Roger Perkin

Network Automation Architect

How to enable unauthenticated access to Netbox Docker

Netbox Permissions

By default any unauthenticated users on Netbox will not be able to view anything, you can control read and write permissions via users in Netbox. However there may be a situation where you need to provide read only access to all users.

The Netbox documentation states this is what you have to do

To enable unauthenticated access to NetBox, you must set 
LOGIN_REQUIRED = Falsein your configuration.py file, which will allow unauthenticated users to view data, but not make changes. For more granular control, you can use EXEMPT_VIEW_PERMISSIONS = ['*'] to exempt all models from view permission enforcement, allowing all users to view all objects by default

Using Nebox Docker

I am using Netbox Docker and I edited the env files to accomplish this.

1. Update the netbox.env file

Whilst the official documentation states you need to add EXEMPT_VIEW_PERMISSIONS = [‘*’] to the configuration.py file in the default docker setup this file is created from the environment variables so my configuration.py file looked like this 

# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
EXEMPT_VIEW_PERMISSIONS = _environ_get_and_map('EXEMPT_VIEW_PERMISSIONS', '', _AS_LIST)

So, to update this I just added EXEMPT_VIEW_PERMISSIONS=[‘*’] to the netbox.env file but it did not work, the reason being..

The value you’re passing in your .env file (EXEMPT_VIEW_PERMISSIONS='["*"]') is just a string.

It won’t be parsed correctly into a Python list because _environ_get_and_map(..., _AS_LIST) expects a comma-separated list, not a JSON array in quotes.

The correct format for the env file is EXEMPT_VIEW_PERMISSIONS=*

You also need to add LOGIN_REQUIRED=False

So my updated netbox.env looks like this 

EXEMPT_VIEW_PERMISSIONS=*
LOGIN_REQUIRED=False

If you want to make it a bit more granular you will need to whitelist exactly what you want to see.

e.g 

EXEMPT_VIEW_PERMISSIONS= home dcim.site dcim.devices
LOGIN_REQUIRED=False

Credit to https://www.packetcoders.io for helping me figure this out!

2. Restart Docker

Then just do a:

sudo docker compose down
sudo docker compose up -d

You should now be able to view all Netbox data without logging in, but all edit/delete buttons are removed.

Category:
ansible course for network engineers
Get Access to my Ansible Course NOW

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *