Using /assets/ for netbox conflicts with Arkime's /assets/, so use /n…

…etbox/ for the NetBox path

Dockerfiles/netbox.Dockerfile

@@ -28,11 +28,10 @@ ENV SUPERCRONIC "supercronic-linux-amd64"
 ENV SUPERCRONIC_SHA1SUM "d7f4c0886eb85249ad05ed592902fa6865bb9d70"
 ENV SUPERCRONIC_CRONTAB "/etc/crontab"
 
-ARG BASE_PATH=assets
 ARG NETBOX_DEFAULT_SITE=Malcolm
 ARG NETBOX_CRON=false
 
-ENV BASE_PATH $BASE_PATH
+ENV BASE_PATH netbox
 ENV NETBOX_DEFAULT_SITE $NETBOX_DEFAULT_SITE
 ENV NETBOX_CRON $NETBOX_CRON
 
@@ -60,15 +59,14 @@ RUN apt-get -q update && \
     usermod -a -G tty ${PUSER} && \
     mkdir -p /opt/unit && \
     chown -R $PUSER:$PGROUP /etc/netbox /opt/unit /opt/netbox && \
-    if [ -n "${BASE_PATH}" ] && [ "${BASE_PATH}" != "netbox" ]; then \
-        mkdir /opt/netbox/netbox/$BASE_PATH && \
-        mv /opt/netbox/netbox/static /opt/netbox/netbox/$BASE_PATH/static; \
-    fi
+    mkdir -p /opt/netbox/netbox/$BASE_PATH && \
+    mv /opt/netbox/netbox/static /opt/netbox/netbox/$BASE_PATH/static
 
 COPY --chmod=755 shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
 COPY --chmod=755 shared/bin/service_check_passthrough.sh /usr/local/bin/
 COPY --chmod=755 netbox/scripts/* /usr/local/bin/
 COPY --chmod=644 netbox/supervisord.conf /etc/supervisord.conf
+COPY --chmod=644 netbox/config/unit/nginx-unit.json /etc/unit/nginx-unit.json
 COPY --from=pierrezemb/gostatic --chmod=755 /goStatic /usr/bin/goStatic
 
 ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-uid-gid-setup.sh", "/usr/local/bin/service_check_passthrough.sh"]

README.md

@@ -229,7 +229,7 @@ A few minutes after starting Malcolm (probably 5 to 10 minutes for Logstash to b
 * [Capture File and Log Archive Upload (Web)](#Upload): [https://localhost/upload/](https://localhost/upload/)
 * [Capture File and Log Archive Upload (SFTP)](#Upload): `sftp://<username>@127.0.0.1:8022/files`
 * [Host and Subnet Name Mapping](#HostAndSubnetNaming) Editor: [https://localhost/name-map-ui/](https://localhost/name-map-ui/)
-* [NetBox](#NetBox): [https://localhost/assets/](https://localhost/assets/)
+* [NetBox](#NetBox): [https://localhost/netbox/](https://localhost/netbox/)
 * [Account Management](#AuthBasicAccountManagement): [https://localhost:488](https://localhost:488)
 
