diff --git a/Dockerfiles/netbox.Dockerfile b/Dockerfiles/netbox.Dockerfile index 932f23c2a..7cc0a642e 100644 --- a/Dockerfiles/netbox.Dockerfile +++ b/Dockerfiles/netbox.Dockerfile @@ -28,11 +28,10 @@ ENV SUPERCRONIC "supercronic-linux-amd64" ENV SUPERCRONIC_SHA1SUM "d7f4c0886eb85249ad05ed592902fa6865bb9d70" ENV SUPERCRONIC_CRONTAB "/etc/crontab" -ARG BASE_PATH=assets ARG NETBOX_DEFAULT_SITE=Malcolm ARG NETBOX_CRON=false -ENV BASE_PATH $BASE_PATH +ENV BASE_PATH netbox ENV NETBOX_DEFAULT_SITE $NETBOX_DEFAULT_SITE ENV NETBOX_CRON $NETBOX_CRON @@ -60,15 +59,14 @@ RUN apt-get -q update && \ usermod -a -G tty ${PUSER} && \ mkdir -p /opt/unit && \ chown -R $PUSER:$PGROUP /etc/netbox /opt/unit /opt/netbox && \ - if [ -n "${BASE_PATH}" ] && [ "${BASE_PATH}" != "netbox" ]; then \ - mkdir /opt/netbox/netbox/$BASE_PATH && \ - mv /opt/netbox/netbox/static /opt/netbox/netbox/$BASE_PATH/static; \ - fi + mkdir -p /opt/netbox/netbox/$BASE_PATH && \ + mv /opt/netbox/netbox/static /opt/netbox/netbox/$BASE_PATH/static COPY --chmod=755 shared/bin/docker-uid-gid-setup.sh /usr/local/bin/ COPY --chmod=755 shared/bin/service_check_passthrough.sh /usr/local/bin/ COPY --chmod=755 netbox/scripts/* /usr/local/bin/ COPY --chmod=644 netbox/supervisord.conf /etc/supervisord.conf +COPY --chmod=644 netbox/config/unit/nginx-unit.json /etc/unit/nginx-unit.json COPY --from=pierrezemb/gostatic --chmod=755 /goStatic /usr/bin/goStatic ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh", "/usr/local/bin/service_check_passthrough.sh"] diff --git a/README.md b/README.md index 14fa8fa74..eed455f5b 100644 --- a/README.md +++ b/README.md @@ -229,7 +229,7 @@ A few minutes after starting Malcolm (probably 5 to 10 minutes for Logstash to b * [Capture File and Log Archive Upload (Web)](#Upload): [https://localhost/upload/](https://localhost/upload/) * [Capture File and Log Archive Upload (SFTP)](#Upload): `sftp://@127.0.0.1:8022/files` * [Host and Subnet Name Mapping](#HostAndSubnetNaming) Editor: [https://localhost/name-map-ui/](https://localhost/name-map-ui/) -* [NetBox](#NetBox): [https://localhost/assets/](https://localhost/assets/) +* [NetBox](#NetBox): [https://localhost/netbox/](https://localhost/netbox/) * [Account Management](#AuthBasicAccountManagement): [https://localhost:488](https://localhost:488) ## Overview @@ -502,7 +502,7 @@ A minute or so after starting Malcolm, the following services will be accessible - PCAP upload (web): https://localhost/upload/ - PCAP upload (sftp): sftp://USERNAME@127.0.0.1:8022/files/ - Host and subnet name mapping editor: https://localhost/name-map-ui/ - - NetBox: https://localhost/assets/ + - NetBox: https://localhost/netbox/ - Account management: https://localhost:488/ ``` @@ -1708,7 +1708,7 @@ This feature is disabled by default, but it can be enabled by clearing (setting ### Asset Management with NetBox -Malcolm provides an instance of [NetBox](https://netbox.dev/), an open-source "solution for modeling and documenting modern networks." The NetBox web interface is available at at [https://localhost/assets/](https://localhost/assets/) if you are connecting locally. +Malcolm provides an instance of [NetBox](https://netbox.dev/), an open-source "solution for modeling and documenting modern networks." The NetBox web interface is available at at [https://localhost/netbox/](https://localhost/netbox/) if you are connecting locally. The design of a potentially deeper integration between Malcolm and Netbox is a work in progress. The purpose of an asset management system is to document the intended state of a network: were Malcolm to actively and agressively populate NetBox with the live network state, a network configuration fault could result in an incorrect