Netbox behind Apache Reverse Proxy
1,840 views
Skip to first unread message
brian town
Jun 8, 2020, 9:48:04 PM6/8/20
to NetBox
So I may have this setup improperly but went through all the steps to get a working Netbox instance and now I need to reverse proxy it.
Netbox instance at 192.168.1.5 (netbox.com)
Reverse proxy at 192.168.1.6 (revproxy.com)
My Netbox configuration.py doesn't have anything for Base Path setup yet
My Apache config on Netbox system looks like this:
<VirtualHost *:443>
ProxyPreserveHost On
ServerName netbox.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/netbox.pem
SSLCertificateKeyFile /etc/apache2/ssl/netbox.key
Alias /static /opt/netbox/netbox/static
<Directory /opt/netbox/netbox/static>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
<Location /static>
ProxyPass !
</Location>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
ProxyPass / http://192.168.1.5:8001/
ProxyPassReverse / http://192.168.1.5:8001/
</VirtualHost>That above setting works fine for browsing to it internally from anywhere.
This is my Reverse proxy settings:
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine On
SSLProxyVerify none
SSLCertificateFile /etc/apache2/ssl-certs/revprox.pem
SSLCertificateKeyFile /etc/apache2/ssl-certs/revprox.key
DocumentRoot /var/www/html/
ServerName revprox.com
<Directory "/var/www/html/">
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RequestHeader set "X-Forwaded-Proto" expr=%{REQUEST_SCHEME}
<Location /netbox>
ProxyPass
ProxyPassReverse https://netbox.com
Options +Indexes +ExecCGI +FollowSymLinks -MultiViews
Order Allow,Deny
Allow from all
</Location>
</VirtualHost>This doesn't seem to work properly though, I have it working like this for other tools like Redmine but not sure what all i'm missing.
Anyone have insight? Feel like i'm missing something very obvious.
brian town
Jun 8, 2020, 11:55:08 PM6/8/20
to NetBox
If I modify the revprox to point to netbox IP:8001 and modify gunicorn.py to use the IP for that system I do get this URL
Brian Candler
Jun 10, 2020, 5:20:46 AM6/10/20
to NetBox
That won't work as it stands, because all the pages served by Netbox will contain links based on / rather than /netbox.
Options:
1. Make your reverse proxy forward all of revprox.com to netbox.com; or equivalently, give netbox its own virtual domain on the front-end proxy.
2. Use mod_proxy_html to rewrite all the links, images and css references to add /netbox prefix. In general I've found this fiddly to get right, and it breaks where Javascript code has embedded links. Not recommended.
3. Configure the main netbox instance so that it runs on the /netbox prefix, using the BASE_PATH setting. This means that users accessing the netbox service directly (i.e. not via the front-end revproxy.com) will need to use netbox.com/netbox instead of netbox.com
I prefer option 1. Option 3 should be workable but I've not tested it myself.
One other thing to beware of: you're now actually going via two reverse proxies - the frontend revproxy.com, and the backend netbox.com. However since you're using HTTPS for both, there shouldn't be a problem. (If you were using HTTPS to the front and HTTP to the back, then I'd worry about X-Forwarded-Proto being set correctly)
Brian Candler
Jun 10, 2020, 5:31:18 AM6/10/20
to NetBox
I've just done a quick test. Setting BASE_PATH="netbox/" and with my Apache configuration changed to:
Alias /netbox/static /opt/netbox/netbox/static
<Directory /opt/netbox/netbox/static>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
<Location /netbox/static>
ProxyPass !
</Location>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
ProxyPass /netbox http://127.0.0.1:8001/netbox
ProxyPassReverse /netbox http://127.0.0.1:8001/netbox
... it works fine with a basic test, including populating drop-down menus. If you do find any problem with this, then given a specific reproducible test case, it should be fixable.
brian town
Jun 10, 2020, 2:51:19 PM6/10/20
to NetBox
Thanks for the input Brian.
I went ahead and modified my apache config on the netbox to mirror yours:
ProxyPreserveHost On
ServerName netbox.com ServerAlias 192.168.1.5
SSLEngine onAlias /netbox/static /opt/netbox/netbox/static
<Directory /opt/netbox/netbox/static>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
<Location /netbox/static>
ProxyPass !
</Location>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
ProxyPass /netbox http://192.168.1.5:8001/netbox
ProxyPassReverse /netbox http://192.168.1.5:8001/netboxModified configuration.py to have the baseurl and restarted netbox service
It's working properly via localhost if I tag on /netbox to the url for both netbox.com/netbox and 192.168.1.5/netbox so that's good
On the reverse proxy I have it at
That above returns me the Apache default page, so I tried adding a /netbox to the end of the proxypass statement which returns a code 400 bad request. Not seeing anything in error.log on the netbox side or rev proxy side.