 ## <a name="Overview"></a>Overview
@@ -502,7 +502,7 @@ A minute or so after starting Malcolm, the following services will be accessible
   - PCAP upload (web): https://localhost/upload/
   - PCAP upload (sftp): sftp://[email protected]:8022/files/
   - Host and subnet name mapping editor: https://localhost/name-map-ui/
-  - NetBox: https://localhost/assets/
+  - NetBox: https://localhost/netbox/
   - Account management: https://localhost:488/
 ```
 
@@ -1708,7 +1708,7 @@ This feature is disabled by default, but it can be enabled by clearing (setting
 
 ### <a name="NetBox"></a>Asset Management with NetBox
 
-Malcolm provides an instance of [NetBox](https://netbox.dev/), an open-source "solution for modeling and documenting modern networks." The NetBox web interface is available at at [https://localhost/assets/](https://localhost/assets/) if you are connecting locally.
+Malcolm provides an instance of [NetBox](https://netbox.dev/), an open-source "solution for modeling and documenting modern networks." The NetBox web interface is available at at [https://localhost/netbox/](https://localhost/netbox/) if you are connecting locally.
 
 The design of a potentially deeper integration between Malcolm and Netbox is a work in progress. The purpose of an asset management system is to document the intended state of a network: were Malcolm to actively and agressively populate NetBox with the live network state, a network configuration fault could result in an incorrect documented configuration. The Malcolm development team is investigating what data, if any, should automatically flow to NetBox based on traffic observed (enabled via the `NETBOX_CRON` [environment variable in `docker-compose.yml`](#DockerComposeYml)), and what NetBox inventory data could be used, if any, to enrich Malcolm's network traffic metadata. Well-considered suggestions in this area [are welcome](mailto:[email protected]?subject=NetBox).
 
@@ -3973,7 +3973,7 @@ In a few minutes, Malcolm services will be accessible via the following URLs:
   - PCAP upload (web): https://localhost/upload/
   - PCAP upload (sftp): sftp://[email protected]:8022/files/
   - Host and subnet name mapping editor: https://localhost/name-map-ui/
-  - NetBox: https://localhost/assets/  
+  - NetBox: https://localhost/netbox/  
   - Account management: https://localhost:488/
 
 NAME                           COMMAND                  SERVICE              STATUS               PORTS

docker-compose-standalone.yml

@@ -923,7 +923,6 @@ services:
       - ./netbox/config/configuration:/etc/netbox/config:ro
       - ./netbox/config/reports:/etc/netbox/reports:ro
       - ./netbox/config/scripts:/etc/netbox/scripts:ro
-      - ./netbox/config/unit:/etc/unit:ro
       - ./netbox/media:/opt/netbox/netbox/media:rw
     healthcheck:
       test: ["CMD", "curl", "--silent", "http://localhost:8080/assets/api/" ]

docker-compose.yml

@@ -986,7 +986,6 @@ services:
       - ./netbox/config/configuration:/etc/netbox/config:ro
       - ./netbox/config/reports:/etc/netbox/reports:ro
       - ./netbox/config/scripts:/etc/netbox/scripts:ro
-      - ./netbox/config/unit:/etc/unit:ro
       - ./netbox/media:/opt/netbox/netbox/media:rw
     healthcheck:
       test: ["CMD", "curl", "--silent", "http://localhost:8080/assets/api/" ]

malcolm-iso/config/includes.chroot/etc/skel/.config/xfce4/panel/launcher-17/16637019741.desktop

@@ -1,7 +1,7 @@
 [Desktop Entry]
 Version=1.0
 Name=Malcolm - NetBox
-Exec=/opt/firefox/firefox https://localhost/assets/
+Exec=/opt/firefox/firefox https://localhost/netbox/
 Terminal=false
 X-MultipleArgs=false
 Type=Application

malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-netbox.desktop

@@ -1,7 +1,7 @@
 [Desktop Entry]
 Version=1.0
 Name=Malcolm - NetBox
-Exec=/opt/firefox/firefox https://localhost/assets/
