sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 07:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add documentation for running behind reverse-proxies (#34)

Browse Source 
* Add doc for hosting netbird behind a reverse-proxy

* Add info about reverse-proxy template-files

* Add hint about usage of http2 usage

* Change how vars are set not to instruct editing base.env
This commit is contained in:
Ruakij
2023-04-06 01:22:03 +02:00
committed by GitHub
parent 473f764a11
commit 4468e3210d
1 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
docs/getting-started/self-hosting.md
View File

@@ -79,6 +79,10 @@ NETBIRD_LETSENCRYPT_EMAIL=""
Let's Encrypt will notify you via this email when certificates are about to expire. NetBird supports automatic renewal by default. Let's Encrypt will notify you via this email when certificates are about to expire. NetBird supports automatic renewal by default.
::: :::
:::info
If you want to setup netbird with your own reverse-Proxy and without using the integrated letsencrypt, follow [this step here instead](#advanced-running-netbird-behind-an-existing-reverse-proxy).
:::
### Step 3: Configure Identity Provider ### Step 3: Configure Identity Provider
NetBird supports generic OpenID (OIDC) protocol allowing for the integration with any IDP that follows the specification. NetBird supports generic OpenID (OIDC) protocol allowing for the integration with any IDP that follows the specification.
@@ -121,6 +125,51 @@ docker-compose up -d
docker-compose logs dashboard docker-compose logs dashboard
``` ```
### Advanced: Running netbird behind an existing reverse-proxy
If you want to run netbird behind your own reverse-proxy, some additional configuration-steps have to be taken to [Step 2](#step-2--prepare-configuration-files).
:::info
Not all reverse-proxies are supported as netbird uses *gRPC* for various components.
:::
#### Configuration for netbird
In `setup.env`:
- Set ```NETBIRD_DOMAIN``` to your domain, e.g. `demo.netbird.io`
- Set ```NETBIRD_DISABLE_LETSENCRYPT=true```
- Add ```NETBIRD_MGMT_API_PORT``` to your reverse-proxy TLS-port (default: 443)
- Add ```NETBIRD_SIGNAL_PORT``` to your reverse-proxy TLS-port
Optional:
- Add ```TURN_MIN_PORT``` and ```TURN_MAX_PORT``` to configure the port-range used by the Turn-server
:::tip info
The `coturn`-service still needs to be directly accessible under your set-domain as it uses UDP for communication.
:::
Now you can continue with [Step 3](#step-3-configure-identity-provider).
#### Configuration for your reverse-proxy
Depending on your port-mappings and choice of reverse-proxy, how you configure the forwards differs greatly.
The following endpoints have to be setup:
Endpoint | Protocol | Target service and internal-port
------------------------------- | --------- | --------------------------------
/ | HTTP | dashboard:80
/signalexchange.SignalExchange/ | gRPC | signal:80
/api | HTTP | management:443
/management.ManagementService/ | gRPC | management:443
Make sure your reverse-Proxy is setup to use the HTTP2-Protocol when forwarding.
:::tip
You can find helpful templates with the reverse-proxy-name as suffix (e.g. `docker-compose.yml.tmpl.traefik`)
Simply replace the file `docker-compose.yml.tmpl` with the chosen version.
:::
### Get in touch ### Get in touch
Feel free to ping us on [Slack](https://join.slack.com/t/netbirdio/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A) if you have any questions Feel free to ping us on [Slack](https://join.slack.com/t/netbirdio/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A) if you have any questions