-
-
Notifications
You must be signed in to change notification settings - Fork 881
Deployment
Important: Also consider the advice about configuring Netbox for production above!
You may run this image in a cluster such as Docker Swarm, Kubernetes or OpenShift, but this is advanced level.
In this case, we encourage you to statically configure Netbox by starting from Netbox's example config file, and mounting it into your container in the directory /etc/netbox/config/
using the mechanism provided by your container platform (i.e. Docker Swarm configs, Kubernetes ConfigMap, OpenShift ConfigMaps).
But if you rather continue to configure your application through environment variables, you may continue to use the built-in configuration file. We discourage storing secrets in environment variables, as environment variable are passed on to all sub-processes and may leak easily into other systems, e.g. error collecting tools that often collect all environment variables whenever an error occurs.
Therefore we strongly advise to make use of the secrets mechanism provided by your container platform (i.e. Docker Swarm secrets, Kubernetes secrets, OpenShift secrets). The configuration file and the entrypoint script try to load the following secrets from the respective files. If a secret is defined by an environment variable and in the respective file at the same time, then the value from the environment variable is used.
-
SUPERUSER_PASSWORD
:/run/secrets/superuser_password
-
SUPERUSER_API_TOKEN
:/run/secrets/superuser_api_token
-
DB_PASSWORD
:/run/secrets/db_password
-
SECRET_KEY
:/run/secrets/secret_key
-
EMAIL_PASSWORD
:/run/secrets/email_password
-
NAPALM_PASSWORD
:/run/secrets/napalm_password
-
REDIS_PASSWORD
:/run/secrets/redis_password
-
REDIS_CACHE_PASSWORD
:/run/secrets/redis_cache_password
-
AUTH_LDAP_BIND_PASSWORD
:/run/secrets/auth_ldap_bind_password
If you are about to deploy Netbox using this project's Docker image and docker-compose file on a more permanent basis here you'll find some hints from our community. Please make sure you also read the Configure for Production section of the Configuration wiki page. You need to change the passwords and other secrets!
Add the following to the docker-compose.override.yml
file. This will ensure, that your containers are started again when the Docker daemon or your server is restarted.
version: '3.4'
services:
netbox:
restart: unless-stopped
netbox-worker:
restart: unless-stopped
nginx:
restart: unless-stopped
postgres:
restart: unless-stopped
redis:
restart: unless-stopped
redis-cache:
restart: unless-stopped
We recommend that you deploy TLS. There are several possibilities to do that. Because every setup is different and because TLS always requires a domain there is no built-in solution. Our recommendations:
- Deploy a HTTP server on your host system and reverse-proxy to the Netbox Nginx container.
Configure TLS on that daemon.
Make sure that you specify a fixed port in your
docker-compose.override.yml
file for the nginx service, like so:The target address for the reverse-proxy would in that case beversion: '3.4' services: nginx: ports: - 8080:8080 # binds nginx to `localhost:8080` on the host server
localhost:8080
. - Deploy an HTTP server through Docker.
You can extend the base setup via the
docker-compose.override.yml
file. The target server for the reverse proxy would benginx:8080
.
- Helm Chart by @bootc
- Kubernetes objects by @CENGN
See also the Community Contributions wiki page of the Netbox project.