbox.sh
COPY docker/super_user.py /opt/netbox/super_user.py
COPY configuration/ /etc/netbox/config/
COPY docker/granian.py /opt/netbox/netbox/netbox/granian.py
COPY docker/nginx-unit.json /etc/unit/
COPY VERSION /opt/netbox/VERSION
WORKDIR /opt/netbox/netbox
# Must set permissions for '/opt/netbox/netbox/media' directory
# to g+w so that pictures can be uploaded to netbox.
RUN useradd --home-dir /opt/netbox/ --no-create-home --no-user-group --system --shell /bin/false --uid 999 --gid 0 netbox \
&& mkdir -p static media local \
&& chown -R netbox:root media reports scripts \
&& chmod -R g+w media reports scripts \
&& cd /opt/netbox/ && SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python -m mkdocs build \
--config-file /opt/netbox/mkdocs.yml --site-dir /opt/netbox/netbox/project-static/docs/ \
&& DEBUG="true" SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input \
&& echo "build: Docker-$(cat /opt/netbox/VERSION)" > /opt/netbox/netbox/local/release.yaml
RUN mkdir -p static /opt/unit/state/ /opt/unit/tmp/ \
&& chown -R unit:root /opt/unit/ media reports scripts \
&& chmod -R g+w /opt/unit/ media reports scripts \
&& cd /opt/netbox/ && SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python -m mkdocs build \
--config-file /opt/netbox/mkdocs.yml --site-dir /opt/netbox/netbox/project-static/docs/ \
&& DEBUG="true" SECRET_KEY="dummyKeyWithMinimumLength-------------------------" /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic --no-input \
&& mkdir /opt/netbox/netbox/local \
&& echo "build: Docker-$(cat /opt/netbox/VERSION)" > /opt/netbox/netbox/local/release.yaml
ENV LANG=C.utf8 PATH=/opt/netbox/venv/bin:$PATH VIRTUAL_ENV=/opt/netbox/venv UV_NO_CACHE=1
ENTRYPOINT [ "/usr/bin/tini", "--" ]

9
README.md
View File

@ -39,9 +39,12 @@ There is a more complete [_Getting Started_ guide on our wiki][wiki-getting-star
```bash
git clone -b release https://github.com/netbox-community/netbox-docker.git
cd netbox-docker
# Copy the example override file
cp docker-compose.override.yml.example docker-compose.override.yml
# Read and edit the file to your liking
tee docker-compose.override.yml <<EOF
services:
netbox:
ports:
- 8000:8080
EOF
docker compose pull
docker compose up
```

2
VERSION
View File

@ -1 +1 @@
4.0.0
3.2.0

4
build.sh
View File

@ -62,7 +62,7 @@ DOCKERFILE The name of Dockerfile to use.
DOCKER_FROM The base image to use.
${_GREEN}Default:${_CLEAR} 'ubuntu:24.04'
BUILDX_PLATFORM
BUILDX_PLATFORMS
Specifies the platform(s) to build the image for.
${_CYAN}Example:${_CLEAR} 'linux/amd64,linux/arm64'
${_GREEN}Default:${_CLEAR} 'linux/amd64'
@ -223,7 +223,7 @@ fi
###
# Variables for labelling the docker image
###
BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%S+00:00')"
BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M+00:00')"
if [ -d ".git" ] && [ -z "${SKIP_GIT}" ]; then
GIT_REF="$(git rev-parse HEAD)"

