sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-19 00:46:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add backend service configuration guide trusted proxies and fix images (#639)

Browse Source 
* Add backend service configuration guide for reverse proxy trusted proxies

Many self-hosted services (Jellyfin, Home Assistant, Nextcloud, Plex)
require a "trusted proxies" or "known hosts" setting when behind a
reverse proxy. With NetBird, the proxy's IP is a dynamic NetBird IP
from 100.64.0.0/10 that can change on restart, so hardcoding it breaks.

This adds a new doc page with the recommended solution (trust the full
CGNAT range), per-service config examples, Docker bridge network
guidance, and a warning on the reverse proxy overview page.

* Update service-configuration.mdx and move/add images

* Fixing typos

---------

Co-authored-by: Brandon Hopkins <brandon@techhut.tv>
This commit is contained in:
shuuri-labs
2026-02-27 20:27:30 +01:00
committed by GitHub
parent 3c8736f8f6
commit b35d3ce6c8
17 changed files with 137 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/pages/manage/reverse-proxy/authentication.mdx
View File

@@ -8,7 +8,7 @@ export const description =
NetBird Reverse Proxy supports multiple authentication methods to control who can access your exposed services. You can enable one or more methods on each service, or leave a service completely public. Authentication is configured per service in the **Authentication** tab when creating or editing a service.
<p>
<img src="/docs-static/img/manage/reverse-proxy/reverse-proxy-add-service-auth.png" alt="Authentication tab showing all available authentication methods" className="imagewrapper"/>
<img src="/docs-static/img/manage/reverse-proxy/authentication/reverse-proxy-add-service-auth.png" alt="Authentication tab showing all available authentication methods" className="imagewrapper"/>
</p>
## Authentication methods
@@ -22,7 +22,7 @@ SSO authentication requires users to authenticate through your identity provider
You can optionally restrict access to specific **distribution groups** from your IdP. When groups are configured, only users who belong to at least one of the selected groups are allowed through after authenticating.
<p>
<img src="/docs-static/img/manage/reverse-proxy/auth-sso-modal.png" alt="SSO configuration modal with group selection" className="imagewrapper"/>
<img src="/docs-static/img/manage/reverse-proxy/authentication/auth-sso-modal.png" alt="SSO configuration modal with group selection" className="imagewrapper"/>
</p>
**Key details:**
@@ -43,7 +43,7 @@ You can optionally restrict access to specific **distribution groups** from your
Password authentication protects a service with a shared password that you define. When a user visits the service URL, they are prompted to enter the password before they can proceed. Passwords are securely hashed using **Argon2id** on the backend - the plaintext password is never stored.
<p>
<img src="/docs-static/img/manage/reverse-proxy/auth-password-modal.png" alt="Password configuration modal" className="imagewrapper"/>
<img src="/docs-static/img/manage/reverse-proxy/authentication/auth-password-modal.png" alt="Password configuration modal" className="imagewrapper"/>
</p>
**Key details:**
@@ -60,7 +60,7 @@ Password authentication protects a service with a shared password that you defin
PIN code authentication works similarly to password authentication but is limited to numeric input. When a user visits the service URL, they are prompted to enter the PIN code. PINs are securely hashed using **Argon2id** on the backend, just like passwords.
<p>
<img src="/docs-static/img/manage/reverse-proxy/auth-pin-modal.png" alt="PIN Code configuration modal" className="imagewrapper"/>
<img src="/docs-static/img/manage/reverse-proxy/authentication/auth-pin-modal.png" alt="PIN Code configuration modal" className="imagewrapper"/>
</p>
**Key details:**
@@ -81,7 +81,7 @@ Services can also be configured without any authentication. When no authenticati
</Note>
<p>
<img src="/docs-static/img/manage/reverse-proxy/auth-no-auth-warning.png" alt="Warning dialog displayed when saving a service without authentication" className="imagewrapper"/>
<img src="/docs-static/img/manage/reverse-proxy/authentication/auth-no-auth-warning.png" alt="Warning dialog displayed when saving a service without authentication" className="imagewrapper"/>
</p>
**Best for:** Public-facing websites, APIs that handle their own authentication internally, or services that are intentionally open to the internet.