Brian Candler
Jun 10, 2020, 3:29:45 PM6/10/20
to NetBox
On Wednesday, 10 June 2020 19:51:19 UTC+1, brian town wrote:
On the reverse proxy I have it at
You definitely need:
<Location /netbox>
ProxyPass https://192.168.1.5/netbox
ProxyPassReverse https://192.168.1.5/netbox
</Location>
As you've turned off SSL certificate verification, so it should be OK. You should get a log somewhere for that 400. At worst you can use tcpdump to show if the request is being proxied, which will tell you if the 400 is coming from the local host or not.
You probably want
ProxyPreserveHost On
on the frontend proxy (so that links are generated correctly), and you'll want the domain revproxy.com added into the ALLOWED_HOSTS setting in configuration.py on Netbox itself.
brian town
Jun 10, 2020, 3:49:54 PM6/10/20
to NetBox
ProxyPreserveHost got me a 500 error and an actual error message
[Wed Jun 10 15:43:14.466469 2020] [proxy:error] [pid 40244:tid 139791270123264] [client 156.68.96.192:57089] AH00898: Error during SSL Handshake with remote server returned by /netbox, referer: https://revprox.com/admin.html
I added
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
That got me back to a 400 error
Verified configuration.py has
ALLOWED_HOSTS = ['revprox.com']
brian town
Jun 10, 2020, 4:02:33 PM6/10/20
to NetBox
other_vhosts_access.log on the Netbox system shows
netbox.comv:443 192.168.1.6 - - [10/Jun/2020:16:00:50 -0400] "GET /netbox HTTP/1.1" 400 2984 "https://revprox.com/console/admin.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
brian town
Jun 10, 2020, 8:06:34 PM6/10/20
to NetBox
Decided to stop gunicorn and run it via manage.py 0.0.0.0:8001 just to get output from that:
Got the following:
[11/Jun/2020 00:05:02] "GET /netbox HTTP/1.1" 301 0
[11/Jun/2020 00:05:02] "GET /netbox/ HTTP/1.1" 200 31888
[11/Jun/2020 00:05:08] "GET /netbox/ HTTP/1.1" 200 31888
[11/Jun/2020 00:05:13] "GET /netbox HTTP/1.1" 400 143
The first hit is from a localhost browsing to netbox.com/netbox, that worked fine. Last one is from the revprox.
brian town
Jun 10, 2020, 9:49:57 PM6/10/20
to NetBox
Hmm I went in just to try something funky and set allowed_hosts to be "*". This works 100% on the hosts browsing to netbox.com but still a 400 error when doing a reverse proxy
brian town
Jun 10, 2020, 9:54:05 PM6/10/20
to NetBox
Enabled debugging and got this:
DisallowedHost at /netbox
Invalid HTTP_HOST header: 'revprox.com, netbox.com'. The domain name provided is not valid according to RFC 1034/1035.
| Request Method: | GET |
|---|---|
| Request URL: | https://revprox.com, netbox.com/netbox |
| Django Version: | 3.0.7 |
| Exception Type: | DisallowedHost |
| Exception Value: | Invalid HTTP_HOST header: 'revprox.com, netbox.com'. The domain name provided is not valid according to RFC 1034/1035. |
| Exception Location: | /usr/local/lib/python3.6/dist-packages/django/http/request.py in get_host, line 122 |
| Python Executable: | /usr/bin/python3 |
| Python Version: | 3.6.9 |
| Python Path: | ['/opt/netbox-2.8.5/netbox', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/usr/local/lib/python3.6/dist-packages', '/usr/lib/python3/dist-packages'] |
| Server time: | Thu, 11 Jun 2020 01:52:33 +0000 |
brian town
Jun 10, 2020, 10:09:16 PM6/10/20
to NetBox
Tried setting
ProxyPreserveHost Off
But that doesn't work, not sure why it's sending both host names in the header.
Brian Candler
Jun 11, 2020, 2:46:22 AM6/11/20
to NetBox
On Thursday, 11 June 2020 02:54:05 UTC+1, brian town wrote:
Enabled debugging and got this:DisallowedHost at /netbox
Invalid HTTP_HOST header: 'revprox.com, netbox.com'. The domain name provided is not valid according to RFC 1034/1035.
Somehow, after two levels of proxying, there are two Host: headers or the Host: header has been combined. I suggest you tcpdump port 8001 on the netbox host to see what the plain HTTP request actually contains.