39
configuration/configuration.py
View File

@ -64,21 +64,19 @@ if '*' not in ALLOWED_HOSTS and 'localhost' not in ALLOWED_HOSTS:
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
# https://docs.djangoproject.com/en/stable/ref/settings/#databases
DATABASES = {
'default': {
'NAME': environ.get('DB_NAME', 'netbox'), # Database name
'USER': environ.get('DB_USER', ''), # PostgreSQL username
'PASSWORD': _read_secret('db_password', environ.get('DB_PASSWORD', '')),
# PostgreSQL password
'HOST': environ.get('DB_HOST', 'localhost'), # Database server
'PORT': environ.get('DB_PORT', ''), # Database port (leave blank for default)
'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')},
# Database connection SSLMODE
'CONN_MAX_AGE': _environ_get_and_map('DB_CONN_MAX_AGE', '300', _AS_INT),
# Max database connection age
'DISABLE_SERVER_SIDE_CURSORS': _environ_get_and_map('DB_DISABLE_SERVER_SIDE_CURSORS', 'False', _AS_BOOL),
# Disable the use of server-side cursors transaction pooling
}
DATABASE = {
'NAME': environ.get('DB_NAME', 'netbox'), # Database name
'USER': environ.get('DB_USER', ''), # PostgreSQL username
'PASSWORD': _read_secret('db_password', environ.get('DB_PASSWORD', '')),
# PostgreSQL password
'HOST': environ.get('DB_HOST', 'localhost'), # Database server
'PORT': environ.get('DB_PORT', ''), # Database port (leave blank for default)
'OPTIONS': {'sslmode': environ.get('DB_SSLMODE', 'prefer')},
# Database connection SSLMODE
'CONN_MAX_AGE': _environ_get_and_map('DB_CONN_MAX_AGE', '300', _AS_INT),
# Max database connection age
'DISABLE_SERVER_SIDE_CURSORS': _environ_get_and_map('DB_DISABLE_SERVER_SIDE_CURSORS', 'False', _AS_BOOL),
# Disable the use of server-side cursors transaction pooling
}
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
@ -116,11 +114,6 @@ REDIS = {
# https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
SECRET_KEY = _read_secret('secret_key', environ.get('SECRET_KEY', ''))
API_TOKEN_PEPPERS = {}
if api_token_pepper := _read_secret('api_token_pepper_1', environ.get('API_TOKEN_PEPPER_1', '')):
API_TOKEN_PEPPERS.update({1: api_token_pepper})
#########################
# #
@ -310,12 +303,6 @@ REMOTE_AUTH_SUPERUSER_GROUPS = _environ_get_and_map('REMOTE_AUTH_SUPERUSER_GROUP
REMOTE_AUTH_SUPERUSERS = _environ_get_and_map('REMOTE_AUTH_SUPERUSERS', '', _AS_LIST)
REMOTE_AUTH_STAFF_GROUPS = _environ_get_and_map('REMOTE_AUTH_STAFF_GROUPS', '', _AS_LIST)
REMOTE_AUTH_STAFF_USERS = _environ_get_and_map('REMOTE_AUTH_STAFF_USERS', '', _AS_LIST)
# SSO Configuration
SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY = environ.get('SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY')
SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET = _read_secret('okta_openidconnect_secret', environ.get('SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET', ''))
SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL = environ.get('SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL')
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = environ.get('SOCIAL_AUTH_GOOGLE_OAUTH2_KEY')
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = _read_secret('google_oauth2_secret', environ.get('SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET', ''))
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
# version check or use the URL below to check for release in the official NetBox repository.

21
configuration/extra.py
View File

@ -33,20 +33,13 @@
## By default uploaded media is stored on the local filesystem. Using Django-storages is also supported. Provide the
## class path of the storage driver and any configuration options in STORAGES. For example:
# STORAGES = {
# 'default': {
# 'BACKEND': 'storages.backends.s3boto3.S3Boto3Storage',
# 'OPTIONS': {
# 'access_key': 'Key ID',
# 'secret_key': 'Secret',
# 'bucket_name': 'netbox',
# 'region_name': 'us-west-1',
# }
# },
# 'staticfiles': {
# 'BACKEND': 'django.contrib.staticfiles.storage.StaticFilesStorage',
# }
## class path of the storage driver in STORAGE_BACKEND and any configuration options in STORAGE_CONFIG. For example:
# STORAGE_BACKEND = 'storages.backends.s3boto3.S3Boto3Storage'
# STORAGE_CONFIG = {
# 'AWS_ACCESS_KEY_ID': 'Key ID',
# 'AWS_SECRET_ACCESS_KEY': 'Secret',
# 'AWS_STORAGE_BUCKET_NAME': 'netbox',
# 'AWS_S3_REGION_NAME': 'eu-west-1',
# }

