Internal Links?

81 views
Skip to first unread message

Jason Emery

unread,
May 14, 2020, 5:58:50 PM5/14/20
to NetBox
After upgrade to 2.8.4 I am seeing this behavior:

When I view a rack there are links for each device, but the links use the IP address of the server instead of the server name and thus break SSL. 

Is there a setting somewhere for FQDN or relative links or something?

Thanks,
Jason

Brian Candler

unread,
May 15, 2020, 3:35:05 AM5/15/20
to NetBox

Jason Emery

unread,
May 18, 2020, 12:33:00 PM5/18/20
to NetBox
I have this in nginx config:

proxy_set_header X-Forwarded-Proto $scheme;

The whole SSL thing seems to be working fine. As far as I can find it is only in the rack view it is showing a URL of https://10.10.10.100/dcim/devices/71/ for example.

That is still SSL link, but pops an error and sends me to logon page. 

Other internal links seem to be working fine - even static content such as uploaded images.

Does the rack view use some different logic for creating links?

Thanks,
Jason


On Friday, May 15, 2020 at 12:35:05 AM UTC-7, Brian Candler wrote:

Brian Candler

unread,
May 18, 2020, 1:09:59 PM5/18/20
to NetBox
When I go to /dcim/racks/<N>/ and hover over a device, I see the correct https://<fqdn>/dcim/devices/<id>/ URL.

Looking at the code:

   def _draw_device_front(self, drawing, device, start, end, text):
        name = str(device)
        if device.devicebay_count:
            name += ' ({}/{})'.format(device.get_children().count(), device.devicebay_count)

        color = device.device_role.color
        link = drawing.add(
            drawing.a(
                href='{}{}'.format(self.base_url, reverse('dcim:device', kwargs={'pk': device.pk})),
                target='_top',
                fill='black'
            )
        )

And where does base_url come from?

        if data['render'] == 'svg':
            # Render and return the elevation as an SVG drawing with the correct content type
            drawing = rack.get_elevation_svg(
                face=data['face'],
                unit_width=data['unit_width'],
                unit_height=data['unit_height'],
                legend_width=data['legend_width'],
                include_images=data['include_images'],
                base_url=request.build_absolute_uri('/')
            )

So, it comes from the request.  Are you sure that your proxy configuration is passing through the hostname unmolested?  In Apache I use:

        ProxyPreserveHost On

Without it, the Host: header is set to the proxy target host, not the incoming HTTP host.  If that's the problem, the solution for Nginx is here:

Jason Emery

unread,
May 18, 2020, 1:29:57 PM5/18/20
to NetBox
Ok thank you - that helps.

I did manage to fix this by editing the /etx/nginx/sites-enabled/netbox file as:

from:
server_name <ip_address> <fqdn>;

to:
server_name <fqdn>;

I had both IP and name in there just for legacy/testing. But seems like the svg render ends up using that slightly differently than the rest of the UI.

Thanks again,
Jason

Radim Kabeláč

unread,
Jan 5, 2021, 6:43:05 PM1/5/21
to NetBox
Better repair configuration wil be to change this:
             proxy_set_header X-Forwarded-Host $server_name;   to    proxy_set_header X-Forwarded-Host $http_host;
              and add to server_name ALL  possible server names (we have 3 and dont use IP) 

In server_name you can use regex…   :)   http://nginx.org/en/docs/http/server_names.html

I found that this help well and you dont need to use hardcoded URI

Dne pondělí 18. května 2020 v 19:29:57 UTC+2 uživatel jeme...@gmail.com napsal:
Reply all
Reply to author
Forward
0 new messages