diff --git a/src/pages/ipa/resources/accounts.mdx b/src/pages/ipa/resources/accounts.mdx
index 68caf5f6..4b9df5ec 100644
--- a/src/pages/ipa/resources/accounts.mdx
+++ b/src/pages/ipa/resources/accounts.mdx
@@ -193,6 +193,7 @@ echo $response;
},
"lazy_connection_enabled": true,
"auto_update_version": "0.51.2",
+ "auto_update_always": false,
"embedded_idp_enabled": false,
"local_auth_disabled": false
},
@@ -241,6 +242,7 @@ echo $response;
},
"lazy_connection_enabled": "boolean",
"auto_update_version": "string",
+ "auto_update_always": "boolean",
"embedded_idp_enabled": "boolean",
"local_auth_disabled": "boolean"
},
@@ -566,6 +568,11 @@ echo $response;
Set Clients auto-update version. "latest", "disabled", or a specific version (e.g "0.50.1")
+
+
+
+ When true, updates are installed automatically in the background. When false, updates require user interaction from the UI.
+
@@ -648,6 +655,7 @@ curl -X PUT https://api.netbird.io/api/accounts/{accountId} \
},
"lazy_connection_enabled": true,
"auto_update_version": "0.51.2",
+ "auto_update_always": false,
"embedded_idp_enabled": false,
"local_auth_disabled": false
},
@@ -691,6 +699,7 @@ let data = JSON.stringify({
},
"lazy_connection_enabled": true,
"auto_update_version": "0.51.2",
+ "auto_update_always": false,
"embedded_idp_enabled": false,
"local_auth_disabled": false
},
@@ -756,6 +765,7 @@ payload = json.dumps({
},
"lazy_connection_enabled": true,
"auto_update_version": "0.51.2",
+ "auto_update_always": false,
"embedded_idp_enabled": false,
"local_auth_disabled": false
},
@@ -821,6 +831,7 @@ func main() {
},
"lazy_connection_enabled": true,
"auto_update_version": "0.51.2",
+ "auto_update_always": false,
"embedded_idp_enabled": false,
"local_auth_disabled": false
},
@@ -904,6 +915,7 @@ request.body = JSON.dump({
},
"lazy_connection_enabled": true,
"auto_update_version": "0.51.2",
+ "auto_update_always": false,
"embedded_idp_enabled": false,
"local_auth_disabled": false
},
@@ -951,6 +963,7 @@ RequestBody body = RequestBody.create(mediaType, '{
},
"lazy_connection_enabled": true,
"auto_update_version": "0.51.2",
+ "auto_update_always": false,
"embedded_idp_enabled": false,
"local_auth_disabled": false
},
@@ -1014,6 +1027,7 @@ curl_setopt_array($curl, array(
},
"lazy_connection_enabled": true,
"auto_update_version": "0.51.2",
+ "auto_update_always": false,
"embedded_idp_enabled": false,
"local_auth_disabled": false
},
@@ -1072,6 +1086,7 @@ echo $response;
},
"lazy_connection_enabled": true,
"auto_update_version": "0.51.2",
+ "auto_update_always": false,
"embedded_idp_enabled": false,
"local_auth_disabled": false
},
@@ -1118,6 +1133,7 @@ echo $response;
},
"lazy_connection_enabled": "boolean",
"auto_update_version": "string",
+ "auto_update_always": "boolean",
"embedded_idp_enabled": "boolean",
"local_auth_disabled": "boolean"
},
diff --git a/src/pages/ipa/resources/events.mdx b/src/pages/ipa/resources/events.mdx
index 0d7fa755..1b677b12 100644
--- a/src/pages/ipa/resources/events.mdx
+++ b/src/pages/ipa/resources/events.mdx
@@ -806,8 +806,10 @@ echo $response;
"auth_method_used": "oidc",
"country_code": "US",
"city_name": "San Francisco",
+ "subdivision_code": "CA",
"bytes_upload": 1024,
- "bytes_download": 8192
+ "bytes_download": 8192,
+ "protocol": "http"
}
],
"page": 1,
@@ -834,8 +836,10 @@ echo $response;
"auth_method_used": "string",
"country_code": "string",
"city_name": "string",
+ "subdivision_code": "string",
"bytes_upload": "integer",
- "bytes_download": "integer"
+ "bytes_download": "integer",
+ "protocol": "string"
}
],
"page": "integer",
diff --git a/src/pages/ipa/resources/services.mdx b/src/pages/ipa/resources/services.mdx
index 87cdee67..9e255a3d 100644
--- a/src/pages/ipa/resources/services.mdx
+++ b/src/pages/ipa/resources/services.mdx
@@ -2,1868 +2,6 @@ export const title = 'Services'
-## List all Services {{ tag: 'GET' , label: '/api/reverse-proxies/services' }}
-
-
-
- Returns a list of all reverse proxy services
-
-
-
-
-```bash {{ title: 'cURL' }}
-curl -X GET https://api.netbird.io/api/reverse-proxies/services \
--H 'Accept: application/json' \
--H 'Authorization: Token '
-```
-
-```js
-const axios = require('axios');
-
-let config = {
- method: 'get',
- maxBodyLength: Infinity,
- url: '/api/reverse-proxies/services',
- headers: {
- 'Accept': 'application/json',
- 'Authorization': 'Token '
- }
-};
-
-axios(config)
-.then((response) => {
- console.log(JSON.stringify(response.data));
-})
-.catch((error) => {
- console.log(error);
-});
-```
-
-```python
-import requests
-import json
-
-url = "https://api.netbird.io/api/reverse-proxies/services"
-
-headers = {
- 'Accept': 'application/json',
- 'Authorization': 'Token '
-}
-
-response = requests.request("GET", url, headers=headers)
-