3
configuration/ldap/ldap_config.py
View File

@ -109,6 +109,3 @@ AUTH_LDAP_USER_ATTR_MAP = {
"last_name": environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'),
"email": environ.get('AUTH_LDAP_ATTR_MAIL', 'mail')
}
# Update user object with the latest values from the LDAP directory every time the user logs in.
AUTH_LDAP_ALWAYS_UPDATE_USER = environ.get('AUTH_LDAP_ALWAYS_UPDATE_USER', 'True').lower() == 'true'

17
docker-compose.override.yml.example
View File

@ -2,6 +2,9 @@ services:
netbox:
ports:
- "8000:8080"
# If you want the Nginx unit status page visible from the
# outside of the container add the following port mapping:
# - "8001:8081"
# healthcheck:
# Time for which the health check can fail after the container is started.
# This depends mostly on the performance of your database. On the first start,
@ -16,18 +19,4 @@ services:
# SUPERUSER_EMAIL: ""
# SUPERUSER_NAME: ""
# SUPERUSER_PASSWORD: ""
# SSO Configuration
# SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY: "your_okta_client_id"
# SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL: "https://your-domain.okta.com"
# SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: "your_google_client_id"
# secrets:
# - okta_openidconnect_secret
# - google_oauth2_secret
# Uncomment to use Docker secrets for SSO credentials
# secrets:
# okta_openidconnect_secret:
# file: ./secrets/okta_secret.txt
# google_oauth2_secret:
# file: ./secrets/google_secret.txt

15
docker-compose.test.yml
View File

@ -9,7 +9,7 @@ services:
redis-cache:
condition: service_healthy
env_file: env/netbox.env
user: "netbox:root"
user: "unit:root"
volumes:
- ./test-configuration/test_config.py:/etc/netbox/config/test_config.py:z,ro
healthcheck:
@ -28,9 +28,18 @@ services:
start_period: 40s
timeout: 3s
interval: 15s
netbox-housekeeping:
<<: *netbox
command:
- /opt/netbox/housekeeping.sh
healthcheck:
test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
start_period: 40s
timeout: 3s
interval: 15s
postgres:
image: docker.io/postgres:18-alpine
image: docker.io/postgres:17-alpine
env_file: env/postgres.env
healthcheck:
test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER ## $$ because of docker-compose
@ -40,7 +49,7 @@ services:
retries: 5
redis: &redis
image: docker.io/valkey/valkey:9.0-alpine
image: docker.io/valkey/valkey:8.0-alpine
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env

26
docker-compose.yml
View File

@ -1,12 +1,12 @@
services:
netbox: &netbox
image: docker.io/netboxcommunity/netbox:${VERSION-v4.5-4.0.0}
image: docker.io/netboxcommunity/netbox:${VERSION-v4.2-3.2.0}
depends_on:
- postgres
- redis
- redis-cache
env_file: env/netbox.env
user: "netbox:root"
user: "unit:root"
healthcheck:
test: curl -f http://localhost:8080/login/ || exit 1
start_period: 90s
@ -31,10 +31,22 @@ services:
start_period: 20s
timeout: 3s
interval: 15s
netbox-housekeeping:
<<: *netbox
depends_on:
netbox:
condition: service_healthy
command:
- /opt/netbox/housekeeping.sh
healthcheck:
test: ps -aux | grep -v grep | grep -q housekeeping || exit 1
start_period: 20s
timeout: 3s
interval: 15s
# postgres
postgres:
image: docker.io/postgres:18-alpine
image: docker.io/postgres:17-alpine
healthcheck:
test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
start_period: 20s
@ -43,11 +55,11 @@ services:
retries: 5
env_file: env/postgres.env
volumes:
- netbox-postgres:/var/lib/postgresql
- netbox-postgres-data:/var/lib/postgresql/data
# redis
redis:
image: docker.io/valkey/valkey:9.0-alpine
image: docker.io/valkey/valkey:8.0-alpine
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
@ -62,7 +74,7 @@ services:
volumes:
- netbox-redis-data:/data
redis-cache:
image: docker.io/valkey/valkey:9.0-alpine
image: docker.io/valkey/valkey:8.0-alpine
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
@ -75,7 +87,7 @@ services:
volumes:
netbox-media-files:
driver: local
netbox-postgres:
netbox-postgres-data:
driver: local
netbox-redis-cache-data:
driver: local

