phpIPAM in Docker with Nginx reverse-proxy

I have a bit of a problem with this setup serving phpIPAM via Nginx reverse proxy, so I said to share the solution which works for me here maybe will help somebody out there.

I installed phpIPAM as Docker container following the instructions here: https://github.com/phpipam-docker/phpipam-docker.

Using it via plain http was working OK, but I want to use https for a various of reasons. Security is important, but this being a type of home.lab deployment, I wasn’t that concern about somebody “sniffing” on my plain http traffic. The annoying part that I use a Chromium based browser which insist to upgrade the http to https protocol, even when I type the URL with “http://ipam…”

I’ve installed Nginx (on a different machine) did a basic reverse proxy configuration using some self signed certificates. And here the problem started. I will not bore you with all the details, but the redirection was not working well, either it failed all together or the page appear broken with CSS not render correctly and other issues.

Here is what I had to do for a working solution.

On the Docker part (I assume you followed the phpIPAM Docker installation above or you’re familiar with the containerization solution) I had to add the following in the .env file:

 - IPAM_DATABASE_HOST=phpipam-mariadb
 - IPAM_DATABASE_PASS=my_secret_phpipam_pass
 - IPAM_DATABASE_WEBHOST=%
 - TZ=yourtimezone
 - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 - IPAM_TRUST_X_FORWARD=yes
 - IPAM_DISABLE_INSTALLER=1

Not every line above is relevant for solving the reverse proxy issue, but I chose to share all what I have there. The IPAM_TRUST_X_FORWARD is important for this topic.

Below is what I have in the Nginx config file:

server {
    listen 9443 ssl; # Change to whatever port you're using here
    server_name ipam.home.lab; # replace with your domain

    ssl_certificate /etc/ssl/private/ipam.home.lab.crt;
    ssl_certificate_key /etc/ssl/private/ipam.home.lab.key;

    location / {
        proxy_pass http://phpipam-host.home.lab:81; # Replace with your IP / FQDN and port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;

        # Add WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # Optionally, you can add additional configurations like error pages or logging here
}

I haven’t notice yet any issue using the setup / configuration illustrated above. Let me know if you find this information useful.

Docker image – Python for network engineers

Lately I’m looking more and more into Python, with respect to automation implementations useful for network engineers. In the learning process I’ve used different materials, like the excellent video trainings Python Programming for Network Engineers from David Bombal which are available free on Youtube.

This training in particular relies on a Ubuntu Docker image in order to support Python learning following interaction with Cisco devices in GNS3. Everything is great, just that the image doesn’t contain all necessary tools (like Paramiko, Netmiko, Ansible…). As you can guess, whenever you close / open the Project in GNS3, all the installed packages installed in the Ubuntu Docker image are gone.

Since we’re talking automation, I got bored to install the necessary tools everytime I wanted to start a new project or I had to close GNS3 for some reason. I’ve tried to find a Docker image that suits my needs, but I couldn’t (please point me to one if you know it).

So, I’ve build a Docker image, based on Ubuntu 16.04, which contains the necessary tools to start learning Python programming oriented for network engineers:

  • Openssl
  • Net-tools (ifconfig..)
  • IPutils (ping, arping, traceroute…)
  • IProute
  • IPerf
  • TCPDump
  • NMAP
  • Python 2
  • Python 3
  • Paramiko (python ssh support)
  • Netmiko (python ssh support)
  • Ansible (automation)
  • Pyntc
  • NAPALM

The above list can be extended, but I would like to keep it to the minimum necessary (I want to keep the image size at decent level).

If you’re interested, please find the image at: https://hub.docker.com/r/yotis/ubuntu1604-pfne/, or you can download it:

$ docker pull yotis/ubuntu1604-pfne

I’ve tested the image for couple of days and it works fine. However if something doesn’t work as expected, please let me know and I’ll try to fix it.

For those using GNS3 is possible to import the image above directly into GNS3 using the PFNE Appliance.