Deployment - netbox-community/netbox-docker GitHub Wiki

Important: Also consider the advice about configuring NetBox for production!

If running this image in a cluster such as Docker Swarm, Kubernetes or OpenShift, the following will come in extra handy for you. But these techniques work equally well in the regular docker-compose-based approach.

In this case, we encourage you to statically configure NetBox by starting from NetBox's example config file, and mounting it into your container in the directory /etc/netbox/config/ using the mechanism provided by your container platform (i.e. Docker Swarm configs, Kubernetes ConfigMap, OpenShift ConfigMaps).

But if you'd rather continue to configure your application through environment variables, you may continue to use the built-in configuration file. We discourage storing secrets in environment variables, as environment variable are passed on to all sub-processes and may leak easily into other systems, e.g. error collecting tools that often collect all environment variables whenever an error occurs.

Therefore we strongly advise to make use of the secrets mechanism provided by your container platform (i.e. Docker Swarm secrets, Kubernetes secrets, OpenShift secrets). The configuration file and the entrypoint script try to load the following secrets from the respective files. If a secret is defined by an environment variable and in the respective file at the same time, then the value from the secret is used.

• SUPERUSER_PASSWORD: /run/secrets/superuser_password
• SUPERUSER_API_TOKEN: /run/secrets/superuser_api_token
• DB_PASSWORD: /run/secrets/db_password
• SECRET_KEY: /run/secrets/secret_key
• EMAIL_PASSWORD: /run/secrets/email_password
• NAPALM_PASSWORD: /run/secrets/napalm_password
• REDIS_PASSWORD: /run/secrets/redis_password
• REDIS_CACHE_PASSWORD: /run/secrets/redis_cache_password
• AUTH_LDAP_BIND_PASSWORD: /run/secrets/auth_ldap_bind_password

docker-compose-based Deployments

If you are about to deploy NetBox using this project's Docker image and docker-compose file on a more permanent basis here you'll find some hints from our community. Please make sure you also read the Configure for Production section of the Configuration wiki page. You need to change the passwords and other secrets!

Restart Policy

Add the following to the docker-compose.override.yml file. This will ensure, that your containers are started again when the Docker daemon or your server is restarted.

version: '3.4'
services:
  netbox:
    restart: unless-stopped
  netbox-worker:
    restart: unless-stopped
  netbox-housekeeping:
    restart: unless-stopped
# Uncomment if you use NetBox Docker < 0.28.0
#  nginx:
#    restart: unless-stopped
  postgres:
    restart: unless-stopped
  redis:
    restart: unless-stopped
  redis-cache:
    restart: unless-stopped

TLS (HTTPS)

We recommend that you deploy TLS. There are several possibilities to do that. Because every setup is different and because TLS always requires a domain there is no built-in solution.

Learn more on the dedicated TLS wiki page.

Community-maintained Deployments

• Helm Chart by @bootc
• Kubernetes objects by @CENGN

See also the Community Contributions wiki page of the NetBox project.