Add instructions on how to create and enable SSL certificates on Prox…

…box Backend (FastAPI)
netdevopsbr · Nov 22, 2024 · f32cac2 · f32cac2
1 parent 2fa18fa
commit f32cac2
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -234,6 +234,18 @@ PLUGINS_CONFIG = {
 
 **OBS:** It is possible to change Proxbox Backend Port (`8800`), you need to edit `proxbox.service` file and `configuration.py`
 
+#### Create self-signed certificates so Proxbox Backend (FastAPI) runs both HTTP and WS (Websocket) via TLS.
+
+```
+sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+-keyout /etc/ssl/proxbox.key \
+-out /etc/ssl/proxbox.crt
+```
+
+> The certificate files created are by default located at `/etc/ssl`.
+> Proxbox SystemD file will link to this path to find `proxbox.key` and `proxbox.crt` files.
+> To change this default behavior, you have to change `ExecStart` variable on `proxbox.service` file or use some HTTP Proxy like NGINX to serve FastAPI.
+
 ```
 sudo cp -v /opt/netbox/netbox/netbox-proxbox/contrib/*.service /etc/systemd/system/
 sudo systemctl daemon-reload
@@ -243,9 +255,11 @@ sudo systemctl start proxbox
 sudo systemctl status proxbox
 ```
 
+The commands above creates the service file, enables it to run at boot time and starts it immediately.
+
 #### Optional way for developing use:
 ```
-/opt/netbox/venv/bin/uvicorn netbox-proxbox.netbox_proxbox.main:app --host 0.0.0.0 --port 8800 --app-dir /opt/netbox/netbox --reload
+/opt/netbox/venv/bin/uvicorn netbox-proxbox.netbox_proxbox.main:app --host 0.0.0.0 --port 8800 --app-dir /opt/netbox/netbox --ssl-keyfile=/etc/ssl/proxbox.key --ssl-certfile=/etc/ssl/proxbox.crt --reload
 ```
 
 ---