diff --git a/next.config.mjs b/next.config.mjs index 8e6743b7..f467cc60 100644 --- a/next.config.mjs +++ b/next.config.mjs @@ -454,7 +454,17 @@ const nextConfig = { // documentation redirects for integrations { source: '/how-to/enable-post-quantum-cryptography', - destination: '/manage/integrations/enable-post-quantum-cryptography', + destination: '/client/post-quantum-cryptography', + permanent: true, + }, + { + source: '/manage/integrations/enable-post-quantum-cryptography', + destination: '/client/post-quantum-cryptography', + permanent: true, + }, + { + source: '/client/enable-post-quantum-cryptography', + destination: '/client/post-quantum-cryptography', permanent: true, }, { diff --git a/src/components/NavigationDocs.jsx b/src/components/NavigationDocs.jsx index f79dfaa2..3b460b50 100644 --- a/src/components/NavigationDocs.jsx +++ b/src/components/NavigationDocs.jsx @@ -1,572 +1,868 @@ import { useRouter } from 'next/router' import clsx from 'clsx' import { - ActivePageMarker, - NavLink, - TopLevelNavItem, - VisibleSectionHighlight + ActivePageMarker, + NavLink, + TopLevelNavItem, + VisibleSectionHighlight, } from '@/components/NavigationAPI' import { AnimatePresence, motion } from 'framer-motion' import { Button } from '@/components/mdx' import { useState } from 'react' -import { NavigationStateProvider, useNavigationState } from '@/components/NavigationState' +import { + NavigationStateProvider, + useNavigationState, +} from '@/components/NavigationState' import ChevronDownIcon from '@/components/icons/ChevronDownIcon' export const docsNavigation = [ - { - title: 'ABOUT', - links: [ - { title: 'How NetBird Works', href: '/about-netbird/how-netbird-works' }, - { title: 'NetBird vs. Traditional VPN', href: '/about-netbird/netbird-vs-traditional-vpn' }, - { title: 'Self-Hosted vs. Cloud', href: '/about-netbird/self-hosted-vs-cloud' }, - { title: 'Understanding NAT and Connectivity', href: '/about-netbird/understanding-nat-and-connectivity' }, - { title: 'Why WireGuard with NetBird', href: '/about-netbird/why-wireguard-with-netbird' }, - { title: 'Browser Client Architecture', href: '/about-netbird/browser-client-architecture' }, - { title: 'FAQ', href: '/about-netbird/faq' }, - /*{ title: 'Whats new in version xx', href: '/welcome/how-netbird-works' }, + { + title: 'ABOUT', + links: [ + { title: 'How NetBird Works', href: '/about-netbird/how-netbird-works' }, + { + title: 'NetBird vs. Traditional VPN', + href: '/about-netbird/netbird-vs-traditional-vpn', + }, + { + title: 'Self-Hosted vs. Cloud', + href: '/about-netbird/self-hosted-vs-cloud', + }, + { + title: 'Understanding NAT and Connectivity', + href: '/about-netbird/understanding-nat-and-connectivity', + }, + { + title: 'Why WireGuard with NetBird', + href: '/about-netbird/why-wireguard-with-netbird', + }, + { + title: 'Browser Client Architecture', + href: '/about-netbird/browser-client-architecture', + }, + { title: 'FAQ', href: '/about-netbird/faq' }, + /*{ title: 'Whats new in version xx', href: '/welcome/how-netbird-works' }, { title: 'Release notes', href: '/about-netbird/netbird-vs-traditional-vpn' },*/ - ], - }, - { - title: 'GET STARTED', + ], + }, + { + title: 'GET STARTED', + links: [ + { title: 'Quickstart Guide', href: '/get-started' }, + { + title: 'Install NetBird', + isOpen: true, + href: '/get-started/install', links: [ - { title: 'Quickstart Guide', href: '/get-started' }, - { - title: 'Install NetBird', isOpen: true, href: '/get-started/install', - links: [ - { title: 'Linux', href: '/get-started/install/linux' }, - { title: 'Windows', href: '/get-started/install/windows' }, - { title: 'MacOS', href: '/get-started/install/macos' }, - { title: 'Docker', href: '/get-started/install/docker' }, - { title: 'iOS', href: '/get-started/install/ios' }, - { title: 'tvOS', href: '/get-started/install/tvos'}, - { title: 'Android', href: '/get-started/install/android' }, - { title: 'Android TV', href: '/get-started/install/android-tv'} - ], - }, - { - title: 'Platforms', isOpen: false, - links: [ - { title: 'Proxmox VE', href: '/get-started/install/proxmox-ve' }, - { title: 'Synology', href: '/get-started/install/synology' }, - { title: 'TrueNAS', href: '/get-started/install/truenas' }, - { title: 'pfSense', href: '/get-started/install/pfsense' }, - { title: 'OPNsense', href: '/get-started/install/opnsense' }, - { title: 'Raspberry Pi', href: '/get-started/install/raspberrypi' }, - ] - }, - { title: 'CLI', href: '/get-started/cli' }, + { title: 'Linux', href: '/get-started/install/linux' }, + { title: 'Windows', href: '/get-started/install/windows' }, + { title: 'MacOS', href: '/get-started/install/macos' }, + { title: 'Docker', href: '/get-started/install/docker' }, + { title: 'iOS', href: '/get-started/install/ios' }, + { title: 'tvOS', href: '/get-started/install/tvos' }, + { title: 'Android', href: '/get-started/install/android' }, + { title: 'Android TV', href: '/get-started/install/android-tv' }, ], - }, - { - title: 'MANAGE NETBIRD', + }, + { + title: 'Platforms', + isOpen: false, links: [ - { title: 'Control Center', href: '/manage/control-center' }, - { - title: 'Peers', + { title: 'Proxmox VE', href: '/get-started/install/proxmox-ve' }, + { title: 'Synology', href: '/get-started/install/synology' }, + { title: 'TrueNAS', href: '/get-started/install/truenas' }, + { title: 'pfSense', href: '/get-started/install/pfsense' }, + { title: 'OPNsense', href: '/get-started/install/opnsense' }, + { title: 'Raspberry Pi', href: '/get-started/install/raspberrypi' }, + ], + }, + { title: 'CLI', href: '/get-started/cli' }, + ], + }, + { + title: 'MANAGE NETBIRD', + links: [ + { title: 'Control Center', href: '/manage/control-center' }, + { + title: 'Peers', + isOpen: false, + links: [ + { + title: 'Add Peers', + href: '/manage/peers/add-machines-to-your-network', + }, + { title: 'Approve Peers', href: '/manage/peers/approve-peers' }, + { + title: 'Setup Keys', + href: '/manage/peers/register-machines-using-setup-keys', + }, + { title: 'Browser Client', href: '/manage/peers/browser-client' }, + { title: 'SSH', href: '/manage/peers/ssh' }, + { title: 'Lazy Connections', href: '/manage/peers/lazy-connection' }, + { + title: 'Access Infrastructure', + isOpen: true, + links: [ + { + title: 'Access Remote Webserver', + href: '/manage/peers/access-infrastructure/secure-remote-webserver-access', + }, + { + title: 'Add Servers to the Network', + href: '/manage/peers/access-infrastructure/setup-keys-add-servers-to-network', + }, + { + title: 'Access from Kubernetes', + href: '/manage/peers/access-infrastructure/access-internal-resources-from-autoscaled-environments', + }, + { + title: 'Peer Approval for Remote Access', + href: '/manage/peers/access-infrastructure/peer-approval-for-remote-worker-access', + }, + ], + }, + { title: 'Auto Update', href: '/manage/peers/auto-update' }, + ], + }, + { + title: 'Access Control', + isOpen: false, + links: [ + { title: 'Groups & Policies', href: '/manage/access-control' }, + { + title: 'Manage Access', + href: '/manage/access-control/manage-network-access', + }, + { + title: 'Posture Checks', + href: '/manage/access-control/posture-checks', + isOpen: false, + links: [ + { + title: 'Disable route when in the office', + href: '/manage/access-control/posture-checks/connecting-from-the-office', + }, + ], + }, + { + title: 'Integrate MDM & EDR', + href: '/manage/access-control/endpoint-detection-and-response', + isOpen: false, + links: [ + { + title: 'CrowdStrike Falcon', + href: '/manage/access-control/endpoint-detection-and-response/crowdstrike-edr', + }, + { + title: 'Microsoft Intune', + href: '/manage/access-control/endpoint-detection-and-response/intune-mdm', + }, + { + title: 'SentinelOne Singularity', + href: '/manage/access-control/endpoint-detection-and-response/sentinelone-edr', + }, + { + title: 'Huntress', + href: '/manage/access-control/endpoint-detection-and-response/huntress-edr', + }, + ], + }, + ], + }, + { + title: 'Networks', + isOpen: false, + links: [ + { title: 'Concept', href: '/manage/networks' }, + { + title: 'Use Cases', + isOpen: false, + links: [ + { title: 'Overview', href: '/manage/networks/use-cases' }, + { + title: 'By Scenario', isOpen: false, links: [ - { title: 'Add Peers', href: '/manage/peers/add-machines-to-your-network' }, - { title: 'Approve Peers', href: '/manage/peers/approve-peers' }, - { title: 'Setup Keys', href: '/manage/peers/register-machines-using-setup-keys' }, - { title: 'Browser Client', href: '/manage/peers/browser-client' }, - { title: 'SSH', href: '/manage/peers/ssh' }, - { title: 'Lazy Connections', href: '/manage/peers/lazy-connection' }, - { - title: 'Access Infrastructure', - isOpen: true, - links: [ - { - title: 'Access Remote Webserver', - href: '/manage/peers/access-infrastructure/secure-remote-webserver-access' - }, - { - title: 'Add Servers to the Network', - href: '/manage/peers/access-infrastructure/setup-keys-add-servers-to-network' - }, - { - title: 'Access from Kubernetes', - href: '/manage/peers/access-infrastructure/access-internal-resources-from-autoscaled-environments' - }, - { - title: 'Peer Approval for Remote Access', - href: '/manage/peers/access-infrastructure/peer-approval-for-remote-worker-access' - }, - ] - }, - { title: 'Auto Update', href: '/manage/peers/auto-update' }, - ] - }, - { - title: 'Access Control', - isOpen: false, - links: [ - { title: 'Groups & Policies', href: '/manage/access-control' }, - { title: 'Manage Access', href: '/manage/access-control/manage-network-access' }, - { - title: 'Posture Checks', - href: '/manage/access-control/posture-checks', - isOpen: false, - links: [ - { title: 'Disable route when in the office', href: '/manage/access-control/posture-checks/connecting-from-the-office' }, - ] - }, - { - title: 'Integrate MDM & EDR', - href: '/manage/access-control/endpoint-detection-and-response', - isOpen: false, - links: [ - { title: 'CrowdStrike Falcon', href: '/manage/access-control/endpoint-detection-and-response/crowdstrike-edr' }, - { title: 'Microsoft Intune', href: '/manage/access-control/endpoint-detection-and-response/intune-mdm' }, - { title: 'SentinelOne Singularity', href: '/manage/access-control/endpoint-detection-and-response/sentinelone-edr' }, - { title: 'Huntress', href: '/manage/access-control/endpoint-detection-and-response/huntress-edr' }, - ] - }, - ] - }, - { - title: 