NetBox is a powerful Infrastructure Resource Modelling (IRM) software designed to streamline network automation and infrastructure engineering. Developed by the DigitalOcean team, NetBox has gained popularity as an open-source project released under the Apache 2 License. Built on the Python Django Web framework and utilizing PostgreSQL as its default database, NetBox offers a range of features to manage and organize infrastructure components effectively. From Data Center Infrastructure Management (DCIM) to IP Address Management (IPAM), NetBox covers various aspects of infrastructure management, making it a valuable tool for businesses.
In this comprehensive guide, we will walk you through the process of installing and configuring NetBox IRM on a Rocky Linux 9 server. We will cover each step in detail, including the installation and configuration of PostgreSQL and Redis, setting up NetBox IRM, configuring httpd as a reverse proxy, and securing NetBox with SSL/TLS certificates using Certbot and Letsencrypt. By the end of this guide, you will have a fully functional NetBox installation running on your Rocky Linux 9 server.
Prerequisites
Before we begin, let’s ensure that we have all the prerequisites in place:
- A Rocky Linux 9 server: For this guide, we will use a Rocky Linux server with the hostname ‘netbox-rocky’.
- A non-root user with sudo/root administrator privileges: We recommend using a non-root user with sudo privileges throughout the installation process.
- SELinux running in permissive mode: NetBox requires SELinux to be running in permissive mode to avoid any potential conflicts.
- A domain name or sub-domain pointed to a server IP address: For this guide, we will use the sub-domain ‘netbox.example.io’ to access our NetBox installation.
With these prerequisites met, we are ready to proceed with the installation of NetBox.
Installing and Configuring PostgreSQL
NetBox IRM natively supports the PostgreSQL database server. At the time of writing, NetBox requires at least PostgreSQL v10 or above. Fortunately, the Rocky Linux repository provides PostgreSQL server v13, which is suitable for our NetBox deployment.
Let’s start by installing the PostgreSQL server on our Rocky Linux server. Open a terminal and run the following command:
sudo dnf install postgresql-server
When prompted, type ‘y’ to confirm the installation and press ENTER to proceed. Once the installation is complete, we need to initialize the PostgreSQL database and configuration. Run the following command to initialize the database:
sudo postgresql-setup --initdb
You should see an output message indicating the successful initialization of the database.
With the PostgreSQL server initialized, we can now set up password encryption and authentication for PostgreSQL users. Open the PostgreSQL configuration file ‘/var/lib/pgsql/data/postgresql.conf’ using the nano editor:
sudo nano /var/lib/pgsql/data/postgresql.conf
Uncomment the ‘password_encryption’ parameter and change its value to ‘scram-sha-256’. Your configuration should look like this:
password_encryption = scram-sha-256
Save the file and exit the editor. Next, open the PostgreSQL config file ‘/var/lib/pgsql/data/pg_hba.conf’:
sudo nano /var/lib/pgsql/data/pg_hba.conf
In this file, we define authentication methods for PostgreSQL. Change the authentication methods for the host ‘127.0.0.1/32’ and ‘::1/128’ to ‘scram-sha-256’:
# TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all peer # IPv4 local connections: host all all 127.0.0.1/32 scram-sha-256 # IPv6 local connections: host all all ::1/128 scram-sha-256
Save the file and exit the editor. Now, start and enable the PostgreSQL service using the following systemctl commands:
sudo systemctl start postgresql sudo systemctl enable postgresql
To verify the status of the PostgreSQL service, run:
sudo systemctl status postgresql
You should see an output indicating that the PostgreSQL service is running and enabled.
With the PostgreSQL server up and running, we can proceed to set up a new password for the default ‘postgres’ user and create a new database and user for NetBox.
Login to the PostgreSQL shell as the ‘postgres’ user with the following command:
sudo -u postgres psql
To set a new password for the ‘postgres’ user, execute the following query:
ALTER USER postgres WITH PASSWORD 'PostgreSQLPass';
Replace ‘PostgreSQLPass’ with your desired password. Next, create a new PostgreSQL database and user for NetBox:
CREATE DATABASE netboxdb; CREATE USER netbox WITH ENCRYPTED PASSWORD 'NetBoxRocks'; GRANT ALL PRIVILEGES ON DATABASE netboxdbTO netbox;
Replace ‘NetBoxRocks’ with your desired password.
