search

marcus-crane / netbox-plugin-azuread

A plugin that enables users to authenticate with Netbox using Azure Active Directory
18 stars 5 forks source link

Use Netbox behind Traefik proxy #4

Closed FlochonR closed 3 years ago

FlochonR commented 3 years ago

Hello,

I'm using Netbox in Docker container with a proxy Traefik above

services:
  netbox: &netbox
    image: netboxcommunity/netbox:${VERSION-v3.0}
    restart: always
    mem_limit: ${MEM_LIMIT}
    mem_reservation: ${MEM_RESERVATION}
    depends_on:
      - redis
      - redis-cache
      - netbox-worker
    user: '101'
    env_file:
      - .env
    volumes:
      - ./plugins.py:/etc/netbox/config/plugins.py:z,ro
      - netbox-media-files:/opt/netbox/netbox/media:z
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.netbox-secure.entrypoints=websecure"
      - "traefik.http.routers.netbox-secure.rule=Host(`${NETBOX_URL}`)"
      - "traefik.http.routers.netbox-secure.tls=true"
      - "traefik.http.routers.netbox-secure.service=netbox"
      - "traefik.http.services.netbox.loadbalancer.server.port=8080"
      - "traefik.http.routers.netbox-secure.middlewares=netbox-auth-azuread-login,netbox-auth-azuread-complete"
      - "traefik.http.middlewares.netbox-auth-azuread-login.replacepathregex.regex=^/login/"
      - "traefik.http.middlewares.netbox-auth-azuread-login.replacepathregex.replacement=/plugins/azuread/login/"
      - "traefik.http.middlewares.netbox-auth-azuread-complete.replacepathregex.regex=^/complete/"
      - "traefik.http.middlewares.netbox-auth-azuread-complete.replacepathregex.replacement=/plugins/azuread/complete/"

  traefik:
    image: traefik:2.5
    restart: always
    command:
      - "--log.level=INFO"
      - "--api.dashboard=false"
      - "--providers.docker=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--providers.file.directory=/configuration/"
      - "--providers.file.watch=true"
    restart: always
    ports:
      - 80:80
      - 443:443
    env_file:
      - .env
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.yml:/configuration/traefik.yml
    labels:
      - "traefik.enable=true"

And I configure the plugin like this

PLUGINS = [
  'netbox_plugin_azuread'
]
PLUGINS_CONFIG = {
  'netbox_plugin_azuread': {
    'CLIENT_ID': 'toto',
    'CLIENT_SECRET': 'toto',
    'AUTHORITY': 'https://login.microsoftonline.com/toto',
    'LOGIN_URL': '/login/',
    'REPLY_URL': '/complete/',
    'SCOPES': ['https://graph.microsoft.com/.default'],
    'AD_GROUP_MAP': {
      'STAFF': ['Users'],
      'SUPERUSER': ['Administrators']
    }
  }
}

Without the plugin configuration all is ok and I don't have issue. With the plugin when I click on "Log in" I have this message

Capture d’écran 2021-10-11 à 10 47 37

Can you have an idea where I do a mistake ? It's because I'm using Traefik proxy ?

Thanks !

FlochonR

marcus-crane commented 3 years ago

Hi there,

Just confirming that I've been able to replicate this locally although it isn't a Traefik problem exactly.

The problem is that the plugin makes a request for css/base.css and that seems to no longer exist as part of Netbox 3.0. Funnily enough, the demo site is currently broken as it requests similar styles! Seems to be fixed now. Weird.

I probably never noticed this as I was always logged in at work so I never hit the login page, hah. I also resigned recently from last job (where we used Netbox) so I haven't really touched any of the new 3.0.x updates.

I'll have a release up in an hour or two that should fix this. The current version of the plugin inherits from one of the Django admin pages. I've updated it to inherit from the Netbox templates so the plugin will no longer explicitly import assets.

FlochonR commented 3 years ago

Hello !

Yes, I have the same problem with the connection, it's a new user who reported it to me haha

Ok thanks for the speed !

marcus-crane commented 3 years ago

Hey @FlochonR, I've just released v1.1.0 which should hopefully fix the issue for you.

You can install it from PyPI (pip install netbox_plugin_azuread==1.1.0) or direct from the releases tab.

Please let me know how you get on 🙂 I've run it against an instance of netbox-docker, with both Traefik and nginx, and it seems to work fine.

FlochonR commented 3 years ago

Hello @marcus-crane !

Sorry for the late respond, all works now ! Thank you for the speed release ! ;)

Your regards !

marcus-crane commented 3 years ago

No worries, thanks for the update 🙂