'Networks', - isOpen: false, - links: [ - { title: 'Concept', href: '/manage/networks' }, - { - title: 'Use Cases', - isOpen: false, - links: [ - { title: 'Overview', href: '/manage/networks/use-cases' }, - { - title: 'By Scenario', - isOpen: false, - links: [ - { title: 'Access Home Devices', href: '/manage/networks/use-cases/by-scenario/access-home-devices' }, - { title: 'Remote Worker Access', href: '/manage/networks/use-cases/by-scenario/remote-worker-access' }, - { title: 'Cloud to On-Premise', href: '/manage/networks/use-cases/by-scenario/cloud-to-on-premise' }, - ] - }, - { - title: 'By Resource Type', - isOpen: false, - links: [ - { title: 'Multiple IP Resources', href: '/manage/networks/use-cases/by-resource-type/routing-traffic-to-multiple-resources' }, - { title: 'Domain Resources', href: '/manage/networks/use-cases/by-resource-type/accessing-restricted-domain-resources' }, - { title: 'Wildcard Domains', href: '/manage/networks/use-cases/by-resource-type/accessing-entire-domains-within-networks' }, - ] - }, - ] - } - ] - }, - { - title: 'Network Routes', - isOpen: false, - links: [ - { title: 'Concept', href: '/manage/network-routes' }, - { - title: 'Use Cases', - isOpen: false, - links: [ - { title: 'Overview', href: '/manage/network-routes/use-cases' }, - { - title: 'By Scenario', - isOpen: false, - links: [ - { title: 'Site-to-Site: Home', href: '/manage/network-routes/use-cases/by-scenario/site-to-site-home' }, - { title: 'Site-to-Site: Office', href: '/manage/network-routes/use-cases/by-scenario/site-to-site-office' }, - { title: 'Site-to-Site: Cloud', href: '/manage/network-routes/use-cases/by-scenario/site-to-site-cloud' }, - { title: 'Exit Nodes', href: '/manage/network-routes/use-cases/by-scenario/exit-nodes' }, - ] - }, - { - title: 'By Configuration', - isOpen: false, - links: [ - { title: 'Access Control', href: '/manage/network-routes/use-cases/by-configuration/access-control' }, - { title: 'Overlapping Routes', href: '/manage/network-routes/use-cases/by-configuration/overlapping-routes' }, - { title: 'Advanced Configuration', href: '/manage/network-routes/use-cases/by-configuration/advanced-configuration' }, - ] - }, - ] - } - ] - }, - { - title: 'Reverse Proxy', - isOpen: false, - links: [ - { title: 'Overview', href: '/manage/reverse-proxy' }, - { title: 'Custom Domains', href: '/manage/reverse-proxy/custom-domains' }, - { title: 'Authentication', href: '/manage/reverse-proxy/authentication' }, - { title: 'Access Logs', href: '/manage/reverse-proxy/access-logs' }, - ] - }, - { - title: 'DNS', - isOpen: false, - links: [ - { title: 'Quickstart', href: '/manage/dns/private-dns-behind-routing-peers' }, - { title: 'Overview', href: '/manage/dns' }, - { title: 'Configuring Nameservers', href: '/manage/dns/nameserver-groups' }, - { title: 'DNS Settings', href: '/manage/dns/dns-settings' }, - { title: 'Custom Zones', href: '/manage/dns/custom-zones' }, - { title: 'DNS Aliases for Routed Networks', href: '/manage/dns/dns-aliases-for-routed-networks' }, - { title: 'DNS Troubleshooting', href: '/manage/dns/troubleshooting' }, - ] - }, - { - title: 'Team', - isOpen: false, - links: [ - { title: 'Add Users to Your Network', href: '/manage/team/add-users-to-your-network' }, - { title: 'Approve Users', href: '/manage/team/approve-users' }, - { - title: 'Provision Users & Groups', - href: '/manage/team/idp-sync', - isOpen: false, - links: [ - { title: 'Microsoft Entra ID (API)', href: '/manage/team/idp-sync/microsoft-entra-id-sync' }, - { title: 'Microsoft Entra ID (SCIM)', href: '/manage/team/idp-sync/microsoft-entra-id-scim-sync' }, - { title: 'Okta', href: '/manage/team/idp-sync/okta-sync' }, - { title: 'Google Workspace', href: '/manage/team/idp-sync/google-workspace-sync' }, - { title: 'JumpCloud', href: '/manage/team/idp-sync/jumpcloud-sync' }, - { title: 'Keycloak', href: '/manage/team/idp-sync/keycloak-sync' }, - ] - }, - { - title: 'Auto-Offboard Users', - href: '/manage/team/auto-offboard-users', - isOpen: false, - }, - { - title: 'Single Sign-On', - href: '/manage/team/single-sign-on', - isOpen: false, -// links: [ -// { title: 'Authentik', href: '/manage/team/single-sign-on/authentik' }, -// { title: 'Keycloak', href: '/manage/team/single-sign-on/keycloak' }, -// { title: 'Auth0', href: '/manage/team/single-sign-on/auth0' }, -// { title: 'JumpCloud', href: '/manage/team/single-sign-on/jumpcloud' }, -// ] - }, - ] - }, - { - title: 'Activity', - links: [ - { title: 'Audit Events Logging', href: '/manage/activity' }, - { title: 'Traffic Events Logging', href: '/manage/activity/traffic-events-logging' }, - { - title: 'Stream Activity Events', - href: '/manage/activity/event-streaming', - isOpen: false, - links: [ - { title: 'Datadog', href: '/manage/activity/event-streaming/datadog' }, - { title: 'Amazon S3', href: '/manage/activity/event-streaming/amazon-s3' }, - { title: 'Amazon Firehose', href: '/manage/activity/event-streaming/amazon-firehose' }, - { title: 'SentinelOne Data Lake', href: '/manage/activity/event-streaming/sentinelone-data-lake' }, - { title: 'Generic HTTP', href: '/manage/activity/event-streaming/generic-http' }, - ] - }, + { + title: 'Access Home Devices', + href: '/manage/networks/use-cases/by-scenario/access-home-devices', + }, + { + title: 'Remote Worker Access', + href: '/manage/networks/use-cases/by-scenario/remote-worker-access', + }, + { + title: 'Cloud to On-Premise', + href: '/manage/networks/use-cases/by-scenario/cloud-to-on-premise', + }, ], - }, - { - title: 'Settings', + }, + { + title: 'By Resource Type', isOpen: false, links: [ - { title: 'Authentication', href: '/manage/settings/enforce-periodic-user-authentication' }, - { title: 'Multi-Factor Authentication', href: '/manage/settings/multi-factor-authentication' }, - { title: 'Delete Account', href: '/manage/settings/delete-account' }, - { title: 'Plans and Billing', href: '/manage/settings/plans-and-billing' }, - { title: 'Auto Update', href: '/manage/peers/auto-update' }, - { title: 'Lazy Connections', href: '/manage/peers/lazy-connection' }, - ] - }, - { - title: 'Integrations', + { + title: 'Multiple IP Resources', + href: '/manage/networks/use-cases/by-resource-type/routing-traffic-to-multiple-resources', + }, + { + title: 'Domain Resources', + href: '/manage/networks/use-cases/by-resource-type/accessing-restricted-domain-resources', + }, + { + title: 'Wildcard Domains', + href: '/manage/networks/use-cases/by-resource-type/accessing-entire-domains-within-networks', + }, + ], + }, + ], + }, + ], + }, + { + title: 'Network Routes', + isOpen: false, + links: [ + { title: 'Concept', href: '/manage/network-routes' }, + { + title: 'Use Cases', + isOpen: false, + links: [ + { title: 'Overview', href: '/manage/network-routes/use-cases' }, + { + title: 'By Scenario', isOpen: false, links: [ - { title: 'Enable Post Quantum Cryptography', href: '/manage/integrations/enable-post-quantum-cryptography' }, - { - title: 'MDM for Deployment', - isOpen: true, - links: [ - { title: 'Deploy with Jamf Pro', href: '/manage/integrations/mdm-deployment/jamf-pro-netbird-integration' }, - { title: 'Deploy with Kandji', href: '/manage/integrations/mdm-deployment/kandji-netbird-integration' }, - { title: 'Deploy with Intune', href: '/manage/integrations/mdm-deployment/intune-netbird-integration' }, - ] - }, - { - title: 'Kubernetes', - isOpen: true, - links: [ - { title: 'Operator', href: '/manage/integrations/kubernetes' }, - ] - }, - ] - }, + { + title: 'Site-to-Site: Home', + href: '/manage/network-routes/use-cases/by-scenario/site-to-site-home', + }, + { + title: 'Site-to-Site: Office', + href: '/manage/network-routes/use-cases/by-scenario/site-to-site-office', + }, + { + title: 'Site-to-Site: Cloud', + href: '/manage/network-routes/use-cases/by-scenario/site-to-site-cloud', + }, + { + title: 'Exit Nodes', + href: '/manage/network-routes/use-cases/by-scenario/exit-nodes', + }, + ], + }, + { + title: 'By Configuration', + isOpen: false, + links: [ + { + title: 'Access Control', + href: '/manage/network-routes/use-cases/by-configuration/access-control', + }, + { + title: 'Overlapping Routes', + href: '/manage/network-routes/use-cases/by-configuration/overlapping-routes', + }, + { + title: 'Advanced Configuration', + href: '/manage/network-routes/use-cases/by-configuration/advanced-configuration', + }, + ], + }, + ], + }, + ], + }, + { + title: 'Reverse Proxy', + isOpen: false, + links: [ + { title: 'Overview', href: '/manage/reverse-proxy' }, + { + title: 'Custom Domains', + href: '/manage/reverse-proxy/custom-domains', + }, + { + title: 'Authentication', + href: '/manage/reverse-proxy/authentication', + }, + { title: 'Access Logs', href: '/manage/reverse-proxy/access-logs' }, + ], + }, + { + title: 'DNS', + isOpen: false, + links: [ + { + title: 'Quickstart', + href: '/manage/dns/private-dns-behind-routing-peers', + }, + { title: 'Overview', href: '/manage/dns' }, + { + title: 'Configuring Nameservers', + href: '/manage/dns/nameserver-groups', + }, + { title: 'DNS Settings', href: '/manage/dns/dns-settings' }, + { title: 'Custom Zones', href: '/manage/dns/custom-zones' }, + { + title: 'DNS Aliases for Routed Networks', + href: '/manage/dns/dns-aliases-for-routed-networks', + }, + { title: 'DNS Troubleshooting', href: '/manage/dns/troubleshooting' }, + ], + }, + { + title: 'Team', + isOpen: false, + links: [ + { + title: 'Add Users to Your Network', + href: '/manage/team/add-users-to-your-network', + }, + { title: 'Approve Users', href: '/manage/team/approve-users' }, + { + title: 'Provision Users & Groups', + href: '/manage/team/idp-sync', + isOpen: false, + links: [ + { + title: 'Microsoft Entra ID (API)', + href: '/manage/team/idp-sync/microsoft-entra-id-sync', + }, + { + title: 'Microsoft Entra ID (SCIM)', + href: '/manage/team/idp-sync/microsoft-entra-id-scim-sync', + }, + { title: 'Okta', href: '/manage/team/idp-sync/okta-sync' }, + { + title: 'Google Workspace', + href: '/manage/team/idp-sync/google-workspace-sync', + }, + { + title: 'JumpCloud', + href: '/manage/team/idp-sync/jumpcloud-sync', + }, + { + title: 'Keycloak', + href: '/manage/team/idp-sync/keycloak-sync', + }, + ], + }, + { + title: 'Auto-Offboard Users', + href: '/manage/team/auto-offboard-users', + isOpen: false, + }, + { + title: 'Single