+Exec=/opt/firefox/firefox https://localhost/netbox/
 Terminal=false
 X-MultipleArgs=false
 Type=Application

netbox/config/unit/nginx-unit.json

@@ -15,7 +15,7 @@
   "routes": [
     {
       "match": {
-        "uri": "/assets/static/*"
+        "uri": "/netbox/static/*"
       },
       "action": {
         "share": "/opt/netbox/netbox${uri}"

netbox/env/netbox.env.example

@@ -1,6 +1,6 @@
 CORS_ORIGIN_ALLOW_ALL=True
 CSRF_TRUSTED_ORIGINS=http://* https://*
-BASE_PATH=assets
+BASE_PATH=netbox
 REMOTE_AUTH_ENABLED=True
 REMOTE_AUTH_BACKEND=netbox.authentication.RemoteUserBackend
 REMOTE_AUTH_HEADER=HTTP_X_REMOTE_AUTH

netbox/scripts/netbox_init.py

@@ -53,7 +53,7 @@ def main():
         '--url',
         dest='netboxUrl',
         type=str,
-        default='http://localhost:8080/assets',
+        default='http://localhost:8080/netbox',
         required=True,
         help="NetBox Base URL",
     )

netbox/supervisord.conf

@@ -36,7 +36,7 @@ redirect_stderr=true
 [program:initialization]
 command=/usr/bin/python3 /usr/local/bin/netbox_init.py
   --wait
-  --url "http://localhost:8080/assets"
+  --url "http://localhost:8080/netbox"
   --token "%(ENV_SUPERUSER_API_TOKEN)s"
 autostart=true
 autorestart=false

nginx/nginx.conf

@@ -209,7 +209,7 @@ http {
     }
 
     # netbox
-    location /assets {
+    location /netbox {
       proxy_pass http://netbox;
       proxy_redirect off;
       proxy_set_header Host netbox.malcolm.local;

nginx/nginx_readonly.conf

@@ -49,6 +49,10 @@ http {
     server dashboards-helper:28991;
   }
 
+  upstream netbox {
+    server netbox:8080;
+  }
+
   upstream extracted-file-http-server {
     server file-monitor:8440;
   }
@@ -135,6 +139,16 @@ http {
       proxy_set_header Host file-monitor.malcolm.local;
     }
 
+    # netbox
+    location /netbox {
+      proxy_pass http://netbox;
+      proxy_redirect off;
+      proxy_set_header Host netbox.malcolm.local;
+      proxy_set_header X-Forwarded-Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
     # favicon, logos, banners, etc.
     include /etc/nginx/nginx_image_aliases.conf;
 

scripts/control.py

@@ -299,7 +299,7 @@ def logs():
       | eshealth
       | esindices/list
       | executing\s+attempt_(transition|set_replica_count)\s+for
-      | GET\s+/(assets/api|_cat/health|api/status|sessions2-|arkime_\w+).+HTTP/[\d\.].+\b200\b
+      | GET\s+/(netbox/api|_cat/health|api/status|sessions2-|arkime_\w+).+HTTP/[\d\.].+\b200\b
       | POST\s+/(arkime_\w+)(/\w+)?/_(d?stat|doc|search).+HTTP/[\d\.].+\b20[01]\b
       | POST\s+/_bulk\s+HTTP/[\d\.].+\b20[01]\b
       | POST\s+/server/php/\s+HTTP/\d+\.\d+"\s+\d+\s+\d+.*:8443/
@@ -604,7 +604,7 @@ def start():
         eprint("  - PCAP upload (web): https://localhost/upload/")
         eprint("  - PCAP upload (sftp): sftp://[email protected]:8022/files/")
         eprint("  - Host and subnet name mapping editor: https://localhost/name-map-ui/")
-        eprint("  - NetBox: https://localhost/assets/\n")
+        eprint("  - NetBox: https://localhost/netbox/\n")
         eprint("  - Account management: https://localhost:488/\n")
     else:
         eprint("Malcolm failed to start\n")

scripts/malcolm_appliance_packager.sh

@@ -159,7 +159,7 @@ if mkdir "$DESTDIR"; then
   echo "  - PCAP upload (web): https://localhost/upload/" | tee -a "$README"
   echo "  - PCAP upload (sftp): sftp://[email protected]:8022/files/" | tee -a "$README"
   echo "  - Host and subnet name mapping editor: https://localhost/name-map-ui/" | tee -a "$README"
-  echo "  - NetBox: https://localhost/assets/" | tee -a "$README"
+  echo "  - NetBox: https://localhost/netbox/" | tee -a "$README"
   echo "  - Account management: https://localhost:488/" | tee -a "$README"
   popd  >/dev/null 2>&1
   popd  >/dev/null 2>&1