NetBox is an Infrastructure Resource Modelling (IRM) software designed for network automation and infrastructure engineering. Initially, it was created by the DigitalOcean team, and now became an open-source project released under the Apache 2 License. NetBox was created in the Python Django Web framework with PostgreSQL as the default database, and the installation of NetBox is quite similar to other Python Django web applications.
NetBox helps you to manage your infrastructure, which includes:
In this tutorial, you will install NetBox IRM (Infrastructure Resource Management) on a Rocky Linux 9 server. You'll set up NetBox with PostgreSQL as the database system and Apache/httpd as a reverse proxy on a Rocky Linux system. You'll also secure NetBox with SSL/TLS certificates via Certbot and Letsencrypt.
Before you get started, ensure that you have the following requirements:
With these prerequisites in place, you're ready to install NetBox.
The NetBox IRM by default supports the PostgreSQL database server. At the time of this writing, it's required at least PostgreSQL v10 and above. By default, the Rocky Linux repository provides PostgreSQL server v13, which is suitable for the NetBox deployment.
In this step, you'll install the PostgreSQL database server, set up the password authentication, then create a new database and user that NetBox will use.
To start, run the below command to install the PostgreSQL server on the Rocky Linux server.
sudo dnf install postgresql-serverWhen prompted, input y to confirm and press ENTER to proceed.
After installing the PostgreSQL server, run the below command to initialize the PostgreSQL database and configuration.
sudo postgresql-setup --initdbYou should receive an output such as 'Initializing database in ...'.
With the PostgreSQL server initialized, you'll next set up the password encryption and authentication for PostgreSQL users.
Open the PostgreSQL config file '/var/lib/pgsql/data/postgresql.conf' using the below nano editor command.
sudo nano /var/lib/pgsql/data/postgresql.confUncomment the parameter 'password_encryption' and change the value to 'scram-sha-256'. This will set up the default password encryption for PostgreSQL users to 'scram-sha-256'.
password_encryption = scram-sha-256Save the file and exit the editor.
Next, open another PostgreSQL config file '/var/lib/pgsql/data/pg_hba.conf' using the below command. This file is where you can define authentication methods for your PostgreSQL.
sudo nano /var/lib/pgsql/data/pg_hba.confChange the default authentication methods for the host '127.0.0.1/32' and '::1/128' to 'scram-sha-256'. With this, you'll set up the default authentication methods for PostgreSQL users to 'scram-sha-256'.
# TYPE DATABASE USER ADDRESS METHOD# "local" is for Unix domain socket connections only local all all peer # IPv4 local connections: host all all 127.0.0.1/32 scram-sha-256 # IPv6 local connections: host all all ::1/128 scram-sha-256
Save the file and exit the editor when finished.
Now run the below systemctl command utility to start and enable the PostgreSQL service.
sudo systemctl start postgresql sudo systemctl enable postgresqlThen verify the PostgreSQL service using the below command.
sudo systemctl status postgresqlYou should receive an output like this - The PostgreSQL service is running and it's enabled, which means the PostgreSQL will start automatically upon the bootup.
Now that you've configured the password authentication for the PostgreSQL server, it's now up and running. Next, you'll set up a new password for the default 'postgres' user and create a new database and user that NetBox will use.
Log in to the PostgreSQL shell via the below command.
sudo -u postgres psqlRun the below query to set up a new password for the default PostgreSQL user 'postgres'. Be sure to change the password in the following query.
ALTER USER postgres WITH PASSWORD 'PostgreSQLPass';
Next, run the below query to create a new PostgreSQL database and user. Also, be sure to change the default password in the following query.
In this example, you'll create a new database 'netboxdb' with the user 'netbox' that will be used for NetBox installation.
CREATE DATABASE netboxdb; CREATE USER netbox WITH ENCRYPTED PASSWORD 'NetBoxRocks'; GRANT ALL PRIVILEGES ON DATABASE netboxdb TO netbox;Now press Ctrl+d or type quit to exit.
Lastly, run the below command to log in to the PostgreSQL shell via the new user 'netbox' to the new database 'netboxdb'. When prompted for the password, input your password.
sudo -u postgres psql --username netbox --password --host localhost netboxdbAfter logging in to the PostgreSQL shell, run the below query to verify your current connection.
\conninfoYou'll receive an output like this - You've connected to the PostgreSQL server via the 'netbox' user to the database 'netboxdb'.
With the PostgreSQL installed, the database, and the user created, you'll next install Redis which will be used as cache management on the NetBox web application.
Redis is a free and open-source key-value database that NetBox will use for cache management and queue management. At the time of this writing, NetBox required at least the Redis server v4, and the default Rocky Linux repository provides Redis v6 and is suitable for your NetBox deployment.
Install Redis to your Rocky Linux server via the below dnf command.
sudo dnf install redisInput y when prompted and press ENTER to proceed.
After Redis is installed, open the Redis configuration file '/etc/redis/redis.conf' using the below nano editor command.
sudo nano /etc/redis/redis.confUncomment the parameter 'requirepass' and input the new password for your Redis server.
requirepass RedisPasswordNetBoxSave the file and exit the editor when finished.
Next, run the below systemctl command to start the Redis server and enable it.
sudo systemctl start redis sudo systemctl enable redis
Then verify the Redis server via the below systemctl command utility.
sudo systemctl status redisIn the output, you should see the Redis server is enabled and will be run automatically upon the bootup. And the status of the Redis server is running.
To verify your Redis installation, you will access Redis via the 'redis-cli' command below.
redis-cliIf you run the ping query, you should receive an output such as '(error) NOAUTH authentication required'. You need to be authenticated to run the 'ping' command.
pingExecute the below Redis query to authenticate to the Redis server. Be sure to change the password. If authenticated, you should receive an output 'OK'.
AUTH RedisPasswordNetBoxRun the ping query again and you should get an output 'PONG", which means that the query executed successfully and you've authenticated to the Redis server.
ping
At this point, you've installed the PostgreSQL database server and the Redis key-value database on Rocky Linux. You're now ready to start NetBox installation.
NetBox is a web application written with Python Django Framework. The current version of NetBox required at least Python 3.8, 3.9, 3.10, or 3.11. And the default Python on Rocky Linux 9 is Python 3.9, which is suitable for NetBox deployment.
To start, run the below dnf command to install package dependencies for NetBox. Input y when prompted and press ENTER to proceed.
sudo dnf install gcc libxml2-devel libxslt-devel libffi-devel libpq-devel openssl-devel redhat-rpm-config git
Next, run the below command to create a new system user 'netbox' with the default home directory '/opt/netbox'.
sudo useradd -r -d /opt/netbox -s /usr/sbin/nologin netboxCreate a new directory '/opt/netbox' and move your working directory into it. Then, download the NetBox source code via the git command. The directory '/opt/netbox' will be used as the main installation directory of NetBox.
mkdir -p /opt/netbox; cd /opt/netbox sudo git clone -b master --depth 1 https://github.com/netbox-community/netbox.git .Change the ownership of the NetBox installation directory '/opt/netbox' to the user and group 'netbox'. Then, move your working directory to '/opt/netbox/netbox/netbox'.
sudo chown -R netbox:netbox /opt/netbox cd /opt/netbox/netbox/netboxNext, run the below command to copy the default NetBox configuration to 'configuration.py'. Then, generate the SECRET_KEY via the Python script '../generate_secret_key.py'.
sudo -u netbox cp configuration_example.py configuration.py sudo -u netbox python3 ../generate_secret_key.pyNow copy the generated SECRET_KEY. This will be used to set up the NetBox installation.
Open the NetBox config file 'configuration.py' using the below nano editor command.
sudo -u netbox nano configuration.pyBe sure to add your domain name to the 'ALLOWED_HOSTS' parameter, input details of the PostgreSQL database and user for NetBox, input the Redis password that you've configured, and paste the generated SECRET_KEY to the 'SECRET_KEY' parameter.