Sign-On', + href: '/manage/team/single-sign-on', + isOpen: false, + // links: [ + // { title: 'Authentik', href: '/manage/team/single-sign-on/authentik' }, + // { title: 'Keycloak', href: '/manage/team/single-sign-on/keycloak' }, + // { title: 'Auth0', href: '/manage/team/single-sign-on/auth0' }, + // { title: 'JumpCloud', href: '/manage/team/single-sign-on/jumpcloud' }, + // ] + }, + ], + }, + { + title: 'Activity', + links: [ + { title: 'Audit Events Logging', href: '/manage/activity' }, + { + title: 'Traffic Events Logging', + href: '/manage/activity/traffic-events-logging', + }, + { + title: 'Stream Activity Events', + href: '/manage/activity/event-streaming', + isOpen: false, + links: [ + { + title: 'Datadog', + href: '/manage/activity/event-streaming/datadog', + }, + { + title: 'Amazon S3', + href: '/manage/activity/event-streaming/amazon-s3', + }, + { + title: 'Amazon Firehose', + href: '/manage/activity/event-streaming/amazon-firehose', + }, + { + title: 'SentinelOne Data Lake', + href: '/manage/activity/event-streaming/sentinelone-data-lake', + }, + { + title: 'Generic HTTP', + href: '/manage/activity/event-streaming/generic-http', + }, + ], + }, + ], + }, + { + title: 'Settings', + isOpen: false, + links: [ + { + title: 'Authentication', + href: '/manage/settings/enforce-periodic-user-authentication', + }, + { + title: 'Multi-Factor Authentication', + href: '/manage/settings/multi-factor-authentication', + }, + { title: 'Delete Account', href: '/manage/settings/delete-account' }, + { + title: 'Plans and Billing', + href: '/manage/settings/plans-and-billing', + }, + { title: 'Auto Update', href: '/manage/peers/auto-update' }, + { title: 'Lazy Connections', href: '/manage/peers/lazy-connection' }, + ], + }, + { + title: 'Integrations', + isOpen: false, + links: [ + { + title: 'MDM for Deployment', + isOpen: true, + links: [ + { + title: 'Deploy with Jamf Pro', + href: '/manage/integrations/mdm-deployment/jamf-pro-netbird-integration', + }, + { + title: 'Deploy with Kandji', + href: '/manage/integrations/mdm-deployment/kandji-netbird-integration', + }, + { + title: 'Deploy with Intune', + href: '/manage/integrations/mdm-deployment/intune-netbird-integration', + }, + ], + }, + { + title: 'Kubernetes', + isOpen: true, + links: [ + { title: 'Operator', href: '/manage/integrations/kubernetes' }, + ], + }, + ], + }, - { - title: 'Public API', - isOpen: false, - links: [ - { title: 'Access Public API', href: '/manage/public-api' }, - ] - }, - { - title: 'For Partners', - isOpen: false, - links: [ - { title: 'Managed Service Providers', href: '/manage/for-partners/msp-portal' }, - { title: 'Acronis NetBird integration', href: '/manage/for-partners/acronis-integration' }, - ] - }, - ], - }, - { - title: 'SELF-HOST NETBIRD', + { + title: 'Public API', + isOpen: false, + links: [{ title: 'Access Public API', href: '/manage/public-api' }], + }, + { + title: 'For Partners', + isOpen: false, links: [ - { title: 'Quickstart Guide', href: '/selfhosted/selfhosted-quickstart' }, - { - title: 'Maintenance', - isOpen: false, - links: [ - { title: 'Configuration Files', href: '/selfhosted/configuration-files' }, - { - title: 'Scaling Your Deployment', href: '/selfhosted/maintenance/scaling/scaling-your-self-hosted-deployment', - isOpen: false, - links: [ - { title: 'Set Up External Relays', href: '/selfhosted/maintenance/scaling/set-up-external-relays' }, - { title: 'Migrate SQLite to PostgreSQL', href: '/selfhosted/maintenance/scaling/migrate-sqlite-to-postgresql' }, - { title: 'Set Up External Signal', href: '/selfhosted/maintenance/scaling/set-up-external-signal' }, - ] - }, - { title: 'Backup', href: '/selfhosted/maintenance/backup' }, - { title: 'Upgrade', href: '/selfhosted/maintenance/upgrade' }, - { title: 'Remove', href: '/selfhosted/maintenance/remove' }, - { title: 'Reverse Proxy', href: '/selfhosted/reverse-proxy' }, - { title: 'Management SQLite Store', href: '/selfhosted/sqlite-store' }, - { title: 'Management Postgres Store', href: '/selfhosted/postgres-store' }, - { title: 'Activity Events Postgres Store', href: '/selfhosted/activity-postgres-store' }, - ] - }, - { - title: 'Authentication', - isOpen: false, - links: [ - { title: 'Authentication and IdPs', href: '/selfhosted/identity-providers' }, - { title: 'Local User Management', href: '/selfhosted/identity-providers/local' }, - { title: 'Disable Local Auth', href: '/selfhosted/identity-providers/disable-local-authentication' }, - { - title: 'Self-hosted IdPs', - isOpen: true, - links: [ - { title: 'Generic OIDC', href: '/selfhosted/identity-providers/generic-oidc' }, - { title: 'Zitadel', href: '/selfhosted/identity-providers/zitadel' }, - { title: 'Authentik', href: '/selfhosted/identity-providers/authentik' }, - { title: 'Keycloak', href: '/selfhosted/identity-providers/keycloak' }, - { title: 'PocketID', href: '/selfhosted/identity-providers/pocketid' }, - ] - }, - { - title: 'Managed IdPs', - isOpen: true, - links: [ - { title: 'Google Workspace', href: '/selfhosted/identity-providers/managed/google-workspace' }, - { title: 'Microsoft Entra ID', href: '/selfhosted/identity-providers/managed/microsoft-entra-id' }, - { title: 