Move nginx/Apache configs to discrete files

2024-05-10 07:54:54 +00:00 · 2020-04-03 15:46:48 -04:00
parent af405a8ab2
commit ad08935c57
3 changed files with 65 additions and 64 deletions
--- a/contrib/apache.conf
+++ b/contrib/apache.conf
@ -0,0 +1,26 @@
+<VirtualHost *:443>
+    ProxyPreserveHost On
+
+    # CHANGE THIS TO YOUR SERVER'S NAME
+    ServerName netbox.example.com
+
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/netbox.crt
+    SSLCertificateKeyFile /etc/ssl/private/netbox.key
+
+    Alias /static /opt/netbox/netbox/static
+
+    <Directory /opt/netbox/netbox/static>
+        Options Indexes FollowSymLinks MultiViews
+        AllowOverride None
+        Require all granted
+    </Directory>
+
+    <Location /static>
+        ProxyPass !
+    </Location>
+
+    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+    ProxyPass / http://127.0.0.1:8001/
+    ProxyPassReverse / http://127.0.0.1:8001/
+</VirtualHost>
--- a/contrib/nginx.conf
+++ b/contrib/nginx.conf
@ -0,0 +1,29 @@
+server {
+    listen 443 ssl;
+
+    # CHANGE THIS TO YOUR SERVER'S NAME
+    server_name netbox.example.com;
+
+    ssl_certificate /etc/ssl/certs/netbox.crt;
+    ssl_certificate_key /etc/ssl/private/netbox.key;
+
+    client_max_body_size 25m;
+
+    location /static/ {
+        alias /opt/netbox/netbox/static/;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:8001;
+        proxy_set_header X-Forwarded-Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+
+server {
+    # Redirect HTTP traffic to HTTPS
+    listen 80;
+    server_name _;
+    return 301 https://$host$request_uri;
+}
--- a/docs/installation/4-http-daemon.md
+++ b/docs/installation/4-http-daemon.md
@ -27,38 +27,10 @@ The following will serve as a minimal nginx configuration. Be sure to modify you
 # apt-get install -y nginx
 ```

-Once nginx is installed, save the following configuration to `/etc/nginx/sites-available/netbox`. Be sure to replace `netbox.example.com` with the domain name or IP address of your installation. (This should match the value configured for `ALLOWED_HOSTS` in `configuration.py`.)
-
-```nginx
-server {
-    listen 443 ssl;
-
-    server_name netbox.example.com;
-
-    ssl_certificate /etc/ssl/certs/netbox.crt;
-    ssl_certificate_key /etc/ssl/private/netbox.key;
-
-    client_max_body_size 25m;
-
-    location /static/ {
-        alias /opt/netbox/netbox/static/;
-    }
-
-    location / {
-        proxy_pass http://127.0.0.1:8001;
-        proxy_set_header X-Forwarded-Host $http_host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-}
-
-server {
-    # Redirect HTTP traffic to HTTPS
-    listen 80;
-    server_name _;
-    return 301 https://$host$request_uri;
-}
+Once nginx is installed, copy the default nginx configuration file to `/etc/nginx/sites-available/netbox`. Be sure to replace `netbox.example.com` with the domain name or IP address of your installation. (This should match the value configured for `ALLOWED_HOSTS` in `configuration.py`.)

+```no-highlight
+# cp /opt/netbox/contrib/nginx.conf /etc/nginx/sites-available/netbox
 ```

 Then, delete `/etc/nginx/sites-enabled/default` and create a symlink in the `sites-enabled` directory to the configuration file you just created.
@ -69,7 +41,7 @@ Then, delete `/etc/nginx/sites-enabled/default` and create a symlink in the `sit
 # ln -s /etc/nginx/sites-available/netbox
 ```

-Restart the nginx service to use the new configuration.
+Finally, restart the `nginx` service to use the new configuration.

 ```no-highlight
 # service nginx restart
@ -77,43 +49,19 @@ Restart the nginx service to use the new configuration.

 ### Option B: Apache

+Begin by installing Apache:
+
 ```no-highlight
 # apt-get install -y apache2 libapache2-mod-wsgi-py3
 ```

-Once Apache is installed, proceed with the following configuration (Be sure to modify the `ServerName` appropriately):
+Next, copy the default configuration file to `/etc/apache2/sites-available/`. Be sure to modify the `ServerName` parameter appropriately.

-```apache
-<VirtualHost *:443>
-    ProxyPreserveHost On
-
-    ServerName netbox.example.com
-
-    SSLEngine on
-    SSLCertificateFile /etc/ssl/certs/netbox.crt
-    SSLCertificateKeyFile /etc/ssl/private/netbox.key
-
-    Alias /static /opt/netbox/netbox/static
-
-    <Directory /opt/netbox/netbox/static>
-        Options Indexes FollowSymLinks MultiViews
-        AllowOverride None
-        Require all granted
-    </Directory>
-
-    <Location /static>
-        ProxyPass !
-    </Location>
-
-    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
-    ProxyPass / http://127.0.0.1:8001/
-    ProxyPassReverse / http://127.0.0.1:8001/
-</VirtualHost>
+```no-highlight
+# cp /opt/netbox/contrib/apache.conf /etc/apache2/sites-available/netbox.conf
 ```

-Save the contents of the above example in `/etc/apache2/sites-available/netbox.conf`.
-
-Finally, ensure that the required Apache modules are enabled, enable the `netbox` site and reload Apache:
+Finally, ensure that the required Apache modules are enabled, enable the `netbox` site, and reload Apache:

 ```no-highlight
 # a2enmod ssl proxy proxy_http headers
@ -121,8 +69,6 @@ Finally, ensure that the required Apache modules are enabled, enable the `netbox
 # service apache2 restart
 ```

-To enable SSL, consider this guide on [securing Apache with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04).
-
 !!! note
    Certain components of NetBox (such as the display of rack elevation diagrams) rely on the use of embedded objects. Ensure that your HTTP server configuration does not override the `X-Frame-Options` response header set by NetBox.