#!/bin/bash
set -e
# 1. 更新系统并安装依赖
sudo apt update && sudo apt upgrade -y
sudo apt install -y python3 python3-pip python3-venv python3-dev \
build-essential libpq-dev libffi-dev libssl-dev \
redis-server postgresql nginx git certbot python3-certbot-nginx ufw
# 2. 设置时区为洛杉矶
sudo timedatectl set-timezone America/Los_Angeles
# 3. 配置防火墙,允许22、80、443端口
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw –force enable
# 4. 创建 NetBox 系统用户
sudo adduser –system –group netbox
# 5. 配置 PostgreSQL 数据库
sudo systemctl enable –now postgresql
sudo -u postgres psql <<EOF
CREATE DATABASE netbox;
CREATE USER netbox WITH PASSWORD ‘netbox’;
ALTER ROLE netbox SET client_encoding TO ‘utf8’;
ALTER ROLE netbox SET default_transaction_isolation TO ‘read committed’;
ALTER ROLE netbox SET timezone TO ‘UTC’;
GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox;
GRANT ALL ON SCHEMA public TO netbox;
ALTER DATABASE netbox OWNER TO netbox;
EOF
# 6. 克隆 NetBox 仓库
cd /opt
sudo git clone -b v4.2.8 https://github.com/netbox-community/netbox.git
sudo chown -R netbox:netbox /opt/netbox
# 7. 创建并激活 Python 虚拟环境
cd /opt/netbox
sudo -u netbox python3 -m venv /opt/netbox/venv
sudo -u netbox /opt/netbox/venv/bin/pip install –upgrade pip
sudo -u netbox /opt/netbox/venv/bin/pip install -r requirements.txt
# 8. 配置 NetBox
sudo cp /opt/netbox/netbox/netbox/configuration_example.py /opt/netbox/netbox/netbox/configuration.py
SECRET_KEY=$(python3 /opt/netbox/netbox/generate_secret_key.py)
sudo sed -i “s|^SECRET_KEY = .*|SECRET_KEY = ‘$SECRET_KEY’|” /opt/netbox/netbox/netbox/configuration.py
sudo sed -i “s/ALLOWED_HOSTS = \[\]/ALLOWED_HOSTS = [‘netbox.digitalsystem.net’]/” /opt/netbox/netbox/netbox/configuration.py
sudo tee -a /opt/netbox/netbox/netbox/configuration.py > /dev/null <<EOF
DATABASE = {
‘NAME’: ‘netbox’,
‘USER’: ‘netbox’,
‘PASSWORD’: ‘netbox’,
‘HOST’: ‘localhost’,
‘PORT’: ‘5432’,
}
EOF
# 9. 初始化数据库
sudo -u netbox /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py migrate
# 10. 收集静态文件
sudo -u netbox /opt/netbox/venv/bin/python /opt/netbox/netbox/manage.py collectstatic –no-input
# 11. 先配置临时 HTTP nginx
sudo tee /etc/nginx/sites-available/netbox > /dev/null <<EOF
server {
listen 80;
server_name netbox.digitalsystem.net;
location /static/ {
alias /opt/netbox/netbox/static/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
}
}
EOF
sudo ln -sf /etc/nginx/sites-available/netbox /etc/nginx/sites-enabled/netbox
sudo rm -f /etc/nginx/sites-enabled/default
sudo systemctl restart nginx
# 12. 申请 Let’s Encrypt 证书
sudo certbot –nginx -d netbox.digitalsystem.net –non-interactive –agree-tos -m [email protected] –redirect
# 13. 更新 nginx 配置,强制 HTTPS
sudo tee /etc/nginx/sites-available/netbox > /dev/null <<EOF
server {
listen 80;
server_name netbox.xxxxxx.net;
return 301 https://\$host\$request_uri;
}
server {
listen 443 ssl;
server_name netbox.xxxxxxxx.net;