'JumpCloud', href: '/selfhosted/identity-providers/managed/jumpcloud' }, - { title: 'Auth0', href: '/selfhosted/identity-providers/managed/auth0' }, - { title: 'Duo', href: '/selfhosted/identity-providers/managed/duo' }, - { title: 'Okta', href: '/selfhosted/identity-providers/managed/okta' }, - ] - }, - ] - }, - { title: 'Advanced Guide', href: '/selfhosted/selfhosted-guide' }, - { title: 'Management geolocation', href: '/selfhosted/geo-support' }, - { title: 'Troubleshooting', href: '/selfhosted/troubleshooting' }, - { - title: 'Migration Guides', - isOpen: false, - links: [ - { title: 'Coturn to Embedded STUN', href: '/selfhosted/migration/coturn-to-stun-migration' }, - { title: 'Enable Reverse Proxy', href: '/selfhosted/migration/enable-reverse-proxy' }, - ] - }, + { + title: 'Managed Service Providers', + href: '/manage/for-partners/msp-portal', + }, + { + title: 'Acronis NetBird integration', + href: '/manage/for-partners/acronis-integration', + }, ], - }, - { - title: 'CLIENT', + }, + ], + }, + { + title: 'SELF-HOST NETBIRD', + links: [ + { title: 'Quickstart Guide', href: '/selfhosted/selfhosted-quickstart' }, + { + title: 'Maintenance', + isOpen: false, links: [ - { title: 'Profiles', href: '/client/profiles' }, + { + title: 'Configuration Files', + href: '/selfhosted/configuration-files', + }, + { + title: 'Scaling Your Deployment', + href: '/selfhosted/maintenance/scaling/scaling-your-self-hosted-deployment', + isOpen: false, + links: [ + { + title: 'Set Up External Relays', + href: '/selfhosted/maintenance/scaling/set-up-external-relays', + }, + { + title: 'Migrate SQLite to PostgreSQL', + href: '/selfhosted/maintenance/scaling/migrate-sqlite-to-postgresql', + }, + { + title: 'Set Up External Signal', + href: '/selfhosted/maintenance/scaling/set-up-external-signal', + }, + ], + }, + { title: 'Backup', href: '/selfhosted/maintenance/backup' }, + { title: 'Upgrade', href: '/selfhosted/maintenance/upgrade' }, + { title: 'Remove', href: '/selfhosted/maintenance/remove' }, + { title: 'Reverse Proxy', href: '/selfhosted/reverse-proxy' }, + { + title: 'Management SQLite Store', + href: '/selfhosted/sqlite-store', + }, + { + title: 'Management Postgres Store', + href: '/selfhosted/postgres-store', + }, + { + title: 'Activity Events Postgres Store', + href: '/selfhosted/activity-postgres-store', + }, ], - }, - { - title: 'USE CASES', + }, + { + title: 'Authentication', + isOpen: false, links: [ - { title: 'Overview', href: '/use-cases' }, - { - title: 'Remote Access', - isOpen: false, - links: [ - { title: 'Overview', href: '/use-cases/site-to-site' }, - ] - }, - { - title: 'Homelab', - isOpen: false, - links: [ - { title: 'Overview', href: '/use-cases/homelab' }, - { title: 'NetBird on MikroTik Router', href: '/use-cases/homelab/client-on-mikrotik-router' }, - ] - }, - { - title: 'Cloud', - isOpen: false, - links: [ - { title: 'Overview', href: '/use-cases/cloud' }, - { title: 'NetBird on AWS ECS', href: '/use-cases/cloud/aws-ecs-terraform' }, - { title: 'NetBird on Serverless (FaaS)', href: '/use-cases/cloud/netbird-on-faas' }, - { title: 'Routing Peers and Kubernetes', href: '/use-cases/cloud/routing-peers-and-kubernetes' }, - { title: 'Distributed Multi-Cloud AI', href: '/use-cases/cloud/distributed-multi-cloud-ai' }, - ] - }, - { - title: 'Security', - isOpen: false, - links: [ - { title: 'Overview', href: '/use-cases/security' }, - { title: 'Implement Zero Trust', href: '/use-cases/security/implement-zero-trust' }, - ] - }, + { + title: 'Authentication and IdPs', + href: '/selfhosted/identity-providers', + }, + { + title: 'Local User Management', + href: '/selfhosted/identity-providers/local', + }, + { + title: 'Disable Local Auth', + href: '/selfhosted/identity-providers/disable-local-authentication', + }, + { + title: 'Self-hosted IdPs', + isOpen: true, + links: [ + { + title: 'Generic OIDC', + href: '/selfhosted/identity-providers/generic-oidc', + }, + { + title: 'Zitadel', + href: '/selfhosted/identity-providers/zitadel', + }, + { + title: 'Authentik', + href: '/selfhosted/identity-providers/authentik', + }, + { + title: 'Keycloak', + href: '/selfhosted/identity-providers/keycloak', + }, + { + title: 'PocketID', + href: '/selfhosted/identity-providers/pocketid', + }, + ], + }, + { + title: 'Managed IdPs', + isOpen: true, + links: [ + { + title: 'Google Workspace', + href: '/selfhosted/identity-providers/managed/google-workspace', + }, + { + title: 'Microsoft Entra ID', + href: '/selfhosted/identity-providers/managed/microsoft-entra-id', + }, + { + title: 'JumpCloud', + href: '/selfhosted/identity-providers/managed/jumpcloud', + }, + { + title: 'Auth0', + href: '/selfhosted/identity-providers/managed/auth0', + }, + { + title: 'Duo', + href: '/selfhosted/identity-providers/managed/duo', + }, + { + title: 'Okta', + href: '/selfhosted/identity-providers/managed/okta', + }, + ], + }, ], - }, - { - title: 'GET MORE HELP', + }, + { title: 'Advanced Guide', href: '/selfhosted/selfhosted-guide' }, + { title: 'Management geolocation', href: '/selfhosted/geo-support' }, + { title: 'Troubleshooting', href: '/selfhosted/troubleshooting' }, + { + title: 'Migration