-print(response.text)
-```
-
-```go
-package main
-
-import (
- "fmt"
- "strings"
- "net/http"
- "io/ioutil"
-)
-
-func main() {
-
- url := "https://api.netbird.io/api/reverse-proxies/services"
- method := "GET"
-
- client := &http.Client {
- }
- req, err := http.NewRequest(method, url, nil)
-
- if err != nil {
- fmt.Println(err)
- return
- {
-
- req.Header.Add("Accept", "application/json")
- req.Header.Add("Authorization", "Token ")
-
- res, err := client.Do(req)
- if err != nil {
- fmt.Println(err)
- return
- }
- defer res.Body.Close()
-
- body, err := ioutil.ReadAll(res.Body)
- if err != nil {
- fmt.Println(err)
- return
- }
- fmt.Println(string(body))
-}
-```
-
-```ruby
-require "uri"
-require "json"
-require "net/http"
-
-url = URI("https://api.netbird.io/api/reverse-proxies/services")
-
-https = Net::HTTP.new(url.host, url.port)
-https.use_ssl = true
-
-request = Net::HTTP::Get.new(url)
-request["Accept"] = "application/json"
-request["Authorization"] = "Token "
-
-response = https.request(request)
-puts response.read_body
-```
-
-```java
-OkHttpClient client = new OkHttpClient().newBuilder()
- .build();
-
-Request request = new Request.Builder()
- .url("https://api.netbird.io/api/reverse-proxies/services")
- .method("GET")
- .addHeader("Accept", "application/json")
- .addHeader("Authorization: Token ")
- .build();
-Response response = client.newCall(request).execute();
-```
-
-```php
- 'https://api.netbird.io/api/reverse-proxies/services',
- CURLOPT_RETURNTRANSFER => true,
- CURLOPT_ENCODING => '',
- CURLOPT_MAXREDIRS => 10,
- CURLOPT_TIMEOUT => 0,
- CURLOPT_FOLLOWLOCATION => true,
- CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
- CURLOPT_CUSTOMREQUEST => 'GET',
- CURLOPT_HTTPHEADER => array(
- 'Accept: application/json',
- 'Authorization: Token '
- ),
-));
-
-$response = curl_exec($curl);
-
-curl_close($curl);
-echo $response;
-```
-
-
-
-
-
-```json {{ title: 'Example' }}
-[
- {
- "id": {
- "type": "string",
- "description": "Service ID"
- },
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
- "proxy_cluster": "eu.proxy.netbird.io",
- "targets": [
- {
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
- "options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
- }
- }
- ],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled"
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
- "auth": {
- "password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
- },
- "pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
- },
- "bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
- "distribution_groups": [
- {
- "type": "string"
- }
- ]
- },
- "link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
- }
- }
- },
- "meta": {
- "created_at": "2024-02-03T10:30:00Z",
- "certificate_issued_at": "2024-02-03T10:35:00Z",
- "status": "active"
- }
- }
-]
-```
-```json {{ title: 'Schema' }}
-[
- {
- "id": "string",
- "name": "string",
- "domain": "string",
- "proxy_cluster": "string",
- "targets": [
- {
- "target_id": "string",
- "target_type": "string",
- "path": "string",
- "protocol": "string",
- "host": "string",
- "port": "integer",
- "enabled": "boolean",
- "options": {
- "skip_tls_verify": "boolean",
- "request_timeout": "string",
- "path_rewrite": "string",
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": "string",
- "additionalProperties": "string"
- }
- }
- }
- ],
- "enabled": "boolean",
- "pass_host_header": "boolean",
- "rewrite_redirects": "boolean",
- "auth": {
- "password_auth": {
- "enabled": "boolean",
- "password": "string"
- },
- "pin_auth": {
- "enabled": "boolean",
- "pin": "string"
- },
- "bearer_auth": {
- "enabled": "boolean",
- "distribution_groups": [
- "string"
- ]
- },
- "link_auth": {
- "enabled": "boolean"
- }
- },
- "meta": {
- "created_at": "string",
- "certificate_issued_at": "string",
- "status": "string"
- }
- }
-]
-```
-
-
-
-
-
-
----
-
-
-## Create a Service {{ tag: 'POST' , label: '/api/reverse-proxies/services' }}
-
-
-
- Creates a new reverse proxy service
-
- ### Request-Body Parameters
-
-
-
- Service name
-
-
-
-
- Domain for the service
-
-
-
-
-
- List of target backends for this service
-
-
-
-
- Target ID
-
-
-
-
- Target type (e.g., "peer", "resource")
-
-
-
-
- URL path prefix for this target
-
-
-
-
- Protocol to use when connecting to the backend
-
-
-
-
- Backend ip or domain for this target
-
-
-
-
- Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https).
-
-
-
-
- Whether this target is enabled
-
-
-
-
-
- More Information
-
-
-
-
- Skip TLS certificate verification for this backend
-
-
-
-
- Per-target response timeout as a Go duration string (e.g. "30s", "2m")
-
-
-
-
- Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. "preserve" keeps the full original request path.