I just remembered that in one place I *do* have two levels of netbox proxying working (with Apache) and don't have this problem - although I'm using HTTPS to the front apache2, and HTTP from front apache2 to back apache2. This is Netbox 2.8.5 under Ubuntu 18.04, with apache2 2.4.29, and the following versions of Django packages:
root@noc:/opt/netbox# . venv/bin/activate
(venv) root@noc:/opt/netbox# pip3 list | grep -i django
DEPRECATION: The default format will switch to columns in the future. You can use --format=(legacy|columns) (or define a format=(legacy|columns) in your pip.conf under the [list] section) to disable this warning.
Django (3.0.7)
django-cacheops (4.2)
django-cors-headers (3.2.1)
django-debug-toolbar (2.2)
django-filter (2.2.0)
django-js-asset (1.2.2)
django-mptt (0.11.0)
django-pglocks (1.0.4)
django-prometheus (2.0.0)
django-rq (2.3.2)
django-tables2 (2.3.1)
django-taggit (1.2.0)
django-taggit-serializer (0.1.7)
django-timezone-field (4.0)
djangorestframework (3.11.0)
Since Netbox only does loose pinning of versions you may be running something different.
brian town
Jun 11, 2020, 2:59:43 AM6/11/20
to NetBox
I'm on Ubuntu 18.04 on v2.8.5 of Netbox
Django (3.0.7)
django-cacheops (4.2)
django-cors-headers (3.2.1)
django-debug-toolbar (2.2)
django-filter (2.2.0)
django-js-asset (1.2.2)
django-mptt (0.11.0)
django-pglocks (1.0.4)
django-prometheus (2.0.0)
django-rq (2.3.2)
django-tables2 (2.3.1)
django-taggit (1.2.0)
django-taggit-serializer (0.1.7)
django-timezone-field (4.0)
djangorestframework (3.11.0)
I modified my apache config on the netbox box itself to be port 80 but still getting the bad header.
I ran a tcpdump on port 80 and got following
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
02:55:37.605742 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [S], seq 3634517567, win 64240, options [mss 1460,sackOK,TS val 1211405618 ecr 0,nop,wscale 7], length 0
02:55:37.605780 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [S.], seq 1768159835, ack 3634517568, win 28960, options [mss 1460,sackOK,TS val 1590487995 ecr 1211405618,nop,wscale 7], length 0
02:55:37.605892 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 1, win 502, options [nop,nop,TS val 1211405618 ecr 1590487995], length 0
02:55:37.606169 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [P.], seq 1:57 5, ack 1, win 502, options [nop,nop,TS val 1211405619 ecr 1590487995], length 574: HTTP: GET /netbox HTTP/1.1
02:55:37.606192 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], ack 575, win 236, options [nop,nop,TS val 1590487995 ecr 1211405619], length 0
02:55:37.636707 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [P.], seq 1:19 0, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405619], length 189: HTTP: HTTP/1.1 400 Bad Request
02:55:37.636777 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 190:7 430, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405619], length 7240: HTTP
02:55:37.636785 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [P.], seq 7430 :8390, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405619], length 960: HTTP
02:55:37.636801 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 8390: 12734, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405619], length 4344: HTTP
02:55:37.636877 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 190, win 501, options [nop,nop,TS val 1211405649 ecr 1590488026], length 0
02:55:37.636886 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 12734 :15630, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405649], length 2896: HTTP
02:55:37.636942 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 7430, win 466, options [nop,nop,TS val 1211405649 ecr 1590488026], length 0
02:55:37.636956 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 15630 :27214, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405649], length 11584: HTTP
02:55:37.636960 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 8390, win 501, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.636966 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 12734 , win 481, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637003 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 15630 , win 496, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637088 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 27214 :30110, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405649], length 2896: HTTP
02:55:37.637100 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 30110 :33006, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405650], length 2896: HTTP
02:55:37.637102 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 33006 :41694, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405650], length 8688: HTTP
02:55:37.637139 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 41694 :44590, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405650], length 2896: HTTP
02:55:37.637195 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 27214 , win 451, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637207 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 44590 :56174, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405650], length 11584: HTTP
02:55:37.637210 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 30110 , win 436, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637323 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 44590 , win 436, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637332 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 56174 :70654, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405650], length 14480: HTTP
02:55:37.637339 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 70654 :74998, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405650], length 4344: HTTP
02:55:37.637448 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 56174 , win 451, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637460 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], seq 74998 :76446, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405650], length 1448: HTTP
02:55:37.637461 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [FP.], seq 764 46:83174, ack 575, win 236, options [nop,nop,TS val 1590488026 ecr 1211405650], length 6728: HTTP
02:55:37.637464 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 60518 , win 489, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637580 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 74998 , win 436, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637705 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [.], ack 83175 , win 466, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637767 IP 192.168.1.6.45276 > 192.168.1.5.http: Flags [F.], seq 575, ack 83175, win 501, options [nop,nop,TS val 1211405650 ecr 1590488026], length 0
02:55:37.637771 IP 192.168.1.5.http > 192.168.1.6.45276: Flags [.], ack 576, win 236, options [nop,nop,TS val 1590488027 ecr 1211405650], length 0Brian Candler
Jun 11, 2020, 4:07:24 AM6/11/20
to NetBox
tcpdump is just decoding the first line (GET /netbox HTTP/1.1), you need to see more of the packet than that:
tcpdump -i lo -nn -s0 -X tcp port 8001 ## to see traffic between reverse proxy and gunicorn
Using -A instead of -X will just show the ASCII without the hex, which may be clearer, although there will still be garbled data for the packet headers.
Brian Candler
Jun 11, 2020, 6:47:57 AM6/11/20
to NetBox
I believe I found the solution for you :-)
I forgot I had this extra bit of config, required for a different application I was proxying:
# librenms is confused by X-Forwarded-Host, but I want to keep X-Forwarded-For
ProxyAddHeaders Off
RequestHeader set X-Forwarded-For "expr=%{REMOTE_ADDR}"
If I comment out those two lines, then I get the 400 error like you, and tcpdump traffic to gunicorn (sudo tcpdump -i lo -nn -s0 -A tcp port 8001) shows:
GET /netbox/ HTTP/1.1
Host: noc.FRONTEND.net
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: csrftoken=MRZ6U1U3cFnSB51HR4eaMwLHsud4BvZcL1YO9we6DjgasJEIxMUsiOekBHmPJiA8; sessionid=25loto0zjcqwre3lq2pwwlq3kqqddwpa
X-Forwarded-Proto: http
X-Forwarded-For: X.X.X.X, 192.168.122.1
X-Forwarded-Host: noc.FRONTEND.net, noc.FRONTEND.net
HTTP/1.1 400 Bad Request
Server: gunicorn/20.0.4
Date: Thu, 11 Jun 2020 10:42:55 GMT
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html
Vary: Origin
I think it's the double X-Forwarded-Host: value that's confusing django.
GET /netbox/ HTTP/1.1
Host: noc.FRONTEND.net
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: csrftoken=MRZ6U1U3cFnSB51HR4eaMwLHsud4BvZcL1YO9we6DjgasJEIxMUsiOekBHmPJiA8; sessionid=25loto0zjcqwre3lq2pwwlq3kqqddwpa
X-Forwarded-For: X.X.X.X
X-Forwarded-Proto: https
Connection: close
HTTP/1.1 200 OK
Date: Thu, 11 Jun 2020 10:37:22 GMT
Server: gunicorn/20.0.4
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Length: 62685
Vary: Cookie,Origin,Accept-Encoding
Connection: close
tcpdump between backend apache and gunicorn: sudo tcpdump -i lo -nn -s0 -A tcp port 8001
GET /netbox/ HTTP/1.1
Host: noc.FRONTEND.net
Cache-Control: max-age=0
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
Cookie: csrftoken=MRZ6U1U3cFnSB51HR4eaMwLHsud4BvZcL1YO9we6DjgasJEIxMUsiOekBHmPJiA8; sessionid=25loto0zjcqwre3lq2pwwlq3kqqddwpa
X-Forwarded-For: X.X.X.X, 192.168.122.1
X-Forwarded-Proto: http
X-Forwarded-Host: noc.FRONTEND.net
HTTP/1.1 200 OK
Server: gunicorn/20.0.4
Date: Thu, 11 Jun 2020 10:37:22 GMT
Connection: keep-alive
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Length: 62685
Vary: Cookie, Origin
HTH,
Brian.
brian town
Jun 11, 2020, 1:38:52 PM6/11/20
to NetBox
If you're ever in NM I owe you a beer my man. That worked. Thanks a ton! You're a life saver...now onto trying to reverse proxy vcenter haha.
Brian Candler
Jun 11, 2020, 2:18:21 PM6/11/20
to NetBox
No probs, one Brian helping another :-)
BTW now I know what to google for I found:
and I see that netbox/netbox/settings.py has
USE_X_FORWARDED_HOST = True
which is documented here:
It seems Django didn't consider the possibility of going through two hops.
Reply all
Reply to author
Forward
0 new messages