To exit the PostgreSQL shell, press Ctrl+d or type ‘quit’. Finally, log in to the PostgreSQL shell using the new ‘netbox’ user and the ‘netboxdb’ database:
sudo -u postgres psql --username netbox --password --host localhost netboxdb
After logging in, you can verify your connection by running the following query:
conninfo
You should see an output confirming your connection to the PostgreSQL server with the ‘netbox’ user and the ‘netboxdb’ database.
Congratulations! We have successfully installed and configured PostgreSQL for our NetBox installation. In the next step, we will install and configure Redis, which will serve as the cache management system for our NetBox web application.
Installing and Configuring Redis
Redis is an open-source key-value database that NetBox utilizes for cache management and queue management. For our NetBox deployment, we require at least Redis server v4. Fortunately, the default Rocky Linux repository provides Redis v6, which is suitable for our needs.
Let’s start by installing Redis on our Rocky Linux server. Open a terminal and run the following command:
sudo dnf install redis
When prompted, type ‘y’ to confirm the installation and press ENTER to proceed. Once the installation is complete, we need to configure Redis by setting a password for the server.
Open the Redis configuration file ‘/etc/redis/redis.conf’ using the nano editor:
sudo nano /etc/redis/redis.conf
Uncomment the ‘requirepass’ parameter and set a strong password for your Redis server:
requirepass RedisPasswordNetBox
Replace ‘RedisPasswordNetBox’ with your desired password.
Save the file and exit the editor. Next, start and enable the Redis service using the following systemctl commands:
sudo systemctl start redis sudo systemctl enable redis
To verify the status of the Redis service, run:
sudo systemctl status redis
You should see an output indicating that the Redis service is running and enabled.
To authenticate and test the Redis installation, we can use the ‘redis-cli’ command-line tool. Run the following command:
redis-cli
If authentication is required, you will receive an output indicating that authentication is required. To authenticate, run the following command:
AUTH RedisPasswordNetBox
Replace ‘RedisPasswordNetBox’ with the Redis password you set earlier. If authentication is successful, you should receive an output of ‘OK’.
To test the connection, run the following command:
ping
If the connection is successful, you will receive an output of ‘PONG’.
Great! We have successfully installed and configured Redis for our NetBox installation. In the next step, we will install NetBox IRM and set up the necessary dependencies.
Installing NetBox IRM
NetBox is a web application built with the Python Django Framework. The current version of NetBox requires at least Python 3.8, 3.9, 3.10, or 3.11. Luckily, Rocky Linux 9 comes with Python 3.9, which is suitable for our NetBox deployment.
To begin, let’s install the package dependencies for NetBox. Open a terminal and run the following command:
sudo dnf install gcc libxml2-devel libxslt-devel libffi-devel libpq-devel openssl-devel redhat-rpm-config git
When prompted, type ‘y’ to confirm the installation and press ENTER to proceed.
Next, we need to create a system user ‘netbox’ with the default home directory ‘/opt/netbox’. Run the following command:
sudo useradd -r -d /opt/netbox -s /usr/sbin/nologin netbox
Now, create a new directory ‘/opt/netbox’ and move into it. Download the NetBox source code from the official repository using the git command:
mkdir -p /opt/netbox; cd /opt/netbox sudo git clone -b master --depth1https://github.com/netbox-community/netbox.git.
By default, the source code will be downloaded into the ‘/opt/netbox/netbox’ directory. Change the ownership of this directory to the ‘netbox’ user and group:
sudo chown -R netbox:netbox /opt/netbox cd /opt/netbox/netbox/netbox
Next, we need to copy the default NetBox configuration file and generate a SECRET_KEY for our installation. Run the following commands:
sudo -u netbox cp configuration_example.py configuration.py sudo -u netbox python3../generate_secret_key.py
The configuration file ‘configuration.py’ has been created, and the SECRET_KEY has been generated. Let’s open the configuration file for editing:
sudo -u netbox nano configuration.py
In this file, you can add your domain name to the ‘ALLOWEDHOSTS’ parameter, specify details of the PostgreSQL database and user for NetBox, provide the Redis password you configured earlier, and paste the generated SECRETKEY into the ‘SECRET_KEY’ parameter.