37
docker/docker-entrypoint.sh
View File

@ -54,10 +54,43 @@ fi
if [ "$SKIP_SUPERUSER" == "true" ]; then
echo "↩️ Skip creating the superuser"
else
./manage.py shell --no-startup --no-imports --interface python \
</opt/netbox/super_user.py
if [ -z ${SUPERUSER_NAME+x} ]; then
SUPERUSER_NAME='admin'
fi
if [ -z ${SUPERUSER_EMAIL+x} ]; then
SUPERUSER_EMAIL='admin@example.com'
fi
if [ -f "/run/secrets/superuser_password" ]; then
SUPERUSER_PASSWORD="$(</run/secrets/superuser_password)"
elif [ -z ${SUPERUSER_PASSWORD+x} ]; then
SUPERUSER_PASSWORD='admin'
fi
if [ -f "/run/secrets/superuser_api_token" ]; then
SUPERUSER_API_TOKEN="$(</run/secrets/superuser_api_token)"
elif [ -z ${SUPERUSER_API_TOKEN+x} ]; then
SUPERUSER_API_TOKEN='0123456789abcdef0123456789abcdef01234567'
fi
./manage.py shell --interface python <<END
from users.models import Token, User
if not User.objects.filter(username='${SUPERUSER_NAME}'):
u = User.objects.create_superuser('${SUPERUSER_NAME}', '${SUPERUSER_EMAIL}', '${SUPERUSER_PASSWORD}')
Token.objects.create(user=u, key='${SUPERUSER_API_TOKEN}')
END
echo "💡 Superuser Username: ${SUPERUSER_NAME}, E-Mail: ${SUPERUSER_EMAIL}"
fi
./manage.py shell --interface python <<END
from users.models import Token
try:
old_default_token = Token.objects.get(key="0123456789abcdef0123456789abcdef01234567")
if old_default_token:
print("⚠️ Warning: You have the old default admin API token in your database. This token is widely known; please remove it. Log in as your superuser and check API Tokens in your user menu.")
except Token.DoesNotExist:
pass
END
echo "✅ Initialisation is done."
# Launch whatever is passed by docker

13
docker/granian.py
View File

@ -1,13 +0,0 @@
from granian.utils.proxies import wrap_wsgi_with_proxy_headers
from netbox.wsgi import application
application = wrap_wsgi_with_proxy_headers(
application,
trusted_hosts=[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
"fc00::/7",
"fe80::/10",
],
)

8
docker/housekeeping.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
SLEEP_SECONDS=${HOUSEKEEPING_INTERVAL:=86400}
echo "Interval set to ${SLEEP_SECONDS} seconds"
while true; do
date
/opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py housekeeping
sleep "${SLEEP_SECONDS}s"
done

