sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-18 16:36:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

add static connectors to config file docs

Browse Source
This commit is contained in:
jnfrati
2026-04-02 15:07:47 +02:00
parent 6435f4c62a
commit 7527ecfc10
1 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
src/pages/selfhosted/configuration-files.mdx
View File

@@ -243,6 +243,15 @@ server:
- "https://netbird.example.com/nb-silent-auth" - "https://netbird.example.com/nb-silent-auth"
cliRedirectURIs: cliRedirectURIs:
- "http://localhost:53000/" - "http://localhost:53000/"
staticConnectors:
- type: keycloak
name: keycloak
id: keycloak
config:
issuer: "https://keycloak.domain.com/realms/netbird"
clientID: "your-client-id"
clientSecret: "your-client-secret"
redirectURI: "https://netbird.example.com/oauth2/callback"
store: store:
engine: "sqlite" # sqlite, postgres, or mysql engine: "sqlite" # sqlite, postgres, or mysql
@@ -287,6 +296,10 @@ server:
Configures the built-in identity provider (embedded IdP) that handles user authentication and management. Configures the built-in identity provider (embedded IdP) that handles user authentication and management.
<Properties> <Properties>
<Property name="server.auth.localAuthDisabled" type="boolean">
Disables the built-in local authentication. Set to `true` when using static connectors to handle all authentication through external OIDC providers. Default: `false`.
**Do not turn off local authentication unless you have an OIDC configured and an Owner that can log-in through external OIDC*.
</Property>
<Property name="server.auth.issuer" type="string"> <Property name="server.auth.issuer" type="string">
The issuer URL for OAuth2/OIDC tokens. Format: `https://your-domain/oauth2`. This URL is used to validate JWT tokens and must be accessible to clients. The issuer URL for OAuth2/OIDC tokens. Format: `https://your-domain/oauth2`. This URL is used to validate JWT tokens and must be accessible to clients.
</Property> </Property>
@@ -299,6 +312,9 @@ Configures the built-in identity provider (embedded IdP) that handles user authe
<Property name="server.auth.cliRedirectURIs" type="array"> <Property name="server.auth.cliRedirectURIs" type="array">
Redirect URIs for CLI-based authentication. Default: `["http://localhost:53000/"]`. Used when authenticating via the `netbird` CLI tool. Redirect URIs for CLI-based authentication. Default: `["http://localhost:53000/"]`. Used when authenticating via the `netbird` CLI tool.
</Property> </Property>
<Property name="server.auth.staticConnectors" type="array">
Static connectors enable the configuration of OIDC providers ahead of time, which allows you to programmatically configure your netbird instances.
</Property>
</Properties> </Properties>
When the embedded IdP is active, the server automatically hosts these OIDC endpoints: When the embedded IdP is active, the server automatically hosts these OIDC endpoints:
@@ -312,6 +328,41 @@ When the embedded IdP is active, the server automatically hosts these OIDC endpo
NetBird also supports integration with external OIDC-compatible identity providers for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and centralized user management. See the [Authentication & IdPs page](/selfhosted/identity-providers) for configuration details. NetBird also supports integration with external OIDC-compatible identity providers for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and centralized user management. See the [Authentication & IdPs page](/selfhosted/identity-providers) for configuration details.
</Note> </Note>
### Static Connectors Settings
Static connectors enable an alternative path to generate OIDC configurations at startup. The list of connectors defined here will be stored as provided into the database.
You can add as many OIDC connector objects as you want. If a connector is given here, you'll also be able to disable local authentication.
<Warning>
Static connectors listed in configuration are going to be matched 1-to-1 with what's stored in the database, this means that during a restart, the server will update the OIDC connectors based on ID matching.
Management server will always reconcile the static connectors in the database with the configuration provided in this property.
However, OIDC connectors created through the dashboard will remain untouched as long as there's no static connector with the same ID.
</Warning>
<Properties>
<Property name="type" type="string">
The OIDC provider type (e.g., `keycloak`, `authentik`). Determines provider-specific behavior.
</Property>
<Property name="id" type="string">
Unique ID for this connector. Make sure it doesn't collide with dashboard-generated connector IDs.
</Property>
<Property name="name" type="string">
Display name of the connector.
</Property>
<Property name="config.issuer" type="string">
Issuer URL of the connector. Make sure that appending `/.well-known/openid-configuration` to this URL returns a valid JSON.
</Property>
<Property name="config.clientID" type="string">
Client ID of the connector. See [Configuring an OIDC Provider](/selfhosted/identity-providers/oidc-providers#configuring-an-oidc-provider) for how to obtain this.
</Property>
<Property name="config.clientSecret" type="string">
Client secret of the connector. See [Configuring an OIDC Provider](/selfhosted/identity-providers/oidc-providers#configuring-an-oidc-provider) for how to obtain this.
</Property>
<Property name="config.redirectURI" type="string">
Your management server endpoint callback URL. Format: `https://your-domain/oauth2/callback`.
</Property>
</Properties>
### Store Settings ### Store Settings
Configures the database backend for storing all NetBird management data including accounts, peers, groups, access policies, routes, DNS configuration, setup keys, and activity logs. Configures the database backend for storing all NetBird management data including accounts, peers, groups, access policies, routes, DNS configuration, setup keys, and activity logs.