-
-
-
-
- Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Whether the service is enabled
-
-
-
-
- When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address
-
-
-
-
- When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain
-
-
-
-
-
- More Information
-
-
-
-
-
- More Information
-
-
-
-
- Whether password auth is enabled
-
-
-
-
- Auth password
-
-
-
-
-
-
-
-
-
-
-
- More Information
-
-
-
-
- Whether PIN auth is enabled
-
-
-
-
- PIN value
-
-
-
-
-
-
-
-
-
-
-
- More Information
-
-
-
-
- Whether bearer auth is enabled
-
-
-
-
- List of group IDs that can use bearer auth
-
-
-
-
-
-
-
-
-
-
-
- More Information
-
-
-
-
- Whether link auth is enabled
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-```bash {{ title: 'cURL' }}
-curl -X POST https://api.netbird.io/api/reverse-proxies/services \
--H 'Accept: application/json' \
--H 'Content-Type: application/json' \
--H 'Authorization: Token ' \
---data-raw '{
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
- "targets": [
- {
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
- "options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
- }
- }
- ],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
- "auth": {
- "password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
- },
- "pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
- },
- "bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
- "distribution_groups": [
- {
- "type": "string"
- }
- ]
- },
- "link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
- }
- }
- }
-}'
-```
-
-```js
-const axios = require('axios');
-let data = JSON.stringify({
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
- "targets": [
- {
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
- "options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
- }
- }
- ],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
- "auth": {
- "password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
- },
- "pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
- },
- "bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
- "distribution_groups": [
- {
- "type": "string"
- }
- ]
- },
- "link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
- }
- }
- }
-});
-let config = {
- method: 'post',
- maxBodyLength: Infinity,
- url: '/api/reverse-proxies/services',
- headers: {
- 'Accept': 'application/json',
- 'Content-Type': 'application/json',
- 'Authorization': 'Token '
- },
- data : data
-};
-
-axios(config)
-.then((response) => {
- console.log(JSON.stringify(response.data));
-})
-.catch((error) => {
- console.log(error);
-});
-```
-
-```python
-import requests
-import json
-
-url = "https://api.netbird.io/api/reverse-proxies/services"
-payload = json.dumps({
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
- "targets": [
- {
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
- "options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
- }
- }
- ],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
- "auth": {
- "password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
- },
- "pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
- },
- "bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
- "distribution_groups": [
- {
- "type": "string"
- }
- ]
- },
- "link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
- }
- }
- }
-})
-headers = {
- 'Content-Type': 'application/json',
- 'Accept': 'application/json',
- 'Authorization': 'Token '
-}
-
-response = requests.request("POST", url, headers=headers, data=payload)
-
-print(response.text)
-```
-
-```go
-package main
-
-import (
- "fmt"
- "strings"
- "net/http"
- "io/ioutil"
-)
-
-func main() {
-
- url := "https://api.netbird.io/api/reverse-proxies/services"
- method := "POST"
-
- payload := strings.NewReader(`{
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
- "targets": [
- {
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
- "options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
- }
- }
- ],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
- "auth": {
- "password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
- },
- "pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
- },
- "bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
- "distribution_groups": [
- {
- "type": "string"
- }
- ]
- },
- "link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
- }
- }
- }
-}`)
- client := &http.Client {
- }
- req, err := http.NewRequest(method, url, payload)
-
- if err != nil {
- fmt.Println(err)
- return
- {
-
- req.Header.Add("Content-Type", "application/json")
- req.Header.Add("Accept", "application/json")
- req.Header.Add("Authorization", "Token ")
-
- res, err := client.Do(req)
- if err != nil {
- fmt.Println(err)
- return
- }
- defer res.Body.Close()
-
- body, err := ioutil.ReadAll(res.Body)
- if err != nil {
- fmt.Println(err)
- return
- }
- fmt.Println(string(body))
-}
-```
-
-```ruby
-require "uri"
-require "json"
-require "net/http"
-
-url = URI("https://api.netbird.io/api/reverse-proxies/services")
-
-https = Net::HTTP.new(url.host, url.port)
-https.use_ssl = true
-
-request = Net::HTTP::Post.new(url)
-request["Content-Type"] = "application/json"
-request["Accept"] = "application/json"
-request["Authorization"] = "Token "
-
-request.body = JSON.dump({
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
- "targets": [
- {
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
- "options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
- }
- }
- ],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
- "auth": {
- "password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
- },
- "pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
- },
- "bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
- "distribution_groups": [
- {
- "type": "string"
- }
- ]
- },
- "link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
- }
- }
- }
-})
-response = https.request(request)
-puts response.read_body
-```
-
-```java
-OkHttpClient client = new OkHttpClient().newBuilder()
- .build();
-MediaType mediaType = MediaType.parse("application/json");