74
docker/launch-netbox.sh
View File

@ -1,21 +1,57 @@
#!/bin/bash
exec granian \
--host "::" \
--port "8080" \
--interface "wsgi" \
--no-ws \
--workers "${GRANIAN_WORKERS:-4}" \
--respawn-failed-workers \
--backpressure "${GRANIAN_BACKPRESSURE:-${GRANIAN_WORKERS:-4}}" \
--loop "uvloop" \
--log \
--log-level "info" \
--access-log \
--working-dir "/opt/netbox/netbox/" \
--static-path-route "/static" \
--static-path-mount "/opt/netbox/netbox/static/" \
--static-path-dir-to-file index.html \
--pid-file "/tmp/granian.pid" \
"${GRANIAN_EXTRA_ARGS[@]}" \
"netbox.granian:application"
UNIT_CONFIG="${UNIT_CONFIG-/etc/unit/nginx-unit.json}"
# Also used in "nginx-unit.json"
UNIT_SOCKET="/opt/unit/unit.sock"
load_configuration() {
MAX_WAIT=10
WAIT_COUNT=0
while [ ! -S $UNIT_SOCKET ]; do
if [ $WAIT_COUNT -ge $MAX_WAIT ]; then
echo "⚠️ No control socket found; configuration will not be loaded."
return 1
fi
WAIT_COUNT=$((WAIT_COUNT + 1))
echo "⏳ Waiting for control socket to be created... (${WAIT_COUNT}/${MAX_WAIT})"
sleep 1
done
# even when the control socket exists, it does not mean unit has finished initialisation
# this curl call will get a reply once unit is fully launched
curl --silent --output /dev/null --request GET --unix-socket $UNIT_SOCKET http://localhost/
echo "⚙️ Applying configuration from $UNIT_CONFIG"
RESP_CODE=$(
curl \
--silent \
--output /dev/null \
--write-out '%{http_code}' \
--request PUT \
--data-binary "@${UNIT_CONFIG}" \
--unix-socket $UNIT_SOCKET \
http://localhost/config
)
if [ "$RESP_CODE" != "200" ]; then
echo "⚠️ Could no load Unit configuration"
kill "$(cat /opt/unit/unit.pid)"
return 1
fi
echo "✅ Unit configuration loaded successfully"
}
load_configuration &
exec unitd \
--no-daemon \
--control unix:$UNIT_SOCKET \
--pid /opt/unit/unit.pid \
--log /dev/stdout \
--statedir /opt/unit/state/ \
--tmpdir /opt/unit/tmp/ \
--user unit \
--group root

77
docker/nginx-unit.json Normal file
View File

@ -0,0 +1,77 @@
{
"listeners": {
"0.0.0.0:8080": {
"pass": "routes/main",
"forwarded": {
"client_ip": "X-Forwarded-For",
"protocol": "X-Forwarded-Proto",
"source": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
}
},
"0.0.0.0:8081": {
"pass": "routes/status",
"forwarded": {
"client_ip": "X-Forwarded-For",
"protocol": "X-Forwarded-Proto",
"source": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
}
},
"[::]:8080": {
"pass": "routes/main",
"forwarded": {
"client_ip": "X-Forwarded-For",
"protocol": "X-Forwarded-Proto",
"source": ["fc00::/7", "fe80::/10"]
}
},
"[::]:8081": {
"pass": "routes/status",
"forwarded": {
"client_ip": "X-Forwarded-For",
"protocol": "X-Forwarded-Proto",
"source": ["fc00::/7", "fe80::/10"]
}
}
},
"routes": {
"main": [
{
"match": {
"uri": "/static/*"
},
"action": {
"share": "/opt/netbox/netbox${uri}"
}
},
{
"action": {
"pass": "applications/netbox"
}
}
],
"status": [
{
"match": {
"uri": "/status/*"
},
"action": {
"proxy": "http://unix:/opt/unit/unit.sock"
}
}
]
},
"applications": {
"netbox": {
"type": "python 3",
"path": "/opt/netbox/netbox/",
"module": "netbox.wsgi",
"home": "/opt/netbox/venv",
"processes": {
"max": 4,
"spare": 1,
"idle_timeout": 120
}
}
},
"access_log": "/dev/stdout"
}

