Skip to content

HTTP Server Setup

This documentation provides example configurations for both nginx and Apache, though any HTTP server which supports WSGI should be compatible.


For the sake of brevity, only Ubuntu 20.04 instructions are provided here. These tasks are not unique to NetBox and should carry over to other distributions with minimal changes. Please consult your distribution's documentation for assistance if needed.

Obtain an SSL Certificate

To enable HTTPS access to NetBox, you'll need a valid SSL certificate. You can purchase one from a trusted commercial provider, obtain one for free from Let's Encrypt, or generate your own (although self-signed certificates are generally untrusted). Both the public certificate and private key files need to be installed on your NetBox server in a location that is readable by the netbox user.

The command below can be used to generate a self-signed certificate for testing purposes, however it is strongly recommended to use a certificate from a trusted authority in production. Two files will be created: the public certificate (netbox.crt) and the private key (netbox.key). The certificate is published to the world, whereas the private key must be kept secret at all times.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/netbox.key \
-out /etc/ssl/certs/netbox.crt

The above command will prompt you for additional details of the certificate; all of these are optional.

HTTP Server Installation

Option A: nginx

Begin by installing nginx:

sudo apt install -y nginx

Once nginx is installed, copy the nginx configuration file provided by NetBox to /etc/nginx/sites-available/netbox. Be sure to replace with the domain name or IP address of your installation. (This should match the value configured for ALLOWED_HOSTS in

sudo cp /opt/netbox/contrib/nginx.conf /etc/nginx/sites-available/netbox

gunicorn vs. uWSGI

The reference nginx configuration file assumes that gunicorn is in use. If using uWSGI instead, you'll need to remove the gunicorn-specific configuration (lines beginning with proxy_pass and proxy_set_header) and uncomment the uWSGI section below them before proceeding.

Then, delete /etc/nginx/sites-enabled/default and create a symlink in the sites-enabled directory to the configuration file you just created.

sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/netbox /etc/nginx/sites-enabled/netbox

Finally, restart the nginx service to use the new configuration.

sudo systemctl restart nginx

Option B: Apache

Begin by installing Apache:

sudo apt install -y apache2

Next, copy the default configuration file to /etc/apache2/sites-available/. Be sure to modify the ServerName parameter appropriately.

sudo cp /opt/netbox/contrib/apache.conf /etc/apache2/sites-available/netbox.conf

Finally, ensure that the required Apache modules are enabled, enable the netbox site, and reload Apache:

sudo a2enmod ssl proxy proxy_http headers rewrite
sudo a2ensite netbox
sudo systemctl restart apache2

Confirm Connectivity

At this point, you should be able to connect to the HTTPS service at the server name or IP address you provided.


Please keep in mind that the configurations provided here are bare minimums required to get NetBox up and running. You may want to make adjustments to better suit your production environment.


Certain components of NetBox (such as the display of rack elevation diagrams) rely on the use of embedded objects. Ensure that your HTTP server configuration does not override the X-Frame-Options response header set by NetBox.


If you are unable to connect to the HTTP server, check that:

  • Nginx/Apache is running and configured to listen on the correct port.
  • Access is not being blocked by a firewall somewhere along the path. (Try connecting locally from the server itself.)

If you are able to connect but receive a 502 (bad gateway) error, check the following:

  • The WSGI worker processes (gunicorn) are running (systemctl status netbox should show a status of "active (running)")
  • Nginx/Apache is configured to connect to the port on which gunicorn is listening (default is 8001).
  • SELinux is not preventing the reverse proxy connection. You may need to allow HTTP network connections with the command setsebool -P httpd_can_network_connect 1