# domain and IP address ALLOWED_HOSTS = ['netbox.hwdomain.io', '192.168.5.59']# database configuration DATABASE = { 'NAME': 'netboxdb', # Database name 'USER': 'netbox', # PostgreSQL username 'PASSWORD': 'NetBoxRocks', # PostgreSQL password 'HOST': 'localhost', # Database server 'PORT': '', # Database port (leave blank for default) 'CONN_MAX_AGE': 300, # Max database connection age (seconds) }
# Redis cache configuration REDIS = { 'tasks': { 'HOST': 'localhost', # Redis server 'PORT': 6379, # Redis port 'PASSWORD': 'RedisPasswordNetBox', # Redis password (optional) 'DATABASE': 0, # Database ID 'SSL': False, # Use SSL (optional) }, 'caching': { 'HOST': 'localhost', 'PORT': 6379, 'PASSWORD': 'RedisPasswordNetBox', 'DATABASE': 1, # Unique ID for the second database 'SSL': False, } }
# Secret key SECRET_KEY = '-K0AV#USk(!-6hAEF-8NMgweJh6ex+j0Kb$N7bi=*jsF9TOg*'
Save and exit the file when finished.
Now run the below script ' /opt/netbox/upgrade.sh' to start the NetBox IRM installation.
sudo -u netbox /opt/netbox/upgrade.shThis will install create Python virtual environment for the NetBox web application, install required Python dependencies via the PyPI repository, run the database migration for NetBox, and lastly generate static files for the NetBox web application.
Below is an output when the upgrade.sh script executed.
Below is the output message when the NetBox installation is finished.
At this point, you've installed the NetBox IRM in your system. But still, you need to set up your NetBox installation.
In this step, you'll set up NetBox IRM installation by creating an admin user for NetBox, setting up cron, and setting up systemd services for NetBox.
To start, run the below command to activate the Python virtual environment for your NetBox installation.
source /opt/netbox/venv/bin/activateWhen activated, your prompt will become such as '(venv) [email protected] .'.
Next, move the working directory to '/opt/netbox/netbox' and run the Django script 'manage.py' to create a new NetBox admin user.
cd /opt/netbox/netbox python3 manage.py createsuperuserInput the new admin user, email, and password for your NetBox. You should receive an output 'Superuser created successfully.', which means the NetBox admin user is created.
Next, run the below command to set up cron that will be run on a daily basis. The script 'netbox-housekeeping.sh' is used to clean up your NetBox environment, this will remove expired tasks, old sessions, or any expired records.
sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeepingAfter configuring a cron for NetBox, you'll set up NetBox to run with Gunicorn.
Run the below command to copy the Guncorn configuration to ' /opt/netbox/gunicorn.py '. Then, open the Gunicorn config file ' /opt/netbox/gunicorn.py ' using the below nano editor command.
sudo -u netbox cp /opt/netbox/contrib/gunicorn.py /opt/netbox/gunicorn.py sudo -u netbox nano /opt/netbox/gunicorn.pyChange the 'bind' parameter with the following line. This will run the NetBox web application locally with port '8001'.
bind = '127.0.0.1:8001'Save and xit the file when finished.
Next, run the below command to copy the default systemd services for NetBox to the '/etc/systemd/system' directory. This will copy the service file 'netbox' and 'netbox-rq' that will be used to manage NetBox.
sudo cp -v /opt/netbox/contrib/*.service /etc/systemd/system/Now run the below systemctl command utility to reload the systemd manager and apply new changes to your system.
sudo systemctl daemon-reloadLastly, run the below systemctl command to start and enable the 'netbox-rq' service. This will also automatically start the main 'netbox' service.
sudo systemctl start netbox netbox-rq sudo systemctl enable netbox netbox-rq
Now verify both 'netbox-rq' and 'netbox' services via the below systemcl command.
sudo systemctl status netbox sudo systemctl status netbox-rqThe output of the 'netbox-rq' service status.
The output of the 'netbox' service'.
At this point, the NetBox IRM is running as a systemd service and it's running as a WSGI application with Gunicorn. In the next step, you'll install and set up httpd as a reverse proxy for NetBox.
With the NetBox running as a WSGI application with Gunicorn, you'll now install and configure the httpd web server as a reverse proxy for NetBox. You'll install the httpd package, create a new httpd virtual host file, then start and enable the httpd service. Lastly, you'll also set up the firewalld to open HTTP and HTTPS ports.