Guides', + isOpen: false, links: [ - { title: 'Troubleshooting client issues', href: '/help/troubleshooting-client' }, - { title: 'Report bugs and issues', href: '/help/report-bug-issues' }, + { + title: 'Coturn to Embedded STUN', + href: '/selfhosted/migration/coturn-to-stun-migration', + }, + { + title: 'Enable Reverse Proxy', + href: '/selfhosted/migration/enable-reverse-proxy', + }, ], - }, + }, + ], + }, + { + title: 'CLIENT', + links: [ + { title: 'Profiles', href: '/client/profiles' }, + { + title: 'Settings', + isOpen: false, + links: [ + { + title: 'Block Inbound Connections', + href: '/client/block-inbound-connections', + }, + { + title: 'Post-Quantum Cryptography', + href: '/client/post-quantum-cryptography', + }, + ], + }, + ], + }, + { + title: 'USE CASES', + links: [ + { title: 'Overview', href: '/use-cases' }, + { + title: 'Remote Access', + isOpen: false, + links: [{ title: 'Overview', href: '/use-cases/site-to-site' }], + }, + { + title: 'Homelab', + isOpen: false, + links: [ + { title: 'Overview', href: '/use-cases/homelab' }, + { + title: 'NetBird on MikroTik Router', + href: '/use-cases/homelab/client-on-mikrotik-router', + }, + ], + }, + { + title: 'Cloud', + isOpen: false, + links: [ + { title: 'Overview', href: '/use-cases/cloud' }, + { + title: 'NetBird on AWS ECS', + href: '/use-cases/cloud/aws-ecs-terraform', + }, + { + title: 'NetBird on Serverless (FaaS)', + href: '/use-cases/cloud/netbird-on-faas', + }, + { + title: 'Routing Peers and Kubernetes', + href: '/use-cases/cloud/routing-peers-and-kubernetes', + }, + { + title: 'Distributed Multi-Cloud AI', + href: '/use-cases/cloud/distributed-multi-cloud-ai', + }, + ], + }, + { + title: 'Security', + isOpen: false, + links: [ + { title: 'Overview', href: '/use-cases/security' }, + { + title: 'Implement Zero Trust', + href: '/use-cases/security/implement-zero-trust', + }, + ], + }, + ], + }, + { + title: 'GET MORE HELP', + links: [ + { + title: 'Troubleshooting client issues', + href: '/help/troubleshooting-client', + }, + { title: 'Report bugs and issues', href: '/help/report-bug-issues' }, + ], + }, ] - + export function NavigationDocs({ className }) { - return ( - - ) + return ( + + ) } - + const findActiveGroupIndex = (group, pathname) => { - let activeIndex = -1 - group.links.forEach((link, index) => { - if (link.href === pathname) { - activeIndex = index - } else if (link.links) { - const childIndex = findActiveGroupIndex(link, pathname) - if (childIndex !== -1) { - activeIndex = index - } - } - }) - return activeIndex + let activeIndex = -1 + group.links.forEach((link, index) => { + if (link.href === pathname) { + activeIndex = index + } else if (link.links) { + const childIndex = findActiveGroupIndex(link, pathname) + if (childIndex !== -1) { + activeIndex = index + } + } + }) + return activeIndex } function NavigationGroup({ group, className, hasChildren }) { - let router = useRouter() - let isActiveGroup = findActiveGroupIndex(group, router.pathname) !== -1 - const [isOpen, setIsOpen] = useState(group.isOpen ? group.isOpen : !hasChildren) - const [, setActiveHighlight] = useNavigationState() + let router = useRouter() + let isActiveGroup = findActiveGroupIndex(group, router.pathname) !== -1 + const [isOpen, setIsOpen] = useState( + group.isOpen ? group.isOpen : !hasChildren + ) + const [, setActiveHighlight] = useNavigationState() - return ( -
  • - { - setIsOpen(!isOpen) - if (!isOpen) { - if (!isActiveGroup) router.push(group.links[0].href) - setActiveHighlight() - } else { - setActiveHighlight(group.title) - } - }} - data-nb-link={group.title} - data-nb-active={hasChildren && isActiveGroup ? '1' : '0'} + return ( +
  • + { + setIsOpen(!isOpen) + if (!isOpen) { + if (!isActiveGroup) router.push(group.links[0].href) + setActiveHighlight() + } else { + setActiveHighlight(group.title) + } + }} + data-nb-link={group.title} + data-nb-active={hasChildren && isActiveGroup ? '1' : '0'} + > + {group.title} + {hasChildren && ( + + )} + +
    + {!hasChildren && ( + <> + + {isActiveGroup && ( + + )} + + + + {isActiveGroup && ( + + )} + + + )} + + + {isOpen && ( + - {group.title} - {hasChildren && } - -
    - {!hasChildren && - <> - - {isActiveGroup && ( - - )} - - - - {isActiveGroup && ( - - )} - - - } - - - {isOpen && - {group.links.map((link) => { - return link.href ? - - - {link.title} - - - : - - })} - } - -
    -
    • - ) -} \ No newline at end of file + {group.links.map((link) => { + return link.href ? ( + + + {link.title} + + + ) : ( + + ) + })} + + )} + + + + ) +} diff --git a/src/pages/client/block-inbound-connections.mdx b/src/pages/client/block-inbound-connections.mdx new file mode 100644 index 00000000..2b70e637 --- /dev/null +++ b/src/pages/client/block-inbound-connections.mdx @@ -0,0 +1,55 @@ +import {Note} from "@/components/mdx"; + +# Block Inbound Connections + +The Block Inbound Connections setting prevents all inbound connections to the local machine and any networks it routes. When enabled, the NetBird client will drop all incoming peer traffic — including peer-to-peer connections, routed network traffic, and SSH — regardless of access control policies configured in the management