Move nginx/Apache configs to discrete files

2024-05-10 07:54:54 +00:00 · 2020-04-03 15:46:48 -04:00
parent af405a8ab2
commit ad08935c57
3 changed files with 65 additions and 64 deletions
--- a/contrib/apache.conf
+++ b/contrib/apache.conf
@ -0,0 +1,26 @@
 <VirtualHost *:443>
    ProxyPreserveHost On
    # CHANGE THIS TO YOUR SERVER'S NAME
    ServerName netbox.example.com
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/netbox.crt
    SSLCertificateKeyFile /etc/ssl/private/netbox.key
    Alias /static /opt/netbox/netbox/static
    <Directory /opt/netbox/netbox/static>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Require all granted
    </Directory>
    <Location /static>
        ProxyPass !
    </Location>
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    ProxyPass / http://127.0.0.1:8001/
    ProxyPassReverse / http://127.0.0.1:8001/
 </VirtualHost>
--- a/contrib/nginx.conf
+++ b/contrib/nginx.conf
@ -0,0 +1,29 @@
 server {
    listen 443 ssl;
    # CHANGE THIS TO YOUR SERVER'S NAME
    server_name netbox.example.com;
    ssl_certificate /etc/ssl/certs/netbox.crt;
    ssl_certificate_key /etc/ssl/private/netbox.key;
    client_max_body_size 25m;
    location /static/ {
        alias /opt/netbox/netbox/static/;
    }
    location / {
        proxy_pass http://127.0.0.1:8001;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 }
 server {
    # Redirect HTTP traffic to HTTPS
    listen 80;
    server_name _;
    return 301 https://$host$request_uri;
 }
--- a/docs/installation/4-http-daemon.md
+++ b/docs/installation/4-http-daemon.md
@ -27,38 +27,10 @@ The following will serve as a minimal nginx configuration. Be sure to modify you
 # apt-get install -y nginx
 ```
-Once nginx is installed, save the following configuration to `/etc/nginx/sites-available/netbox`. Be sure to replace `netbox.example.com` with the domain name or IP address of your installation. (This should match the value configured for `ALLOWED_HOSTS` in `configuration.py`.)
+Once nginx is installed, copy the default nginx configuration file to `/etc/nginx/sites-available/netbox`. Be sure to replace `netbox.example.com` with the domain name or IP address of your installation. (This should match the value configured for `ALLOWED_HOSTS` in `configuration.py`.)
 ```nginx
 server {
    listen 443 ssl;
    server_name netbox.example.com;
    ssl_certificate /etc/ssl/certs/netbox.crt;
    ssl_certificate_key /etc/ssl/private/netbox.key;
    client_max_body_size 25m;
    location /static/ {
        alias /opt/netbox/netbox/static/;
    }
    location / {
        proxy_pass http://127.0.0.1:8001;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 }
 server {
    # Redirect HTTP traffic to HTTPS
    listen 80;
    server_name _;
    return 301 https://$host$request_uri;
 }
 ```no-highlight
 # cp /opt/netbox/contrib/nginx.conf /etc/nginx/sites-available/netbox
 ```
 Then, delete `/etc/nginx/sites-enabled/default` and create a symlink in the `sites-enabled` directory to the configuration file you just created.
@ -69,7 +41,7 @@ Then, delete `/etc/nginx/sites-enabled/default` and create a symlink in the `sit
 # ln -s /etc/nginx/sites-available/netbox
 ```
-Restart the nginx service to use the new configuration.
+Finally, restart the `nginx` service to use the new configuration.
 ```no-highlight
 # service nginx restart
@ -77,43 +49,19 @@ Restart the nginx service to use the new configuration.
 ### Option B: Apache
 Begin by installing Apache:
 ```no-highlight
 # apt-get install -y apache2 libapache2-mod-wsgi-py3
 ```
-Once Apache is installed, proceed with the following configuration (Be sure to modify the `ServerName` appropriately):
+Next, copy the default configuration file to `/etc/apache2/sites-available/`. Be sure to modify the `ServerName` parameter appropriately.
-```apache
+```no-highlight
-<VirtualHost *:443>
+# cp /opt/netbox/contrib/apache.conf /etc/apache2/sites-available/netbox.conf
    ProxyPreserveHost On
    ServerName netbox.example.com
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/netbox.crt
    SSLCertificateKeyFile /etc/ssl/private/netbox.key
    Alias /static /opt/netbox/netbox/static
    <Directory /opt/netbox/netbox/static>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Require all granted
    </Directory>
    <Location /static>
        ProxyPass !
    </Location>
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
    ProxyPass / http://127.0.0.1:8001/
    ProxyPassReverse / http://127.0.0.1:8001/
 </VirtualHost>
 ```
-Save the contents of the above example in `/etc/apache2/sites-available/netbox.conf`.
+Finally, ensure that the required Apache modules are enabled, enable the `netbox` site, and reload Apache:
 Finally, ensure that the required Apache modules are enabled, enable the `netbox` site and reload Apache:
 ```no-highlight
 # a2enmod ssl proxy proxy_http headers
@ -121,8 +69,6 @@ Finally, ensure that the required Apache modules are enabled, enable the `netbox
 # service apache2 restart
 ```
 To enable SSL, consider this guide on [securing Apache with Let's Encrypt](https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04).
 !!! note
    Certain components of NetBox (such as the display of rack elevation diagrams) rely on the use of embedded objects. Ensure that your HTTP server configuration does not override the `X-Frame-Options` response header set by NetBox.