Run the below dnf command to install the httpd web server. Input y when prompted for confirmation and press ENTER to proceed.
sudo dnf install httpd
Next, create a new httpd virtual host file '/etc/httpd/conf.d/netbox.conf' using the below nano editor command.
sudo nano /etc/httpd/conf.d/netbox.confAdd the following lines to the file and be sure to change the domain name 'netbox.hwdomain.io' with your domain. With this virtual host, you'll set up an httpd as a reverse proxy for the NetBox application that runs as a WSGI application on port '8001'.
VirtualHost *:80 ProxyPreserveHost On# CHANGE THIS TO YOUR SERVER'S NAME ServerName netbox.hwdomain.io
Alias /static /opt/netbox/netbox/static
Directory /opt/netbox/netbox/static Options Indexes FollowSymLinks MultiViews AllowOverride None Require all granted /Directory
Location /static ProxyPass ! /Location
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} ProxyPass / http://127.0.0.1:8001/ ProxyPassReverse / http://127.0.0.1:8001/ /VirtualHost
Save the file and exit the editor when finished.
Next, run the below apachectl command to verify httpd configurations. And if you've proper httpd configuration, you should receive an output such as 'Syntax OK'.
sudo apachectl configtest
Now run the below systemctl command utility to start and enable the httpd web server.
sudo systemctl start httpd sudo systemctl enable httpdThen verify the httpd web server to ensure that the service is running. You should receive an output the httpd web server is running and it's enabled, which means the httpd web server will start automatically upon the bootup.
sudo systemctl status httpd
With this in mind, the NetBox application is running and accessible. But before that, you must open both HTTP and HTTPS ports in firewalld.
Run the below firewall-cmd command to open HTTP and HTTPS services. Then, reload the firewalld to apply the changes.
sudo firewall-cmd --add-servic={http,https} --permanent sudo firewall-cmd --reloadVerify the firewalld status via the below command.
sudo firewall-cmd --list-allAn output like this show you that HTTP and HTTPS services added to the firewalld.
With this, you've now NetBox web application that is running and accessible - You can access NetBox installation, but with an insecure HTTP protocol. In the next step, you'll secure your NetBox deployment with SSL/TLS certificates via Certbot and Letsencrypt.
In this step, you'll secure the NetBox installation with SSL/TLS certificates that can be generated via Certbot and Letsencrypt. Before you begin, ensure that the domain name is pointed to the server IP address. Also, ensure that you have an email address that will be used to register to Letsencrypt.
Install the Certbot tool and the httpd/Apache plugin via the dnf command below.
sudo dnf install certbot python3-certbot-apacheInput y when prompted and press ENTER to proceed.
After Certbot is installed, run the below command to generate SSL/TLS certificates for your domain name. Also, be sure to change the domain name and the email address in the following command.
sudo certbot --apache2 --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d netbox.hwdomain.ioThis command will generate the new SSL/TLS certificates for your domain name. Also, this will automatically set up HTTPS on your httpd virtual host configuration and set up auto-redirect from HTTP to HTTPS for your NetBox virtual host file. Certbot SSL/TLS certificates is generated to the directory '/etc/elstencrypt/live/netbox.hwdomain.io/'.
Open your web browser and visit the domain name of your NetBox installation (i.e: https://netbox.hwdomain.io/).
You'll see the default homepage of your NetBox installation - This is like a preview only of your NetBox installation.
Click the 'Login' button at the top-right menu and you'll be redirected to the NetBox login screen.
Log in with your admin user and password, then click 'Sign In'.
When you have the proper and correct user and password for NetBox, you should now be logged in to the NetBox administration dashboard.
With this, you've now finished the NetBox IRM installation with PostgreSQL, Redis, Gunciron, and the httpd web server.
In this tutorial, you have installed an Infrastructure Resource Modelling (IRM) software NetBox on a Rocky Linux 9 server. You've configured NetBox with a PostgreSQL database server, Redis as cache management, and httpd web server as reverse proxy on a Rocky Linux server.
Through the tutorial, you've also learned how to set up authentication on PostgreSQL, enable authentication on Redis, set up httpd as a reverse proxy, and secure NetBox with SSL/TLS certificates via Certbot and Letsencrypt.
With NeBox fully installed, you can now integrate NetBox into your data centers, add integration with REST API, or add third-party authentication via LDAP, Azure AD, and Okta as SSO (Single Sign-On) backend.