Variables which are arrays are usually composed by putting all the values into the same environment variables with the values separated by a whitespace ("` `").
For example defining `ALLOWED_HOSTS=localhost ::1 127.0.0.1` would allows access to NetBox through `http://localhost:8080`, `http://[::1]:8080` and `http://127.0.0.1:8080`.
The default settings are optimized for (local) development environments.
You should therefore adjust the configuration for production setups, at least the following variables:
*`ALLOWED_HOSTS`: Add all URLs that lead to your NetBox instance.
*`DB_*`: Use a persistent database.
*`EMAIL_*`: Use your own mailserver.
*`MAX_PAGE_SIZE`: Use the recommended default of 1000.
*`SUPERUSER_*`: Only define those variables during the initial setup, and drop them once the DB is set up.
### Running on Docker Swarm / Kubernetes / OpenShift
You may run this image in a cluster such as Docker Swarm, Kubernetes or OpenShift, but this is advanced level.
In this case, we encourage you to statically configure NetBox by starting from [NetBox's example config file][default-config], and mounting it into your container in the directory `/etc/netbox/` using the mechanism provided by your container platform (i.e. [Docker Swarm configs][swarm-config], [Kubernetes ConfigMap][k8s-config], [OpenShift ConfigMaps][openshift-config]).
But if you rather continue to configure your application through environment variables, you may continue to use [the built-in configuration file][docker-config].
We discourage storing secrets in environment variables, as environment variable are passed on to all sub-processes and may leak easily into other systems, e.g. error collecting tools that often collect all environment variables whenever an error occurs.
Therefore we *strongly advise* to make use of the secrets mechanism provided by your container platform (i.e. [Docker Swarm secrets][swarm-secrets], [Kubernetes secrets][k8s-secrets], [OpenShift secrets][openshift-secrets]).
[The configuration file][docker-config] and [the entrypoint script][entrypoint] try to load the following secrets from the respective files.
If a secret is defined by an environment variable and in the respective file at the same time, then the value from the environment variable is used.
When using `docker-compose`, all the python scripts present in `/opt/netbox/startup_scripts` will automatically be executed after the application boots in the context of `./manage.py`.
Since v2.1.0, NAPALM has been tightly integrated into NetBox. To learn more about what NAPALM is and how it works, please see the documentation from the [libary itself](http://napalm.readthedocs.io/en/latest/index.html) or the documentation from [NetBox](https://netbox.readthedocs.io/en/latest/configuration/optional-settings/#napalm_username) on how it is integrated.
To enable this functionality, simply complete the following lines in `netbox.env` (or appropriate secrets mechanism) :
*`NAPALM_USERNAME`: A common username that can be utilized for connecting to network devices in your environment.
*`NAPALM_PASSWORD`: The password to use in combintation with the username to connect to network devices.
*`NAPALM_TIMEOUT`: A value to use for when an attempt to connect to a device will timeout if no response has been recieved.
However, if you have no need for this functionality, leaving them blank will not hinder the performance of NetBox at all.
In the images tagged with "-ldap" you can authenticate netbox against an LDAP / AD server. The included ldap_config.py is configured to use an AD domain controller. The custom values can be injected with environment variables like those in the main configuration file.
* You can enter the shell of the running NetBox container using `docker-compose exec netbox /bin/bash`. Now you have access to `./manage.py`, e.g. to reset a password.