-RequestBody body = RequestBody.create(mediaType, '{
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
- "targets": [
- {
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
- "options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
- }
- }
- ],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
- "auth": {
- "password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
- },
- "pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
- },
- "bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
- "distribution_groups": [
- {
- "type": "string"
- }
- ]
- },
- "link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
- }
- }
- }
-}');
-Request request = new Request.Builder()
- .url("https://api.netbird.io/api/reverse-proxies/services")
- .method("POST", body)
- .addHeader("Content-Type", "application/json")
- .addHeader("Accept", "application/json")
- .addHeader("Authorization: Token ")
- .build();
-Response response = client.newCall(request).execute();
-```
-
-```php
- 'https://api.netbird.io/api/reverse-proxies/services',
- CURLOPT_RETURNTRANSFER => true,
- CURLOPT_ENCODING => '',
- CURLOPT_MAXREDIRS => 10,
- CURLOPT_TIMEOUT => 0,
- CURLOPT_FOLLOWLOCATION => true,
- CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
- CURLOPT_CUSTOMREQUEST => 'POST',
- CURLOPT_POSTFIELDS => '{
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
- "targets": [
- {
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
- "options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
- }
- }
- ],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
- "auth": {
- "password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
- },
- "pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
- },
- "bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
- "distribution_groups": [
- {
- "type": "string"
- }
- ]
- },
- "link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
- }
- }
- }
-}',
- CURLOPT_HTTPHEADER => array(
- 'Content-Type: application/json',
- 'Accept: application/json',
- 'Authorization: Token '
- ),
-));
-
-$response = curl_exec($curl);
-
-curl_close($curl);
-echo $response;
-```
-
-
-
-
-
-```json {{ title: 'Example' }}
-{
- "id": {
- "type": "string",
- "description": "Service ID"
- },
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
- "proxy_cluster": "eu.proxy.netbird.io",
- "targets": [
- {
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
- "options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
- }
- }
- ],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled"
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
- "auth": {
- "password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
- },
- "pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
- },
- "bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
- "distribution_groups": [
- {
- "type": "string"
- }
- ]
- },
- "link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
- }
- }
- },
- "meta": {
- "created_at": "2024-02-03T10:30:00Z",
- "certificate_issued_at": "2024-02-03T10:35:00Z",
- "status": "active"
- }
-}
-```
-```json {{ title: 'Schema' }}
-{
- "id": "string",
- "name": "string",
- "domain": "string",
- "proxy_cluster": "string",
- "targets": [
- {
- "target_id": "string",
- "target_type": "string",
- "path": "string",
- "protocol": "string",
- "host": "string",
- "port": "integer",
- "enabled": "boolean",
- "options": {
- "skip_tls_verify": "boolean",
- "request_timeout": "string",
- "path_rewrite": "string",
- "custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": "string",
- "additionalProperties": "string"
- }
- }
- }
- ],
- "enabled": "boolean",
- "pass_host_header": "boolean",
- "rewrite_redirects": "boolean",
- "auth": {
- "password_auth": {
- "enabled": "boolean",
- "password": "string"
- },
- "pin_auth": {
- "enabled": "boolean",
- "pin": "string"
- },
- "bearer_auth": {
- "enabled": "boolean",
- "distribution_groups": [
- "string"
- ]
- },
- "link_auth": {
- "enabled": "boolean"
- }
- },
- "meta": {
- "created_at": "string",
- "certificate_issued_at": "string",
- "status": "string"
- }
-}
-```
-
-
-
-
-
-
----
-
-
## List available proxy clusters {{ tag: 'GET' , label: '/api/reverse-proxies/clusters' }}
@@ -2046,6 +184,1454 @@ echo $response;
---
+## List all Services {{ tag: 'GET' , label: '/api/reverse-proxies/services' }}
+
+
+
+ Returns a list of all reverse proxy services
+
+
+
+
+```bash {{ title: 'cURL' }}
+curl -X GET https://api.netbird.io/api/reverse-proxies/services \
+-H 'Accept: application/json' \
+-H 'Authorization: Token '
+```
+
+```js
+const axios = require('axios');
+
+let config = {
+ method: 'get',
+ maxBodyLength: Infinity,
+ url: '/api/reverse-proxies/services',
+ headers: {
+ 'Accept': 'application/json',
+ 'Authorization': 'Token '
+ }
+};
+
+axios(config)
+.then((response) => {
+ console.log(JSON.stringify(response.data));
+})
+.catch((error) => {
+ console.log(error);
+});
+```
+
+```python
+import requests
+import json
+
+url = "https://api.netbird.io/api/reverse-proxies/services"
+
+headers = {
+ 'Accept': 'application/json',
+ 'Authorization': 'Token '
+}
+
+response = requests.request("GET", url, headers=headers)
+
+print(response.text)
+```
+
+```go
+package main
+
+import (
+ "fmt"
+ "strings"
+ "net/http"
+ "io/ioutil"
+)
+
+func main() {
+
+ url := "https://api.netbird.io/api/reverse-proxies/services"
+ method := "GET"
+
+ client := &http.Client {
+ }
+ req, err := http.NewRequest(method, url, nil)
+
+ if err != nil {
+ fmt.Println(err)
+ return
+ {
+
+ req.Header.Add("Accept", "application/json")
+ req.Header.Add("Authorization", "Token ")
+
+ res, err := client.Do(req)
+ if err != nil {
+ fmt.Println(err)
+ return
+ }
+ defer res.Body.Close()
+
+ body, err := ioutil.ReadAll(res.Body)
+ if err != nil {
+ fmt.Println(err)
+ return
+ }
+ fmt.Println(string(body))
+}
+```
+
+```ruby
+require "uri"
+require "json"
+require "net/http"
+
+url = URI("https://api.netbird.io/api/reverse-proxies/services")
+
+https = Net::HTTP.new(url.host, url.port)
+https.use_ssl = true
+
+request = Net::HTTP::Get.new(url)
+request["Accept"] = "application/json"
