CentOS7 install doc is not complete.

[johhenrik]

Issue type

[ ] Feature request
[ ] Bug report
[ x] Documentation

Environment

• Python version: 3.4.5
• NetBox version: 2.2.10

Description

There's some things missing from the Install documentation regarding CentOS. I have created some notes here to fill in the gaps. This is for CentOS 7.4.1708.

First, I think it would be good to mention in the beginning that Firewalld and SELinux will block access to netbox unless they are configured correctly. I have not bothered with that, but just thought I could add some instructions to turn them off. It could be good to know. If one runs SELinux and FIrewalld actively, I am sure they know how set them up.

---

Firewalld:

Turn off firewalld:

(stop firewall/iptables)
$ sudo systemctl stop firewalld

(Disable it, so it don't start up after reboot)
$ sudo systemctl disable firewalld

---

SELinux:

To check if SELinux is running

$ sudo sestatus  
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Above is an example output. To turn it off, edit /etc/selinux/config and change SELINUX=enforcing/permissive to disabled and reboot the server.

# This file controls the state of SELinux on the system.                                                                               
# SELINUX= can take one of these three values:                                                                                         
#     enforcing - SELinux security policy is enforced.                                                                                 
#     permissive - SELinux prints warnings instead of enforcing.                                                                       
#     disabled - No SELinux policy is loaded.                                                                                          
SELINUX=disabled

---

nginx

Install nginx on centos

$ sudo yum install -y nginx
$ cd /etc/nginx/conf.d/ 
$ sudo cat > netbox.conf <<EOF
server {
    listen 80;

    server_name netbox.example.com;

    client_max_body_size 25m;

    location /static/ {
        alias /opt/netbox/netbox/static/;
    }

    location / {
        proxy_pass http://127.0.0.1:8001;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
    }
}
EOF

Next you must comment out the default part in nginx cofing.

$ cd /etc/nginx/
$ vi nginx.conf

#    server {                                                                                                                          
#        listen       80 default_server;                                                                                               
#        listen       [::]:80 default_server;                                                                                          
#        server_name  _;                                                                                                               
#        root         /usr/share/nginx/html;                                                                                           

       # Load configuration files for the default server block.                                                                       

#        include /etc/nginx/default.d/*.conf;                                                                                          

#        location / {                                                                                                                  
#        }                                                                                                                             

#        error_page 404 /404.html;                                                                                                     
#            location = /40x.html {                                                                                                    
#        }                                                                                                                             

#        error_page 500 502 503 504 /50x.html;                                                                                         
#            location = /50x.html {                                                                                                    
#        }                                                                                                                             
#    }                                                                                                                                 

Lastly for nginx, enable it to start after reboot and start it up now:

$ systemctl start nginx
$ systemctl enable nginx

---

Gunicorn (with nginx)

$ cd /opt/netbox
$ sudo cat > gunicorn_config.py <<EOF
command = '/bin/gunicorn'
pythonpath = '/opt/netbox/netbox'
bind = '127.0.0.1:8001'
workers = 3
user = 'nginx'
EOF

---

Supervisord (with nginx)

$ sudo yum install -y supervisor

$ cd /etc/supervisord.d/
$ cat > netbox.ini <<EOF
[program:netbox]
command = gunicorn -c /opt/netbox/gunicorn_config.py netbox.wsgi
directory = /opt/netbox/netbox/
user = nginx
EOF

$ sudo systemctl start supervisord
$ sudo systemctl enable supervisord

[jeremystretch]

The installation docs are intentionally kept brief to avoid increasing the maintenance burden by replicating information that's already available elsewhere. We include examples for nginx and Apache configuration only for Ubuntu because their configuration is not substantially different under CentOS.

First, I think it would be good to mention in the beginning that Firewalld and SELinux will block access to netbox unless they are configured correctly.

These are not unique to NetBox. The documentation makes no assumptions about the user's environment and we cannot blindly recommend disabling either of these. Following the docs as they currently exist will successfully install NetBox on a stock CentOS 7.4 instance.

[johhenrik]

Ok, seems fair. I just assumed it was missing, since there were CentOS instructions all the way up to the last part, therefor I thought I should add the missing pieces. :)

[jmutai]

Use this complete guide to install Netbox on CentOS 7

https://computingforgeeks.com/how-to-install-netbox-on-centos-7-with-apache-and-supervisord/

[ghost]

Use this complete guide to install Netbox on CentOS 7

https://computingforgeeks.com/how-to-install-netbox-on-centos-7-with-apache-and-supervisord/

great write-up

[djtech7]

I was able to make some changes so netbox could run safely with selinux in enforcing mode. I choose to change the default port to 8008 to make it easier, you could also use a different policy with the default port of 8000 but I preferred using the httpd policy which has 8008.

Allow application to access DB on a remote system:
setsebool -P httpd_can_network_connect on;setsebool httpd_can_network_connect on

Change the context of files for the default location of the netbox install:
semanage fcontext -a -t httpd_sys_content_t '/opt/netbox(/.*)?';restorecon -R /opt/netbox

Now start the process in this context:
runcon -u system_u -r system_r -t httpd_t python3.6 /opt/netbox/netbox/manage.py runserver 127.0.0.1:8008 --insecure