service. + +This is a client-side override that takes precedence over any policies received from the management service. + + + Available since NetBird v0.46.0. + + +## When to use it + +- **Outbound-only peers**: A machine that only needs to access remote resources but should never be reachable by other peers. +- **Temporary lockdown**: Quickly block all inbound access to a machine without modifying server-side policies. +- **Defense-in-depth**: Add a client-side layer of protection alongside your access control policies. + +## What it blocks + +When Block Inbound Connections is enabled, the client will not add any inbound firewall rules. This means: + +- **Peer connections**: Other peers cannot initiate connections to this machine. +- **Routed network traffic**: If this peer acts as a routing peer, inbound traffic to its routed networks is also blocked. +- **SSH access**: NetBird SSH connections to this peer are blocked. + + + This setting overrides all policies from the management service. Even if an access control policy explicitly allows traffic to this peer, inbound connections will still be blocked. + + +## Enabling via the system tray + +1. Click the NetBird icon in the system tray. +2. Go to **Settings**. +3. Click **Block Inbound Connections** to toggle the setting. + +When enabled, a checkmark will appear next to the menu item. + +## Enabling via the CLI + +You can enable Block Inbound Connections when starting the NetBird client: + +```bash +netbird up --block-inbound +``` + +To disable it, run: + +```bash +netbird up --block-inbound=false +``` + + + When toggling this setting via the CLI, the system tray UI may not reflect the change until the NetBird GUI is restarted. + diff --git a/src/pages/manage/integrations/enable-post-quantum-cryptography.mdx b/src/pages/client/post-quantum-cryptography.mdx similarity index 93% rename from src/pages/manage/integrations/enable-post-quantum-cryptography.mdx rename to src/pages/client/post-quantum-cryptography.mdx index 576a736a..90b2bd07 100644 --- a/src/pages/manage/integrations/enable-post-quantum-cryptography.mdx +++ b/src/pages/client/post-quantum-cryptography.mdx @@ -1,6 +1,6 @@ import {Note} from "@/components/mdx"; -# Enable post-quantum cryptography +# Post-quantum cryptography Post-quantum cryptography aims to mitigate risks associated with quantum computing's potential to undermine existing encryption methods. Current concerns include the possibility of bad actors collecting encrypted network traffic to decrypt it once quantum computers become available. This 'harvest and decrypt later' strategy threatens the confidentiality of presently secure communications. @@ -24,6 +24,15 @@ that automatically rotates and applies WireGuard pre-shared keys to every point- This is still an experimental feature, may contain bugs, and is not supported on mobile devices. + +### Enabling via the system tray + +1. Click the NetBird icon in the system tray. +2. Go to **Settings**. +3. Click **Enable Quantum-Resistance** to toggle the setting. + +### Enabling via the CLI + Rosenpass can be enabled by setting a flag on client start-up. ```bash netbird up --enable-rosenpass @@ -60,9 +69,9 @@ netbird up --enable-rosenpass --rosenpass-permissive ## Get started -

    +

    -

    +
    - Make sure to [star us on GitHub](https://github.com/netbirdio/netbird) - Follow us [on X](https://x.com/netbird) diff --git a/src/pages/get-started/cli.mdx b/src/pages/get-started/cli.mdx index aa8fbbb0..590b08f8 100644 --- a/src/pages/get-started/cli.mdx +++ b/src/pages/get-started/cli.mdx @@ -97,6 +97,7 @@ The command will check if the peer is logged in and connect to the management se --interface-name string Wireguard interface name (default "utun100") --rosenpass-permissive [Experimental] Enable Rosenpass in permissive mode to allow this peer to accept WireGuard connections without requiring Rosenpass functionality from peers that do not have Rosenpass enabled. --wireguard-port uint16 Wireguard interface listening port (default 51820) + --block-inbound Block inbound connections. If enabled, the client will not allow any inbound connections to the local machine nor routed networks. This overrides any policies received from the management service. ``` #### Usage The minimal form of running the command is: diff --git a/src/pages/manage/peers/lazy-connection.mdx b/src/pages/manage/peers/lazy-connection.mdx index c08c0cec..c5649a13 100644 --- a/src/pages/manage/peers/lazy-connection.mdx +++ b/src/pages/manage/peers/lazy-connection.mdx @@ -42,6 +42,14 @@ Once a connection between two peers is established, it will remain open only if The default inactivity threshold is 60 minutes, and can be configured via the NB_LAZY_CONN_INACTIVITY_THRESHOLD environment variable (`60`). +## Enabling via the system tray + +You can toggle Lazy Connections directly from the NetBird system tray: + +1. Click the NetBird icon in the system tray. +2. Go to **Settings**. +3. Click **Enable Lazy Connections** to toggle the setting. + ## Enabling Lazy Connections on agent Lazy connections are disabled by default. You can enable Lazy Connections using the following environment variable: