From 620ea3647fe4ef49fd45930b893a445ab824574f Mon Sep 17 00:00:00 2001 From: Benjamin Reed Date: Fri, 6 Dec 2024 13:10:19 -0500 Subject: [PATCH 1/4] add proxy configuration to the docs (ENG-3955) --- docs/netbox-enterprise/nbe-ec-installation.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/docs/netbox-enterprise/nbe-ec-installation.md b/docs/netbox-enterprise/nbe-ec-installation.md index 210035f..e8d8ced 100644 --- a/docs/netbox-enterprise/nbe-ec-installation.md +++ b/docs/netbox-enterprise/nbe-ec-installation.md @@ -77,6 +77,51 @@ Once you see `Ready`, NetBox Enterprise is fully deployed, and available on port ## Advanced Installation +### Proxies + +If you are installing in an environment, you may have to provide extra configuration at install-time. + +#### Proxy Configuration + +Before you can install, you _must_ configure your proxy to allow the following hostnames: + +* **app.enterprise.netboxlabs.com** +* **get.enterprise.netboxlabs.com** +* **proxy.enterprise.netboxlabs.com** +* **registry.enterprise.netboxlabs.com** + +These are required to access various parts of the Enmbedded Cluster and NetBox Enterprise installation resources. + +You _may_ also want to configure a few additional hosts: + +* **api.netbox.oss.netboxlabs.com** - used to query an API for information on NetBox plugins +* **census.netbox.oss.netboxlabs.com** - used to collect anonymized data about your NetBox version. For details, see [the NetBox documentation](https://netboxlabs.com/docs/netbox/en/stable/configuration/miscellaneous/#census_reporting_enabled). + +#### Installation + +Once you have configured your proxy to allow access to the NetBox Enterprise hosts, you will need to pass some additional arguments to the Embedded Cluster installer. +Note that the Embedded Cluster will _not_ inherit proxy settings in the environment. + +* `--http-proxy ` + + The proxy url should be a complete URL to reach the proxy. (eg, `http://myhost:8888`) +* `--https-proxy ` + + Like `--http-proxy`, this should be the proxy's URL. +* `--no-proxy` + + By default, the Embedded Cluster will automatically disable proxying on the internal cluster addresses, as well as the default network interface on your host. + + In some cases, if it can't autodetect an interface or you have a more complicated network, you may need to specify this manually in the form of a comma-separated list of addresses with CIDR netmasks (`1.2.3.4/32`), or domains (`foo.com`, `*.bar.com`). + +#### Man-In-The-Middle (MITM) Proxies + +If you are using a MITM proxy (ie, one which uses an internal TLS certificate authority for communication with the proxy, rather than directly passing encrypted traffic), you will need an additional option: + +* `--private-ca ` + +This will allow the Embedded Cluster to accept traffic that has been encrypted using the internal CA. + ### Firewalld If you are using Firewalld (commonly found on RHEL installations, among others), you will need to create a zone for the cluster before installing. From 65a5585638ae0db68fb53c4048a8efde2fa7e482 Mon Sep 17 00:00:00 2001 From: Benjamin Reed Date: Fri, 6 Dec 2024 13:21:24 -0500 Subject: [PATCH 2/4] in an environment?! --- docs/netbox-enterprise/nbe-ec-installation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/netbox-enterprise/nbe-ec-installation.md b/docs/netbox-enterprise/nbe-ec-installation.md index e8d8ced..6ddb724 100644 --- a/docs/netbox-enterprise/nbe-ec-installation.md +++ b/docs/netbox-enterprise/nbe-ec-installation.md @@ -79,7 +79,7 @@ Once you see `Ready`, NetBox Enterprise is fully deployed, and available on port ### Proxies -If you are installing in an environment, you may have to provide extra configuration at install-time. +If you are installing in a restrictive environment, you may have to provide extra configuration at install-time. #### Proxy Configuration From e87335e65cfc7bf0a6245d4a7560a29f54bb8f0c Mon Sep 17 00:00:00 2001 From: Benjamin Reed Date: Fri, 6 Dec 2024 13:23:17 -0500 Subject: [PATCH 3/4] a few more grammar cleanups --- docs/netbox-enterprise/nbe-ec-installation.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/netbox-enterprise/nbe-ec-installation.md b/docs/netbox-enterprise/nbe-ec-installation.md index 6ddb724..777759e 100644 --- a/docs/netbox-enterprise/nbe-ec-installation.md +++ b/docs/netbox-enterprise/nbe-ec-installation.md @@ -90,9 +90,9 @@ Before you can install, you _must_ configure your proxy to allow the following h * **proxy.enterprise.netboxlabs.com** * **registry.enterprise.netboxlabs.com** -These are required to access various parts of the Enmbedded Cluster and NetBox Enterprise installation resources. +They are required to access various parts of the Enmbedded Cluster and NetBox Enterprise installation resources. -You _may_ also want to configure a few additional hosts: +Additionally, you _may_ also want to configure a few more hosts: * **api.netbox.oss.netboxlabs.com** - used to query an API for information on NetBox plugins * **census.netbox.oss.netboxlabs.com** - used to collect anonymized data about your NetBox version. For details, see [the NetBox documentation](https://netboxlabs.com/docs/netbox/en/stable/configuration/miscellaneous/#census_reporting_enabled). @@ -100,7 +100,7 @@ You _may_ also want to configure a few additional hosts: #### Installation Once you have configured your proxy to allow access to the NetBox Enterprise hosts, you will need to pass some additional arguments to the Embedded Cluster installer. -Note that the Embedded Cluster will _not_ inherit proxy settings in the environment. +Note that the Embedded Cluster will _not_ inherit proxy settings from the shell environment. * `--http-proxy ` @@ -120,7 +120,7 @@ If you are using a MITM proxy (ie, one which uses an internal TLS certificate au * `--private-ca ` -This will allow the Embedded Cluster to accept traffic that has been encrypted using the internal CA. +This will allow the Embedded Cluster to accept traffic that has been encrypted using your internal CA. ### Firewalld From cf5ad2958a6e211a06ba5ccbef28362acba971a4 Mon Sep 17 00:00:00 2001 From: Benjamin Reed Date: Fri, 6 Dec 2024 15:46:13 -0500 Subject: [PATCH 4/4] make a note about nbe 1.6.0 --- docs/netbox-enterprise/nbe-ec-installation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/netbox-enterprise/nbe-ec-installation.md b/docs/netbox-enterprise/nbe-ec-installation.md index 777759e..f4836cf 100644 --- a/docs/netbox-enterprise/nbe-ec-installation.md +++ b/docs/netbox-enterprise/nbe-ec-installation.md @@ -80,6 +80,7 @@ Once you see `Ready`, NetBox Enterprise is fully deployed, and available on port ### Proxies If you are installing in a restrictive environment, you may have to provide extra configuration at install-time. +NetBox Enterprise as of version 1.6.0 has support for installing through proxies using the following configuration. #### Proxy Configuration