documented configuration. The Malcolm development team is investigating what data, if any, should automatically flow to NetBox based on traffic observed (enabled via the `NETBOX_CRON` [environment variable in `docker-compose.yml`](#DockerComposeYml)), and what NetBox inventory data could be used, if any, to enrich Malcolm's network traffic metadata. Well-considered suggestions in this area [are welcome](mailto:malcolm@inl.gov?subject=NetBox). @@ -3973,7 +3973,7 @@ In a few minutes, Malcolm services will be accessible via the following URLs: - PCAP upload (web): https://localhost/upload/ - PCAP upload (sftp): sftp://username@127.0.0.1:8022/files/ - Host and subnet name mapping editor: https://localhost/name-map-ui/ - - NetBox: https://localhost/assets/ + - NetBox: https://localhost/netbox/ - Account management: https://localhost:488/ NAME COMMAND SERVICE STATUS PORTS diff --git a/docker-compose-standalone.yml b/docker-compose-standalone.yml index b7d92e95c..d3cc49b62 100644 --- a/docker-compose-standalone.yml +++ b/docker-compose-standalone.yml @@ -923,7 +923,6 @@ services: - ./netbox/config/configuration:/etc/netbox/config:ro - ./netbox/config/reports:/etc/netbox/reports:ro - ./netbox/config/scripts:/etc/netbox/scripts:ro - - ./netbox/config/unit:/etc/unit:ro - ./netbox/media:/opt/netbox/netbox/media:rw healthcheck: test: ["CMD", "curl", "--silent", "http://localhost:8080/assets/api/" ] diff --git a/docker-compose.yml b/docker-compose.yml index 85e3d9c57..5004f47b9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -986,7 +986,6 @@ services: - ./netbox/config/configuration:/etc/netbox/config:ro - ./netbox/config/reports:/etc/netbox/reports:ro - ./netbox/config/scripts:/etc/netbox/scripts:ro - - ./netbox/config/unit:/etc/unit:ro - ./netbox/media:/opt/netbox/netbox/media:rw healthcheck: test: ["CMD", "curl", "--silent", "http://localhost:8080/assets/api/" ] diff --git a/malcolm-iso/config/includes.chroot/etc/skel/.config/xfce4/panel/launcher-17/16637019741.desktop b/malcolm-iso/config/includes.chroot/etc/skel/.config/xfce4/panel/launcher-17/16637019741.desktop index 9e0b900c3..f27606a80 100644 --- a/malcolm-iso/config/includes.chroot/etc/skel/.config/xfce4/panel/launcher-17/16637019741.desktop +++ b/malcolm-iso/config/includes.chroot/etc/skel/.config/xfce4/panel/launcher-17/16637019741.desktop @@ -1,7 +1,7 @@ [Desktop Entry] Version=1.0 Name=Malcolm - NetBox -Exec=/opt/firefox/firefox https://localhost/assets/ +Exec=/opt/firefox/firefox https://localhost/netbox/ Terminal=false X-MultipleArgs=false Type=Application diff --git a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-netbox.desktop b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-netbox.desktop index aea073dd1..6871a79bd 100644 --- a/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-netbox.desktop +++ b/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-netbox.desktop @@ -1,7 +1,7 @@ [Desktop Entry] Version=1.0 Name=Malcolm - NetBox -Exec=/opt/firefox/firefox https://localhost/assets/ +Exec=/opt/firefox/firefox https://localhost/netbox/ Terminal=false X-MultipleArgs=false Type=Application diff --git a/netbox/config/unit/nginx-unit.json b/netbox/config/unit/nginx-unit.json index 731bab304..a383029c7 100644 --- a/netbox/config/unit/nginx-unit.json +++ b/netbox/config/unit/nginx-unit.json @@ -15,7 +15,7 @@ "routes": [ { "match": { - "uri": "/assets/static/*" + "uri": "/netbox/static/*" }, "action": { "share": "/opt/netbox/netbox${uri}" diff --git a/netbox/env/netbox.env.example b/netbox/env/netbox.env.example index 1c36b4aac..1bd31f5b3 100644 --- a/netbox/env/netbox.env.example +++ b/netbox/env/netbox.env.example @@ -1,6 +1,6 @@ CORS_ORIGIN_ALLOW_ALL=True CSRF_TRUSTED_ORIGINS=http://* https://* -BASE_PATH=assets +BASE_PATH=netbox REMOTE_AUTH_ENABLED=True REMOTE_AUTH_BACKEND=netbox.authentication.RemoteUserBackend REMOTE_AUTH_HEADER=HTTP_X_REMOTE_AUTH diff --git a/netbox/scripts/netbox_init.py b/netbox/scripts/netbox_init.py index d533beb07..d732ba914 100755 --- a/netbox/scripts/netbox_init.py +++ b/netbox/scripts/netbox_init.py @@ -53,7 +53,7 @@ def main(): '--url', dest='netboxUrl', type=str, - default='http://localhost:8080/assets', + default='http://localhost:8080/netbox', required=True, help="NetBox Base URL", ) diff --git a/netbox/supervisord.conf b/netbox/supervisord.conf index 4f2f0d451..1345893d8 100644 --- a/netbox/supervisord.conf +++ b/netbox/supervisord.conf @@ -36,7 +36,7 @@ redirect_stderr=true [program:initialization] command=/usr/bin/python3 /usr/local/bin/netbox_init.py --wait - --url "http://localhost:8080/assets" + --url "http://localhost:8080/netbox" --token "%(ENV_SUPERUSER_API_TOKEN)s" autostart=true autorestart=false diff --git a/nginx/nginx.conf b/nginx/nginx.conf index cdf090290..64acbe51f 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -209,7 +209,7 @@ http { } # netbox - location /assets { + location /netbox { proxy_pass http://netbox; proxy_redirect off; proxy_set_header Host netbox.malcolm.local; diff --git a/nginx/nginx_readonly.conf b/nginx/nginx_readonly.conf index 0e94fd9da..95f9a3ae4 100644 --- a/nginx/nginx_readonly.conf +++ b/nginx/nginx_readonly.conf @@ -49,6 +49,10 @@ http { server dashboards-helper:28991; } + upstream netbox { + server netbox:8080; + } + upstream extracted-file-http-server { server file-monitor:8440; } @@ -135,6 +139,16 @@ http { proxy_set_header Host file-monitor.malcolm.local; } + # netbox + location /netbox { + proxy_pass http://netbox; + proxy_redirect off; + proxy_set_header Host netbox.malcolm.local; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + # favicon, logos, banners, etc. include /etc/nginx/nginx_image_aliases.conf; diff --git a/scripts/control.py b/scripts/control.py index 535dd850b..913da742f 100755 --- a/scripts/control.py +++ b/scripts/control.py @@ -299,7 +299,7 @@ def logs(): | eshealth | esindices/list | executing\s+attempt_(transition|set_replica_count)\s+for - | GET\s+/(assets/api|_cat/health|api/status|sessions2-|arkime_\w+).+HTTP/[\d\.].+\b200\b + | GET\s+/(netbox/api|_cat/health|api/status|sessions2-|arkime_\w+).+HTTP/[\d\.].+\b200\b | POST\s+/(arkime_\w+)(/\w+)?/_(d?stat|doc|search).+HTTP/[\d\.].+\b20[01]\b | POST\s+/_bulk\s+HTTP/[\d\.].+\b20[01]\b | POST\s+/server/php/\s+HTTP/\d+\.\d+"\s+\d+\s+\d+.*:8443/ @@ -604,7 +604,7 @@ def start(): eprint(" - PCAP upload (web): https://localhost/upload/") eprint(" - PCAP upload (sftp): sftp://username@127.0.0.1:8022/files/") eprint(" - Host and subnet name mapping editor: https://localhost/name-map-ui/") - eprint(" - NetBox: https://localhost/assets/\n") + eprint(" - NetBox: https://localhost/netbox/\n") eprint(" - Account management: https://localhost:488/\n") else: eprint("Malcolm failed to start\n") diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh index d2ba5e367..d80c5cf5e 100755 --- a/scripts/malcolm_appliance_packager.sh +++ b/scripts/malcolm_appliance_packager.sh @@ -159,7 +159,7 @@ if mkdir "$DESTDIR"; then echo " - PCAP upload (web): https://localhost/upload/" | tee -a "$README" echo " - PCAP upload (sftp): sftp://USERNAME@127.0.0.1:8022/files/" | tee -a "$README" echo " - Host and subnet name mapping editor: https://localhost/name-map-ui/" | tee -a "$README" - echo " - NetBox: https://localhost/assets/" | tee -a "$README" + echo " - NetBox: https://localhost/netbox/" | tee -a "$README" echo " - Account management: https://localhost:488/" | tee -a "$README" popd >/dev/null 2>&1 popd >/dev/null 2>&1