Rebase to 3.23

Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine:3.20
+FROM ghcr.io/linuxserver/baseimage-alpine:3.23
 
 # set version label
 ARG BUILD_DATE
@@ -49,7 +49,7 @@ RUN \
   pip install -U --no-cache-dir \
     pip \
     wheel && \
-  pip install --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ -r requirements.txt && \
+  pip install --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.23/ -r requirements.txt && \
   pip install --no-cache-dir  django-auth-ldap && \
   printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
   echo "**** cleanup ****" && \

Dockerfile.aarch64

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.20
+FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.23
 
 # set version label
 ARG BUILD_DATE
@@ -49,7 +49,7 @@ RUN \
   pip install -U --no-cache-dir \
     pip \
     wheel && \
-  pip install --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.20/ -r requirements.txt && \
+  pip install --no-cache-dir --find-links https://wheel-index.linuxserver.io/alpine-3.23/ -r requirements.txt && \
   pip install --no-cache-dir  django-auth-ldap && \
   printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
   echo "**** cleanup ****" && \

Jenkinsfile

@@ -31,7 +31,7 @@ pipeline {
     PR_DOCKERHUB_IMAGE = 'lspipepr/netbox'
     DIST_IMAGE = 'alpine'
     MULTIARCH='true'
-    CI='true'
+    CI='false'
     CI_WEB='false'
     CI_PORT='8000'
     CI_SSL='false'

README.md

@@ -35,7 +35,6 @@ Find us at:
 [![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/netbox.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=pulls&logo=docker)](https://hub.docker.com/r/linuxserver/netbox)
 [![Docker Stars](https://img.shields.io/docker/stars/linuxserver/netbox.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/linuxserver/netbox)
 [![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-netbox%2Fjob%2Fmaster%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-netbox/job/master/)
-[![LSIO CI](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=CI&query=CI&url=https%3A%2F%2Fci-tests.linuxserver.io%2Flinuxserver%2Fnetbox%2Flatest%2Fci-status.yml)](https://ci-tests.linuxserver.io/linuxserver/netbox/latest/index.html)
 
 [Netbox](https://github.com/netbox-community/netbox) is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. Initially conceived by the network engineering team at DigitalOcean, NetBox was developed specifically to address the needs of network and infrastructure engineers. It is intended to function as a domain-specific source of truth for network operations.
 
@@ -89,10 +88,12 @@ services:
       - DB_PORT=
       - REDIS_HOST=
       - REDIS_PORT=
+      - REDIS_USERNAME=
       - REDIS_PASSWORD=
       - REDIS_DB_TASK=
       - REDIS_DB_CACHE=
       - BASE_PATH= #optional
+      - CSRF_TRUSTED_ORIGINS= #optional
       - REMOTE_AUTH_ENABLED= #optional
       - REMOTE_AUTH_BACKEND= #optional
       - REMOTE_AUTH_HEADER= #optional
@@ -124,10 +125,12 @@ docker run -d \
   -e DB_PORT= \
   -e REDIS_HOST= \
   -e REDIS_PORT= \
+  -e REDIS_USERNAME= \
   -e REDIS_PASSWORD= \
   -e REDIS_DB_TASK= \
   -e REDIS_DB_CACHE= \
   -e BASE_PATH= `#optional` \
+  -e CSRF_TRUSTED_ORIGINS= `#optional` \
   -e REMOTE_AUTH_ENABLED= `#optional` \
   -e REMOTE_AUTH_BACKEND= `#optional` \
   -e REMOTE_AUTH_HEADER= `#optional` \
@@ -152,24 +155,26 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
 | `-e SUPERUSER_EMAIL=` | Email address for `admin` account |
 | `-e SUPERUSER_PASSWORD=` | Password for `admin` account |
-| `-e ALLOWED_HOST=` | The hostname you will use to access the app (i.e., netbox.example.com) |
+| `-e ALLOWED_HOST=` | The hostname you will use to access the app (e.g., netbox.example.com) |
 | `-e DB_NAME=` | Database name (default: netbox) |
 | `-e DB_USER=` | Database user |
 | `-e DB_PASSWORD=` | Database password |
 | `-e DB_HOST=` | Database host (default: postgres) |
 | `-e DB_PORT=` | Database port (default: 5432) |
 | `-e REDIS_HOST=` | Redis host (default: redis) |
 | `-e REDIS_PORT=` | Redis port number (default: 6379) |
+| `-e REDIS_USERNAME=` | Redis username (default: none) |
 | `-e REDIS_PASSWORD=` | Redis password (default: none) |
 | `-e REDIS_DB_TASK=` | Redis database ID for tasks (default: 0) |
 | `-e REDIS_DB_CACHE=` | Redis database ID for caching (default: 1) |
-| `-e BASE_PATH=` | The path you will use to access the app (i.e., /netbox, optional, default: none) |
-| `-e REMOTE_AUTH_ENABLED=` | Enable remote authentication (optional, default: False) |
-| `-e REMOTE_AUTH_BACKEND=` | Python path to the custom Django authentication backend to use for external user authentication (optional, default: netbox.authentication.RemoteUserBackend) |
-| `-e REMOTE_AUTH_HEADER=` | Name of the HTTP header which informs NetBox of the currently authenticated user. (optional, default: HTTP_REMOTE_USER) |
-| `-e REMOTE_AUTH_AUTO_CREATE_USER=` | If true, NetBox will automatically create local accounts for users authenticated via a remote service (optional, default: False) |
-| `-e REMOTE_AUTH_DEFAULT_GROUPS=` | The list of groups to assign a new user account when created using remote authentication (optional, default: []) |
-| `-e REMOTE_AUTH_DEFAULT_PERMISSIONS=` | A mapping of permissions to assign a new user account when created using remote authentication (optional, default: {}) |
+| `-e BASE_PATH=` | The path you will use to access the app (i.e., /netbox, default: none) |
+| `-e CSRF_TRUSTED_ORIGINS=` | List of comma-separated, single quoted, trusted origins. Must include protocol, and port if applicable (default: []) |
+| `-e REMOTE_AUTH_ENABLED=` | Enable remote authentication (default: False) |
+| `-e REMOTE_AUTH_BACKEND=` | Python path to the custom Django authentication backend to use for external user authentication (default: netbox.authentication.RemoteUserBackend) |
+| `-e REMOTE_AUTH_HEADER=` | Name of the HTTP header which informs NetBox of the currently authenticated user. (default: HTTP_REMOTE_USER) |
+| `-e REMOTE_AUTH_AUTO_CREATE_USER=` | If true, NetBox will automatically create local accounts for users authenticated via a remote service (default: False) |
+| `-e REMOTE_AUTH_DEFAULT_GROUPS=` | The list of groups to assign a new user account when created using remote authentication (default: []) |
+| `-e REMOTE_AUTH_DEFAULT_PERMISSIONS=` | A mapping of permissions to assign a new user account when created using remote authentication (default: {}) |
 | `-v /config` | Persistent config files |
 
 ## Environment variables from files (Docker secrets)
@@ -334,6 +339,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **05.01.26:** - Rebase to Alpine 3.23. Add CSRF_TRUSTED_ORIGINS env settings. Drop support for environments with explicitly disabled IPv6.
 * **26.08.24:** - Restructure init to allow for plugins as mods.
 * **16.07.24:** - Add required packages for LDAP support.
 * **01.06.24:** - Rebase to Alpine 3.20.

jenkins-vars.yml

@@ -19,7 +19,7 @@ repo_vars:
   - PR_DOCKERHUB_IMAGE = 'lspipepr/netbox'
   - DIST_IMAGE = 'alpine'
   - MULTIARCH='true'
-  - CI='true'
+  - CI='false'
   - CI_WEB='false'
   - CI_PORT='8000'
   - CI_SSL='false'