Here is an example configuration with placeholder values:
# domain and IP address ALLOWED_HOSTS = ['netbox.example.io', '192.168.5.59'] # database configuration DATABASE = { 'NAME': 'netboxdb', # Database name 'USER': 'netbox', # PostgreSQL username 'PASSWORD': 'NetBoxRocks', # PostgreSQL password 'HOST': 'localhost', # Database server 'PORT': '', # Database port (leave blank for default) 'CONN_MAX_AGE': 300, # Max database connection age (seconds) } # Redis cache configuration REDIS = { 'tasks': { 'HOST': 'localhost', # Redis server 'PORT': 6379, # Redis port 'PASSWORD': 'RedisPasswordNetBox', # Redis password (optional) 'DATABASE': 0, # Database ID 'SSL': False, # Use SSL (optional) }, 'caching': { 'HOST': 'localhost', 'PORT': 6379, 'PASSWORD': 'RedisPasswordNetBox', 'DATABASE': 1, # Unique ID for the second database 'SSL': False, }, } # Secret key SECRET_KEY = '-K0AV#USk(!-6hAEF-8NMgweJh6ex&+j0Kb$N7bi=*jsF9TOg*'
Make the necessary changes to the configuration file, save it, and exit the editor.
Now, run the upgrade.sh script to start the NetBox IRM installation:
sudo -u netbox /opt/netbox/upgrade.sh
This script will create a Python virtual environment for the NetBox web application, install the required Python dependencies from the PyPI repository, run the database migration for NetBox, and generate the static files for the NetBox web application.
Once the installation process is complete, you should see an output similar to the following:
NetBox has been successfully installed!
Congratulations! We have successfully installed NetBox IRM on our Rocky Linux server. In the next step, we will configure NetBox and set up administrative user access.
Configuring NetBox IRM
Now that NetBox is installed, we need to perform some initial configurations. In this step, we will create an admin user for NetBox, set up a cron job for housekeeping tasks, and configure systemd services for NetBox.
Let’s start by activating the Python virtual environment for our NetBox installation:
source /opt/netbox/venv/bin/activate
You should see your terminal prompt change to indicate that the virtual environment is active.
Next, navigate to the ‘/opt/netbox/netbox’ directory and run the Django script ‘manage.py’ to create an admin user:
cd /opt/netbox/netbox python3 manage.py createsuperuser
Follow the prompts to enter the desired username, email, and password for your admin user. Once the user is created, you will see a message confirming the successful creation of the superuser.
Now, let’s set up a cron job to perform daily housekeeping tasks. Run the following command:
sudo ln -s /opt/netbox/contrib/netbox-housekeeping.sh /etc/cron.daily/netbox-housekeeping
This will create a symbolic link to the ‘netbox-housekeeping.sh’ script in the ‘/etc/cron.daily’ directory, allowing it to run daily.
With the cron job set up, we will configure NetBox to run with Gunicorn. Copy the Gunicorn configuration file to the ‘/opt/netbox’ directory:
sudo -u netbox cp /opt/netbox/contrib/gunicorn.py /opt/netbox/gunicorn.py
Open the Gunicorn configuration file for editing:
sudo -u netbox nano /opt/netbox/gunicorn.py
In this file, change the ‘bind’ parameter to the following line:
bind= '127.0.0.1:8001'
Save the file and exit the editor.
Next, copy the default systemd service files for NetBox to the ‘/etc/systemd/system’ directory:
sudo cp -v /opt/netbox/contrib/*.service /etc/systemd/system/
Reload the systemd manager to apply the changes:
sudo systemctl daemon-reload
Finally, start and enable the ‘netbox-rq’ and ‘netbox’ services:
sudo systemctl start netbox netbox-rq sudo systemctl enable netbox netbox-rq
To verify the status of the services, run the following commands:
sudo systemctl status netbox
sudo systemctl status netbox-rq
You should see outputs indicating that both services are running and enabled.
Congratulations! NetBox is now running as a systemd service with Gunicorn as the WSGI application. In the next step, we will set up httpd as a reverse proxy for NetBox.
Setting up httpd as a Reverse Proxy
To provide secure access to our NetBox installation, we will configure the httpd web server as a reverse proxy. The httpd server will handle SSL/TLS termination, forwarding requests to our NetBox application running on port 8001.