36
docker/super_user.py
View File

@ -1,36 +0,0 @@
from os import environ
from django.conf import settings
from users.choices import TokenVersionChoices
from users.models import Token, User
# Read secret from file
def _read_secret(secret_name: str, default: str | None = None) -> str | None:
try:
f = open("/run/secrets/" + secret_name, "r", encoding="utf-8")
except EnvironmentError:
return default
else:
with f:
return f.readline().strip()
su_name = environ.get("SUPERUSER_NAME", "admin")
su_email = environ.get("SUPERUSER_EMAIL", "admin@example.com")
su_password = _read_secret("superuser_password", environ.get("SUPERUSER_PASSWORD", "admin"))
su_api_token = _read_secret(
"superuser_api_token",
environ.get("SUPERUSER_API_TOKEN", "0123456789abcdef0123456789abcdef01234567"),
)
if not User.objects.filter(username=su_name):
u = User.objects.create_superuser(su_name, su_email, su_password)
msg = ""
if not settings.API_TOKEN_PEPPERS:
print("⚠️ No API token will be created as API_TOKEN_PEPPERS is not set")
msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}"
else:
t = Token.objects.create(user=u, token=su_api_token, version=TokenVersionChoices.V2)
msg = f"💡 Superuser Username: {su_name}, E-Mail: {su_email}, API Token: {t} (use with '{t.get_auth_header_prefix()}<Your token>')"
print(msg)

12
env/netbox.env vendored
View File

@ -1,4 +1,3 @@
API_TOKEN_PEPPER_1=Qy+F=OTeGskWQ(wTMgjc+NPPlz6YwFXY=KHIIg=wpYXT&e(6u8
CORS_ORIGIN_ALLOW_ALL=True
DB_HOST=postgres
DB_NAME=netbox
@ -15,9 +14,8 @@ EMAIL_USERNAME=netbox
# EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
EMAIL_USE_SSL=false
EMAIL_USE_TLS=false
GRANIAN_BACKPRESSURE=4
GRANIAN_WORKERS=4
GRAPHQL_ENABLED=true
HOUSEKEEPING_INTERVAL=86400
MEDIA_ROOT=/opt/netbox/netbox/media
METRICS_ENABLED=false
REDIS_CACHE_DATABASE=1
@ -33,12 +31,4 @@ REDIS_SSL=false
RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
SECRET_KEY='r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X'
SKIP_SUPERUSER=true
# SSO Configuration (uncomment and configure as needed)
# OKTA OpenID Connect
# SOCIAL_AUTH_OKTA_OPENIDCONNECT_KEY=your_okta_client_id
# SOCIAL_AUTH_OKTA_OPENIDCONNECT_SECRET=your_okta_client_secret
# SOCIAL_AUTH_OKTA_OPENIDCONNECT_API_URL=https://your-domain.okta.com
# Google OAuth2
# SOCIAL_AUTH_GOOGLE_OAUTH2_KEY=your_google_client_id
# SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET=your_google_client_secret
WEBHOOKS_ENABLED=true

8
requirements-container.txt
View File

@ -1,7 +1,7 @@
django-auth-ldap==5.3.0
dulwich==1.0.0
granian[uvloop]==2.7.0
django-auth-ldap==5.1.0
django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.14.4
dulwich==0.22.7
python3-saml==1.16.0
--no-binary lxml
--no-binary xmlsec
sentry-sdk[django]==2.51.0
sentry-sdk[django]==2.20.0

10
test-configuration/test_config.py
View File

@ -3,14 +3,4 @@ LOGGING = {
'disable_existing_loggers': True
}
PLUGINS = [
'netbox.tests.dummy_plugin',
]
ALLOW_TOKEN_RETRIEVAL = True
DEFAULT_PERMISSIONS = {}
API_TOKEN_PEPPERS = {
1: 'TEST-VALUE-DO-NOT-USE-TEST-VALUE-DO-NOT-USE-TEST-VALUE-DO-NOT-USE',
}