readme-vars.yml

@@ -21,26 +21,28 @@ param_usage_include_env: true
 param_env_vars:
   - {env_var: "SUPERUSER_EMAIL", env_value: "", desc: "Email address for `admin` account"}
   - {env_var: "SUPERUSER_PASSWORD", env_value: "", desc: "Password for `admin` account"}
-  - {env_var: "ALLOWED_HOST", env_value: "", desc: "The hostname you will use to access the app (i.e., netbox.example.com)"}
+  - {env_var: "ALLOWED_HOST", env_value: "", desc: "The hostname you will use to access the app (e.g., netbox.example.com)"}
   - {env_var: "DB_NAME", env_value: "", desc: "Database name (default: netbox)"}
   - {env_var: "DB_USER", env_value: "", desc: "Database user"}
   - {env_var: "DB_PASSWORD", env_value: "", desc: "Database password"}
   - {env_var: "DB_HOST", env_value: "", desc: "Database host (default: postgres)"}
   - {env_var: "DB_PORT", env_value: "", desc: "Database port (default: 5432)"}
   - {env_var: "REDIS_HOST", env_value: "", desc: "Redis host (default: redis)"}
   - {env_var: "REDIS_PORT", env_value: "", desc: "Redis port number (default: 6379)"}
+  - {env_var: "REDIS_USERNAME", env_value: "", desc: "Redis username (default: none)"}
   - {env_var: "REDIS_PASSWORD", env_value: "", desc: "Redis password (default: none)"}
   - {env_var: "REDIS_DB_TASK", env_value: "", desc: "Redis database ID for tasks (default: 0)"}
   - {env_var: "REDIS_DB_CACHE", env_value: "", desc: "Redis database ID for caching (default: 1)"}
 opt_param_usage_include_env: true
 opt_param_env_vars:
-  - {env_var: "BASE_PATH", env_value: "", desc: "The path you will use to access the app (i.e., /netbox, optional, default: none)"}
-  - {env_var: "REMOTE_AUTH_ENABLED", env_value: "", desc: "Enable remote authentication (optional, default: False)"}
-  - {env_var: "REMOTE_AUTH_BACKEND", env_value: "", desc: "Python path to the custom Django authentication backend to use for external user authentication (optional, default: netbox.authentication.RemoteUserBackend)"}
-  - {env_var: "REMOTE_AUTH_HEADER", env_value: "", desc: "Name of the HTTP header which informs NetBox of the currently authenticated user. (optional, default: HTTP_REMOTE_USER)"}
-  - {env_var: "REMOTE_AUTH_AUTO_CREATE_USER", env_value: "", desc: "If true, NetBox will automatically create local accounts for users authenticated via a remote service (optional, default: False)"}
-  - {env_var: "REMOTE_AUTH_DEFAULT_GROUPS", env_value: "", desc: "The list of groups to assign a new user account when created using remote authentication (optional, default: [])"}
-  - {env_var: "REMOTE_AUTH_DEFAULT_PERMISSIONS", env_value: "", desc: "A mapping of permissions to assign a new user account when created using remote authentication (optional, default: {})"}
+  - {env_var: "BASE_PATH", env_value: "", desc: "The path you will use to access the app (i.e., /netbox, default: none)"}
+  - {env_var: "CSRF_TRUSTED_ORIGINS", env_value: "", desc: "List of comma-separated, single quoted, trusted origins. Must include protocol, and port if applicable (default: [])"}
+  - {env_var: "REMOTE_AUTH_ENABLED", env_value: "", desc: "Enable remote authentication (default: False)"}
+  - {env_var: "REMOTE_AUTH_BACKEND", env_value: "", desc: "Python path to the custom Django authentication backend to use for external user authentication (default: netbox.authentication.RemoteUserBackend)"}
+  - {env_var: "REMOTE_AUTH_HEADER", env_value: "", desc: "Name of the HTTP header which informs NetBox of the currently authenticated user. (default: HTTP_REMOTE_USER)"}
+  - {env_var: "REMOTE_AUTH_AUTO_CREATE_USER", env_value: "", desc: "If true, NetBox will automatically create local accounts for users authenticated via a remote service (default: False)"}
+  - {env_var: "REMOTE_AUTH_DEFAULT_GROUPS", env_value: "", desc: "The list of groups to assign a new user account when created using remote authentication (default: [])"}
+  - {env_var: "REMOTE_AUTH_DEFAULT_PERMISSIONS", env_value: "", desc: "A mapping of permissions to assign a new user account when created using remote authentication (default: {})"}
 param_usage_include_ports: true
 param_ports:
   - {external_port: "8000", internal_port: "8000", port_desc: "will map the container's port 8000 to port 8000 on the host"}
@@ -99,6 +101,7 @@ init_diagram: |
   "netbox:latest" <- Base Images
 # changelog
 changelogs:
+  - {date: "05.01.26:", desc: "Rebase to Alpine 3.23. Add CSRF_TRUSTED_ORIGINS env settings. Drop support for environments with explicitly disabled IPv6."}
   - {date: "26.08.24:", desc: "Restructure init to allow for plugins as mods."}
   - {date: "16.07.24:", desc: "Add required packages for LDAP support."}
   - {date: "01.06.24:", desc: "Rebase to Alpine 3.20."}

root/defaults/configuration.py

@@ -12,13 +12,15 @@
 
 # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
 #   https://docs.djangoproject.com/en/stable/ref/settings/#databases
-DATABASE = {
-    'NAME': '{{DB_NAME}}',         # Database name
-    'USER': '{{DB_USER}}',               # PostgreSQL username
-    'PASSWORD': '{{DB_PASSWORD}}',           # PostgreSQL password
-    'HOST': '{{DB_HOST}}',      # Database server
-    'PORT': '{{DB_PORT}}',               # Database port (leave blank for default)
-    'CONN_MAX_AGE': 300,      # Max database connection age
+DATABASES = {
+    'default': {
+        'NAME': '{{DB_NAME}}',         # Database name
+        'USER': '{{DB_USER}}',               # PostgreSQL username
+        'PASSWORD': '{{DB_PASSWORD}}',           # PostgreSQL password
+        'HOST': '{{DB_HOST}}',      # Database server
+        'PORT': '{{DB_PORT}}',               # Database port (leave blank for default)
+        'CONN_MAX_AGE': 300,      # Max database connection age
+    },
 }
 
 # Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
@@ -31,6 +33,7 @@
         # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
         # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
         # 'SENTINEL_SERVICE': 'netbox',
+        'USERNAME': '{{REDIS_USERNAME}}',
         'PASSWORD': '{{REDIS_PASSWORD}}',
         'DATABASE': {{REDIS_DB_TASK}},
         'SSL': False,
@@ -44,6 +47,7 @@
         # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
         # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
         # 'SENTINEL_SERVICE': 'netbox',
+        'USERNAME': '{{REDIS_USERNAME}}',
         'PASSWORD': '{{REDIS_PASSWORD}}',
         'DATABASE': {{REDIS_DB_CACHE}},
         'SSL': False,
@@ -103,6 +107,10 @@
     # r'^(https?://)?(\w+\.)?example\.com$',
 ]
 
+CSRF_TRUSTED_ORIGINS = [
+    {{CSRF_TRUSTED_ORIGINS}}
+]
+
 # Specify any custom validators here, as a mapping of model to a list of validators classes. Validators should be
 # instances of or inherit from CustomValidator.
 # from extras.validators import CustomValidator

root/defaults/uwsgi.ini

@@ -1,5 +1,5 @@
 [uwsgi]
-http-socket = :8000
+http-socket = [::]:8000
 buffer-size = 32768
 enable-threads
 plugin = python3

root/etc/s6-overlay/s6-rc.d/init-netbox-config/run

@@ -8,13 +8,15 @@ mkdir -p \
 declare -A NETBOX_CONF
 NETBOX_CONF[ALLOWED_HOST]=${ALLOWED_HOST:-netbox.example.com}
 NETBOX_CONF[BASE_PATH]=${BASE_PATH:-}
+NETBOX_CONF[CSRF_TRUSTED_ORIGINS]=${CSRF_TRUSTED_ORIGINS:-}
 NETBOX_CONF[DB_NAME]=${DB_NAME:-netbox}
 NETBOX_CONF[DB_USER]=${DB_USER:-root}
 NETBOX_CONF[DB_PASSWORD]=${DB_PASSWORD:-}
 NETBOX_CONF[DB_HOST]=${DB_HOST:-postgres}
 NETBOX_CONF[DB_PORT]=${DB_PORT:-}
 NETBOX_CONF[REDIS_HOST]=${REDIS_HOST:-redis}
 NETBOX_CONF[REDIS_PORT]=${REDIS_PORT:-6379}
+NETBOX_CONF[REDIS_USERNAME]=${REDIS_USERNAME:-}
 NETBOX_CONF[REDIS_PASSWORD]=${REDIS_PASSWORD:-}
 NETBOX_CONF[REDIS_DB_TASK]=${REDIS_DB_TASK:-0}
 NETBOX_CONF[REDIS_DB_CACHE]=${REDIS_DB_CACHE:-1}
@@ -38,7 +40,7 @@ if [[ ! -f "/config/configuration.py" ]]; then
     done
 fi
 
-if [[ ! -e "/config/media" ]]; then
+if [[ ! -e "/config/media" ]] && [[ -e "/app/netbox/netbox/media" ]]; then
     mv /app/netbox/netbox/media /config/media
 fi
 

root/etc/s6-overlay/s6-rc.d/init-netbox-prepare/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-netbox-prepare/run

root/etc/s6-overlay/s6-rc.d/svc-netbox/data/check

@@ -0,0 +1,8 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+if [[ $(curl -Lo /dev/null -H "Host: ${ALLOWED_HOST}" -s -w "%{http_code}\n" http://localhost:8000) = "200" ]]; then
+    exit 0
+else
+    exit 1
+fi

root/etc/s6-overlay/s6-rc.d/svc-netbox/run

@@ -2,5 +2,5 @@
 # shellcheck shell=bash
 
 exec \
-    s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost 8000" \
+    s6-notifyoncheck -d -n 30 -w 5000 \
         cd /app/netbox/netbox s6-setuidgid abc /usr/sbin/uwsgi uwsgi.ini