Let’s start by installing the httpd web server. Open a terminal and run the following command:
sudo dnf install httpd
When prompted, type ‘y’ to confirm the installation and press ENTER to proceed.
Next, create a new httpd virtual host file ‘/etc/httpd/conf.d/netbox.conf’:
sudo nano /etc/httpd/conf.d/netbox.conf
Add the following lines to the file, replacing ‘netbox.example.io’ with your domain name:
<VirtualHost *:80>
ProxyPreserveHost On
ServerName netbox.example.io
Alias /static /opt/netbox/netbox/static
<Directory /opt/netbox/netbox/static>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
<Location /static>
ProxyPass !
</Location>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
ProxyPass / http://127.0.0.1:8001/
ProxyPassReverse / http://127.0.0.1:8001/
</VirtualHost>
Save the file and exit the editor.
Next, verify the httpd configuration:
sudo apachectl configtest
If there are no syntax errors, you should see an output indicating that the configuration is OK.
Now, start and enable the httpd service:
sudo systemctl start httpd sudo systemctl enable httpd
To verify the status of the httpd service, run:
sudo systemctl status httpd
You should see an output indicating that the httpd service is running and enabled.
To ensure proper access to our NetBox installation, we need to open HTTP and HTTPS ports in the firewall. Run the following commands:
sudo firewall-cmd --add-service={http,https} --permanent sudo firewall-cmd --reload
Verify the firewall configuration:
sudo firewall-cmd --list-all
You should see outputs indicating that the HTTP and HTTPS services have been added to the firewall.
Congratulations! We have successfully set up httpd as a reverse proxy for our NetBox installation. In the next step, we will secure our NetBox deployment with SSL/TLS certificates using Certbot and Letsencrypt.
Securing NetBox IRM with SSL/TLS Certificates
To enhance the security of our NetBox installation, we will secure it with SSL/TLS certificates generated by Certbot and Letsencrypt. Before we proceed, ensure that your domain name is correctly pointed to the server’s IP address. Also, have an email address ready for registration with Letsencrypt.
Let’s start by installing the Certbot tool and the httpd/Apache plugin. Open a terminal and run the following command:
sudo dnf install certbot python3-certbot-apache
When prompted, type ‘y’ to confirm the installation and press ENTER to proceed.
Once Certbot is installed, we can generate SSL/TLS certificates for our domain name. Run the following command, replacing ‘netbox.example.io’ with your domain name and ‘[email protected]’ with your email address:
sudo certbot --apache2 --agree-tos --redirect --hsts --staple-ocsp --email test@example.com -d netbox.example.io
Follow the prompts and provide the necessary information. Certbot will automatically set up HTTPS on our httpd virtual host configuration and enable redirection from HTTP to HTTPS. The SSL/TLS certificates will be generated in the ‘/etc/letsencrypt/live/netbox.example.io/’ directory.
Congratulations! We have successfully secured our NetBox installation with SSL/TLS certificates. In the final section, we will provide a brief overview and conclusion.
Conclusion
In this comprehensive guide, we have covered the installation and configuration of NetBox IRM on a Rocky Linux 9 server. We started by installing and configuring PostgreSQL as the database server, followed by the installation and configuration of Redis as the cache management system. We then proceeded to install NetBox IRM, set up its dependencies, and perform the necessary configurations.
With NetBox up and running, we configured it by creating an admin user, setting up a cron job for housekeeping tasks, and configuring systemd services. We also set up httpd as a reverse proxy to provide secure access to our NetBox installation. Finally, we secured our NetBox deployment with SSL/TLS certificates generated by Certbot and Letsencrypt.
NetBox offers a wide range of features, including Data Center Infrastructure Management (DCIM), IP Address Management (IPAM), data circuits, connections, equipment racks, virtualization, and secrets management. With its intuitive interface and powerful capabilities, NetBox is a valuable tool for managing and organizing infrastructure components.
If you are looking for reliable cloud hosting solutions, consider Shape.host. Shape.host offers Cloud VPS services that provide efficient, scalable, and secure hosting environments for your business. With Shape.host, you can experience reliable performance and exceptional support for your infrastructure needs.