+request["Authorization"] = "Token "
+
+response = https.request(request)
+puts response.read_body
+```
+
+```java
+OkHttpClient client = new OkHttpClient().newBuilder()
+ .build();
+
+Request request = new Request.Builder()
+ .url("https://api.netbird.io/api/reverse-proxies/services")
+ .method("GET")
+ .addHeader("Accept", "application/json")
+ .addHeader("Authorization: Token ")
+ .build();
+Response response = client.newCall(request).execute();
+```
+
+```php
+ 'https://api.netbird.io/api/reverse-proxies/services',
+ CURLOPT_RETURNTRANSFER => true,
+ CURLOPT_ENCODING => '',
+ CURLOPT_MAXREDIRS => 10,
+ CURLOPT_TIMEOUT => 0,
+ CURLOPT_FOLLOWLOCATION => true,
+ CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
+ CURLOPT_CUSTOMREQUEST => 'GET',
+ CURLOPT_HTTPHEADER => array(
+ 'Accept: application/json',
+ 'Authorization: Token '
+ ),
+));
+
+$response = curl_exec($curl);
+
+curl_close($curl);
+echo $response;
+```
+
+
+
+
+
+```json {{ title: 'Example' }}
+[
+ {
+ "id": "cs8i4ug6lnn4g9hqv7mg",
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 8443,
+ "port_auto_assigned": false,
+ "proxy_cluster": "eu.proxy.netbird.io",
+ "targets": [
+ {
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
+ "options": {
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
+ "custom_headers": {
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
+ }
+ }
+ ],
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
+ "auth": {
+ "password_auth": {
+ "enabled": true,
+ "password": "s3cret"
+ },
+ "pin_auth": {
+ "enabled": false,
+ "pin": "1234"
+ },
+ "bearer_auth": {
+ "enabled": true,
+ "distribution_groups": [
+ "ch8i4ug6lnn4g9hqv7mg"
+ ]
+ },
+ "link_auth": {
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
+ },
+ "meta": {
+ "created_at": "2024-02-03T10:30:00Z",
+ "certificate_issued_at": "2024-02-03T10:35:00Z",
+ "status": "active"
+ }
+ }
+]
+```
+```json {{ title: 'Schema' }}
+[
+ {
+ "id": "string",
+ "name": "string",
+ "domain": "string",
+ "mode": "string",
+ "listen_port": "integer",
+ "port_auto_assigned": "boolean",
+ "proxy_cluster": "string",
+ "targets": [
+ {
+ "target_id": "string",
+ "target_type": "string",
+ "path": "string",
+ "protocol": "string",
+ "host": "string",
+ "port": "integer",
+ "enabled": "boolean",
+ "options": {
+ "skip_tls_verify": "boolean",
+ "request_timeout": "string",
+ "path_rewrite": "string",
+ "custom_headers": {
+ "type": "object",
+ "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
+ "propertyNames": "string",
+ "additionalProperties": "string",
+ "example": {
+ "X-Custom-Header": "value"
+ }
+ },
+ "proxy_protocol": "boolean",
+ "session_idle_timeout": "string"
+ }
+ }
+ ],
+ "enabled": "boolean",
+ "pass_host_header": "boolean",
+ "rewrite_redirects": "boolean",
+ "auth": {
+ "password_auth": {
+ "enabled": "boolean",
+ "password": "string"
+ },
+ "pin_auth": {
+ "enabled": "boolean",
+ "pin": "string"
+ },
+ "bearer_auth": {
+ "enabled": "boolean",
+ "distribution_groups": [
+ "string"
+ ]
+ },
+ "link_auth": {
+ "enabled": "boolean"
+ },
+ "header_auths": [
+ {
+ "enabled": "boolean",
+ "header": "string",
+ "value": "string"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "string"
+ ],
+ "blocked_cidrs": [
+ "string"
+ ],
+ "allowed_countries": [
+ "string"
+ ],
+ "blocked_countries": [
+ "string"
+ ]
+ },
+ "meta": {
+ "created_at": "string",
+ "certificate_issued_at": "string",
+ "status": "string"
+ }
+ }
+]
+```
+
+
+
+
+
+
+---
+
+
+## Create a Service {{ tag: 'POST' , label: '/api/reverse-proxies/services' }}
+
+
+
+ Creates a new reverse proxy service
+
+ ### Request-Body Parameters
+
+
+
+ Service name
+
+
+
+
+ Domain for the service
+
+
+
+
+ Service mode. "http" for L7 reverse proxy, "tcp"/"udp"/"tls" for L4 passthrough.
+
+
+
+
+ Port the proxy listens on (L4/TLS only). Set to 0 for auto-assignment.
+
+
+
+
+
+ List of target backends for this service
+
+
+
+
+ Target ID
+
+
+
+
+ Target type
+
+
+
+
+ URL path prefix for this target (HTTP only)
+
+
+
+
+ Protocol to use when connecting to the backend
+
+
+
+
+ Backend ip or domain for this target
+
+
+
+
+ Backend port for this target
+
+
+
+
+ Whether this target is enabled
+
+
+
+
+
+ More Information
+
+
+
+
+ Skip TLS certificate verification for this backend
+
+
+
+
+ Per-target response timeout as a Go duration string (e.g. "30s", "2m")
+
+
+
+
+ Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. "preserve" keeps the full original request path.
+
+
+
+
+ Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.
+
+
+
+
+ Send PROXY Protocol v2 header to this backend (TCP/TLS only)
+
+
+
+
+ Idle timeout before a UDP session is reaped, as a Go duration string (e.g. "30s", "2m").
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Whether the service is enabled
+
+
+
+
+ When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address
+
+
+
+
+ When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain
+
+
+
+
+
+ More Information
+
+
+
+
+
+ More Information
+
+
+
+
+ Whether password auth is enabled
+
+
+
+
+ Auth password
+
+
+
+
+
+
+
+
+
+
+
+ More Information
+
+
+
+
+ Whether PIN auth is enabled
+
+
+
+
+ PIN value
+
+
+
+
+
+
+
+
+
+
+
+ More Information
+
+
+
+
+ Whether bearer auth is enabled
+
+
+
+
+ List of group IDs that can use bearer auth
+
+
+
+
+
+
+
+
+
+
+
+ More Information
+
+
+
+
+ Whether link auth is enabled
+
+
+
+
+
+
+
+
+
+
+
+ More Information
+
+
+
+
+ Whether header auth is enabled
+
+
+
+
+ HTTP header name to check (e.g. "Authorization", "X-API-Key")
+
+
+
+
+ Expected header value. For Basic auth use "Basic base64(user:pass)". For Bearer use "Bearer token". Cleared in responses.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Connection-level access restrictions based on IP address or geography. Applies to both HTTP and L4 services.
+
+
+
+
+ CIDR allowlist. If non-empty, only IPs matching these CIDRs are allowed.
+
+
+
+
+ CIDR blocklist. Connections from these CIDRs are rejected. Evaluated after allowed_cidrs.
+
+
+
+
+ ISO 3166-1 alpha-2 country codes to allow. If non-empty, only these countries are permitted.