ssl_certificate /etc/letsencrypt/live/netbox.xxxxxxx.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/netbox.xxxxxx.net/privkey.pem;
location /static/ {
alias /opt/netbox/netbox/static/;
}
location / {
proxy_pass http://127.0.0.1:8001;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
}
}
EOF
sudo systemctl reload nginx
# 14. 配置 Gunicorn systemd 服务
sudo tee /etc/systemd/system/netbox.service > /dev/null <<EOF
[Unit]
Description=NetBox WSGI Service
After=network.target
[Service]
Type=simple
User=netbox
Group=netbox
WorkingDirectory=/opt/netbox/netbox
ExecStart=/opt/netbox/venv/bin/gunicorn –workers 3 –bind 127.0.0.1:8001 netbox.wsgi
Restart=always
[Install]
WantedBy=multi-user.target
EOF
# 15. 启动并启用 NetBox 服务
sudo systemctl daemon-reload
sudo systemctl enable netbox
sudo systemctl restart netbox
# 16. 设置每日自动备份数据库,只保留最近30天备份
sudo tee /etc/cron.daily/netbox_backup > /dev/null <<EOF
#!/bin/bash
BACKUP_DIR=”/opt/netbox/backups”
mkdir -p \$BACKUP_DIR
PGPASSWORD=”netbox” pg_dump -U netbox -h localhost -p 5432 netbox > \$BACKUP_DIR/netbox_backup_\$(date +\%F).sql
find \$BACKUP_DIR -type f -mtime +30 -delete
EOF
sudo chmod +x /etc/cron.daily/netbox_backup
# 17. 设置每日自动续期 SSL 证书并重载 nginx
sudo tee /etc/cron.daily/certbot_renew > /dev/null <<EOF
#!/bin/bash
certbot renew –quiet –deploy-hook “systemctl reload nginx”
EOF
sudo chmod +x /etc/cron.daily/certbot_renew
echo “NetBox 安装完成!访问 https://netbox.xxxxx.net (22和443端口开放,自动维护,洛杉矶时间)。”
在登录 NetBox 时遇到的 “Forbidden (403) CSRF verification failed” 错误,通常是由于 Django 的 CSRF 防护机制未能正确识别请求的来源。这在启用 HTTPS 或使用反向代理(如 Nginx)时尤为常见。根据 NetBox 的官方文档和社区讨论,以下是解决该问题的步骤: (Forbidden (403) CSRF verification failed. Request aborted. Reason …)
解决方案:配置 CSRF_TRUSTED_ORIGINS
- 编辑 NetBox 配置文件
打开 NetBox 的配置文件
configuration.py:sudo nano /opt/netbox/netbox/netbox/configuration.py - 添加 CSRF_TRUSTED_ORIGINS 设置
在文件中添加以下内容,确保使用您的实际域名替换示例中的域名:
CSRF_TRUSTED_ORIGINS = ['https://netbox.xxxxxxxx.net']请注意,Django 4.0 及以上版本要求在
CSRF_TRUSTED_ORIGINS中包含协议(如http://或https://) 。 - 重启 NetBox 服务
保存并关闭配置文件后,重启 NetBox 服务以应用更改:
sudo systemctl restart netbox - 清除浏览器缓存和 Cookie
在浏览器中清除与 NetBox 相关的缓存和 Cookie,然后重新加载登录页面。
🔍 其他建议
- 确保 ALLOWED_HOSTS 设置正确
在
configuration.py中,确保ALLOWED_HOSTS包含您的域名: (CSRF Token · netbox-community netbox · Discussion #9043 – GitHub)ALLOWED_HOSTS = ['netbox.xxxxxx.net'] - 检查 Nginx 配置
确保 Nginx 配置中正确设置了代理头部,以便 Django 能正确识别请求的来源:
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme;这些设置有助于 Django 正确处理 CSRF 验证。
要在 NetBox 中创建管理员账户:
创建管理员账户(超级用户)
- 进入虚拟环境
NetBox 使用 Python 虚拟环境运行。首先,激活虚拟环境:
source /opt/netbox/venv/bin/activate - 进入 NetBox 项目目录
切换到 NetBox 的管理脚本所在目录:
cd /opt/netbox/netbox - 创建超级用户
运行以下命令,按照提示输入用户名、邮箱和密码:
python3 manage.py createsuperuser示例输出:
Username (leave blank to use 'root'): admin Email address: [email protected] Password: Password (again): Superuser created successfully.请注意:用户名不能为
root,建议使用其他名称,如admin。 - 退出虚拟环境
创建完成后,退出虚拟环境:
deactivate