+
+
+
+
+ ISO 3166-1 alpha-2 country codes to block.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+```bash {{ title: 'cURL' }}
+curl -X POST https://api.netbird.io/api/reverse-proxies/services \
+-H 'Accept: application/json' \
+-H 'Content-Type: application/json' \
+-H 'Authorization: Token ' \
+--data-raw '{
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
+ "targets": [
+ {
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
+ "options": {
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
+ "custom_headers": {
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
+ }
+ }
+ ],
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
+ "auth": {
+ "password_auth": {
+ "enabled": true,
+ "password": "s3cret"
+ },
+ "pin_auth": {
+ "enabled": false,
+ "pin": "1234"
+ },
+ "bearer_auth": {
+ "enabled": true,
+ "distribution_groups": [
+ "ch8i4ug6lnn4g9hqv7mg"
+ ]
+ },
+ "link_auth": {
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
+ }
+}'
+```
+
+```js
+const axios = require('axios');
+let data = JSON.stringify({
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
+ "targets": [
+ {
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
+ "options": {
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
+ "custom_headers": {
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
+ }
+ }
+ ],
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
+ "auth": {
+ "password_auth": {
+ "enabled": true,
+ "password": "s3cret"
+ },
+ "pin_auth": {
+ "enabled": false,
+ "pin": "1234"
+ },
+ "bearer_auth": {
+ "enabled": true,
+ "distribution_groups": [
+ "ch8i4ug6lnn4g9hqv7mg"
+ ]
+ },
+ "link_auth": {
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
+ }
+});
+let config = {
+ method: 'post',
+ maxBodyLength: Infinity,
+ url: '/api/reverse-proxies/services',
+ headers: {
+ 'Accept': 'application/json',
+ 'Content-Type': 'application/json',
+ 'Authorization': 'Token '
+ },
+ data : data
+};
+
+axios(config)
+.then((response) => {
+ console.log(JSON.stringify(response.data));
+})
+.catch((error) => {
+ console.log(error);
+});
+```
+
+```python
+import requests
+import json
+
+url = "https://api.netbird.io/api/reverse-proxies/services"
+payload = json.dumps({
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
+ "targets": [
+ {
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
+ "options": {
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
+ "custom_headers": {
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
+ }
+ }
+ ],
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
+ "auth": {
+ "password_auth": {
+ "enabled": true,
+ "password": "s3cret"
+ },
+ "pin_auth": {
+ "enabled": false,
+ "pin": "1234"
+ },
+ "bearer_auth": {
+ "enabled": true,
+ "distribution_groups": [
+ "ch8i4ug6lnn4g9hqv7mg"
+ ]
+ },
+ "link_auth": {
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
+ }
+})
+headers = {
+ 'Content-Type': 'application/json',
+ 'Accept': 'application/json',
+ 'Authorization': 'Token '
+}
+
+response = requests.request("POST", url, headers=headers, data=payload)
+
+print(response.text)
+```
+
+```go
+package main
+
+import (
+ "fmt"
+ "strings"
+ "net/http"
+ "io/ioutil"
+)
+
+func main() {
+
+ url := "https://api.netbird.io/api/reverse-proxies/services"
+ method := "POST"
+
+ payload := strings.NewReader(`{
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
+ "targets": [
+ {
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
+ "options": {
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
+ "custom_headers": {
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
+ }
+ }
+ ],
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
+ "auth": {
+ "password_auth": {
+ "enabled": true,
+ "password": "s3cret"
+ },
+ "pin_auth": {
+ "enabled": false,
+ "pin": "1234"
+ },
+ "bearer_auth": {
+ "enabled": true,
+ "distribution_groups": [
+ "ch8i4ug6lnn4g9hqv7mg"
+ ]
+ },
+ "link_auth": {
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
+ }
+}`)
+ client := &http.Client {
+ }
+ req, err := http.NewRequest(method, url, payload)
+
+ if err != nil {
+ fmt.Println(err)
+ return
+ {
+
+ req.Header.Add("Content-Type", "application/json")
+ req.Header.Add("Accept", "application/json")
+ req.Header.Add("Authorization", "Token ")
+
+ res, err := client.Do(req)
+ if err != nil {
+ fmt.Println(err)
+ return
+ }
+ defer res.Body.Close()
+
+ body, err := ioutil.ReadAll(res.Body)
+ if err != nil {
+ fmt.Println(err)
+ return
+ }
+ fmt.Println(string(body))
+}
+```
+
+```ruby
+require "uri"
+require "json"
+require "net/http"
+
+url = URI("https://api.netbird.io/api/reverse-proxies/services")
+
+https = Net::HTTP.new(url.host, url.port)
+https.use_ssl = true
+
+request = Net::HTTP::Post.new(url)
+request["Content-Type"] = "application/json"
+request["Accept"] = "application/json"
+request["Authorization"] = "Token "
+
+request.body = JSON.dump({
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
+ "targets": [
+ {
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
+ "options": {
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
+ "custom_headers": {
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
+ }
+ }
+ ],
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
+ "auth": {
+ "password_auth": {
+ "enabled": true,
+ "password": "s3cret"
+ },
+ "pin_auth": {
+ "enabled": false,
+ "pin": "1234"
+ },
+ "bearer_auth": {
+ "enabled": true,
+ "distribution_groups": [
+ "ch8i4ug6lnn4g9hqv7mg"
+ ]
+ },
+ "link_auth": {
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
+ }
+})
+response = https.request(request)
+puts response.read_body
+```
+
+```java
+OkHttpClient client = new OkHttpClient().newBuilder()
+ .build();
+MediaType mediaType = MediaType.parse("application/json");
+RequestBody body = RequestBody.create(mediaType, '{
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
+ "targets": [
+ {
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
+ "options": {
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
+ "custom_headers": {
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
+ }
+ }
+ ],
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
+ "auth": {
+ "password_auth": {
+ "enabled": true,
+ "password": "s3cret"
+ },
+ "pin_auth": {
+ "enabled": false,
+ "pin": "1234"
+ },
+ "bearer_auth": {
+ "enabled": true,
+ "distribution_groups": [
+ "ch8i4ug6lnn4g9hqv7mg"
+ ]
+ },
+ "link_auth": {
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
+ }
+}');
+Request request = new Request.Builder()
+ .url("https://api.netbird.io/api/reverse-proxies/services")
+ .method("POST", body)
+ .addHeader("Content-Type", "application/json")
+ .addHeader("Accept", "application/json")
+ .addHeader("Authorization: Token ")
+ .build();
+Response response = client.newCall(request).execute();
+```
+
+```php
+ 'https://api.netbird.io/api/reverse-proxies/services',
+ CURLOPT_RETURNTRANSFER => true,
+ CURLOPT_ENCODING => '',
+ CURLOPT_MAXREDIRS => 10,
+ CURLOPT_TIMEOUT => 0,
+ CURLOPT_FOLLOWLOCATION => true,
+ CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
+ CURLOPT_CUSTOMREQUEST => 'POST',
+ CURLOPT_POSTFIELDS => '{
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
+ "targets": [
+ {
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
+ "options": {
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
+ "custom_headers": {
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
+ }
+ }
+ ],
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
+ "auth": {
+ "password_auth": {
+ "enabled": true,
+ "password": "s3cret"
+ },
+ "pin_auth": {
+ "enabled": false,
+ "pin": "1234"
+ },
+ "bearer_auth": {
+ "enabled": true,
+ "distribution_groups": [
+ "ch8i4ug6lnn4g9hqv7mg"
+ ]
+ },
+ "link_auth": {
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
+ }
+}',
+ CURLOPT_HTTPHEADER => array(
+ 'Content-Type: application/json',
+ 'Accept: application/json',
+ 'Authorization: Token '
+ ),
+));
+
+$response = curl_exec($curl);
+
+curl_close($curl);
+echo $response;
+```
+
+
+
+
+
+```json {{ title: 'Example' }}
+{
+ "id": "cs8i4ug6lnn4g9hqv7mg",
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 8443,
+ "port_auto_assigned": false,
+ "proxy_cluster": "eu.proxy.netbird.io",
+ "targets": [
+ {
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
+ "options": {
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
+ "custom_headers": {
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
+ }
+ }
+ ],
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
+ "auth": {
+ "password_auth": {
+ "enabled": true,
+ "password": "s3cret"
+ },
+ "pin_auth": {
+ "enabled": false,
+ "pin": "1234"
+ },
+ "bearer_auth": {
+ "enabled": true,
+ "distribution_groups": [
+ "ch8i4ug6lnn4g9hqv7mg"
+ ]
+ },
+ "link_auth": {
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
+ },
+ "meta": {
+ "created_at": "2024-02-03T10:30:00Z",
+ "certificate_issued_at": "2024-02-03T10:35:00Z",
+ "status": "active"
+ }
+}
+```
+```json {{ title: 'Schema' }}
+{
+ "id": "string",
+ "name": "string",
+ "domain": "string",
+ "mode": "string",
+ "listen_port": "integer",
+ "port_auto_assigned": "boolean",
+ "proxy_cluster": "string",
+ "targets": [
+ {
+ "target_id": "string",
+ "target_type": "string",
+ "path": "string",
+ "protocol": "string",
+ "host": "string",
+ "port": "integer",
+ "enabled": "boolean",
+ "options": {
+ "skip_tls_verify": "boolean",
+ "request_timeout": "string",
+ "path_rewrite": "string",
+ "custom_headers": {
+ "type": "object",
+ "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
+ "propertyNames": "string",
+ "additionalProperties": "string",
+ "example": {
+ "X-Custom-Header": "value"
+ }
+ },
+ "proxy_protocol": "boolean",
+ "session_idle_timeout": "string"
+ }
+ }
+ ],
+ "enabled": "boolean",
+ "pass_host_header": "boolean",
+ "rewrite_redirects": "boolean",
+ "auth": {
+ "password_auth": {
+ "enabled": "boolean",
+ "password": "string"
+ },
+ "pin_auth": {
+ "enabled": "boolean",
+ "pin": "string"
+ },
+ "bearer_auth": {
+ "enabled": "boolean",
+ "distribution_groups": [
+ "string"
+ ]
+ },
+ "link_auth": {
+ "enabled": "boolean"
+ },
+ "header_auths": [
+ {
+ "enabled": "boolean",
+ "header": "string",
+ "value": "string"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "string"
+ ],
+ "blocked_cidrs": [
+ "string"
+ ],
+ "allowed_countries": [
+ "string"
+ ],
+ "blocked_countries": [
+ "string"
+ ]
+ },
+ "meta": {
+ "created_at": "string",
+ "certificate_issued_at": "string",
+ "status": "string"
+ }
+}
+```
+
+
+
+
+
+
+---
+
+
## Retrieve a Service {{ tag: 'GET' , label: '/api/reverse-proxies/services/{serviceId}' }}
@@ -2213,138 +1799,76 @@ echo $response;
```json {{ title: 'Example' }}
{
- "id": {
- "type": "string",
- "description": "Service ID"
- },
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "id": "cs8i4ug6lnn4g9hqv7mg",
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 8443,
+ "port_auto_assigned": false,
"proxy_cluster": "eu.proxy.netbird.io",
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled"
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
},
"meta": {
"created_at": "2024-02-03T10:30:00Z",
@@ -2358,6 +1882,9 @@ echo $response;
"id": "string",
"name": "string",
"domain": "string",
+ "mode": "string",
+ "listen_port": "integer",
+ "port_auto_assigned": "boolean",
"proxy_cluster": "string",
"targets": [
{
@@ -2376,8 +1903,13 @@ echo $response;
"type": "object",
"description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
"propertyNames": "string",
- "additionalProperties": "string"
- }
+ "additionalProperties": "string",
+ "example": {
+ "X-Custom-Header": "value"
+ }
+ },
+ "proxy_protocol": "boolean",
+ "session_idle_timeout": "string"
}
}
],
@@ -2401,7 +1933,28 @@ echo $response;
},
"link_auth": {
"enabled": "boolean"
- }
+ },
+ "header_auths": [
+ {
+ "enabled": "boolean",
+ "header": "string",
+ "value": "string"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "string"
+ ],
+ "blocked_cidrs": [
+ "string"
+ ],
+ "allowed_countries": [
+ "string"
+ ],
+ "blocked_countries": [
+ "string"
+ ]
},
"meta": {
"created_at": "string",
@@ -2445,7 +1998,17 @@ echo $response;
Domain for the service
-
+
+
+ Service mode. "http" for L7 reverse proxy, "tcp"/"udp"/"tls" for L4 passthrough.
+
+
+
+
+ Port the proxy listens on (L4/TLS only). Set to 0 for auto-assignment.
+
+
+
List of target backends for this service
@@ -2456,17 +2019,17 @@ echo $response;
Target ID
-
+
- Target type (e.g., "peer", "resource")
+ Target type
- URL path prefix for this target
+ URL path prefix for this target (HTTP only)
-
+
Protocol to use when connecting to the backend
@@ -2476,9 +2039,9 @@ echo $response;
Backend ip or domain for this target
-
+
- Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https).
+ Backend port for this target
@@ -2511,6 +2074,16 @@ echo $response;
Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.
+
+
+
+ Send PROXY Protocol v2 header to this backend (TCP/TLS only)
+
+
+
+
+ Idle timeout before a UDP session is reaped, as a Go duration string (e.g. "30s", "2m").
+
@@ -2539,7 +2112,7 @@ echo $response;
When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain
-
+
More Information
@@ -2627,6 +2200,65 @@ echo $response;
+
+
+
+
+ More Information
+
+
+
+
+ Whether header auth is enabled
+
+
+
+
+ HTTP header name to check (e.g. "Authorization", "X-API-Key")
+
+
+
+
+ Expected header value. For Basic auth use "Basic base64(user:pass)". For Bearer use "Bearer token". Cleared in responses.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Connection-level access restrictions based on IP address or geography. Applies to both HTTP and L4 services.
+
+
+
+
+ CIDR allowlist. If non-empty, only IPs matching these CIDRs are allowed.
+
+
+
+
+ CIDR blocklist. Connections from these CIDRs are rejected. Evaluated after allowed_cidrs.
+
+
+
+
+ ISO 3166-1 alpha-2 country codes to allow. If non-empty, only these countries are permitted.
+
+
+
+
+ ISO 3166-1 alpha-2 country codes to block.
+
@@ -2647,134 +2279,73 @@ curl -X PUT https://api.netbird.io/api/reverse-proxies/services/{serviceId} \
-H 'Content-Type: application/json' \
-H 'Authorization: Token ' \
--data-raw '{
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
}
}'
```
@@ -2782,134 +2353,73 @@ curl -X PUT https://api.netbird.io/api/reverse-proxies/services/{serviceId} \
```js
const axios = require('axios');
let data = JSON.stringify({
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
}
});
let config = {
@@ -2939,134 +2449,73 @@ import json
url = "https://api.netbird.io/api/reverse-proxies/services/{serviceId}"
payload = json.dumps({
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
}
})
headers = {
@@ -3096,134 +2545,73 @@ func main() {
method := "PUT"
payload := strings.NewReader(`{
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
}
}`)
client := &http.Client {
@@ -3271,134 +2659,73 @@ request["Accept"] = "application/json"
request["Authorization"] = "Token "
request.body = JSON.dump({
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
}
})
response = https.request(request)
@@ -3410,134 +2737,73 @@ OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, '{
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
}
}');
Request request = new Request.Builder()
@@ -3565,134 +2831,73 @@ curl_setopt_array($curl, array(
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'PUT',
CURLOPT_POSTFIELDS => '{
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 5432,
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled",
- "default": true
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
}
}',
CURLOPT_HTTPHEADER => array(
@@ -3714,138 +2919,76 @@ echo $response;
```json {{ title: 'Example' }}
{
- "id": {
- "type": "string",
- "description": "Service ID"
- },
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "id": "cs8i4ug6lnn4g9hqv7mg",
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 8443,
+ "port_auto_assigned": false,
"proxy_cluster": "eu.proxy.netbird.io",
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled"
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
},
"meta": {
"created_at": "2024-02-03T10:30:00Z",
@@ -3859,6 +3002,9 @@ echo $response;
"id": "string",
"name": "string",
"domain": "string",
+ "mode": "string",
+ "listen_port": "integer",
+ "port_auto_assigned": "boolean",
"proxy_cluster": "string",
"targets": [
{
@@ -3877,8 +3023,13 @@ echo $response;
"type": "object",
"description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
"propertyNames": "string",
- "additionalProperties": "string"
- }
+ "additionalProperties": "string",
+ "example": {
+ "X-Custom-Header": "value"
+ }
+ },
+ "proxy_protocol": "boolean",
+ "session_idle_timeout": "string"
}
}
],
@@ -3902,7 +3053,28 @@ echo $response;
},
"link_auth": {
"enabled": "boolean"
- }
+ },
+ "header_auths": [
+ {
+ "enabled": "boolean",
+ "header": "string",
+ "value": "string"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "string"
+ ],
+ "blocked_cidrs": [
+ "string"
+ ],
+ "allowed_countries": [
+ "string"
+ ],
+ "blocked_countries": [
+ "string"
+ ]
},
"meta": {
"created_at": "string",
@@ -4244,23 +3416,13 @@ echo $response;
```json {{ title: 'Example' }}
[
{
- "id": {
- "type": "string",
- "description": "Domain ID"
- },
- "domain": {
- "type": "string",
- "description": "Domain name"
- },
- "validated": {
- "type": "boolean",
- "description": "Whether the domain has been validated"
- },
+ "id": "ds8i4ug6lnn4g9hqv7mg",
+ "domain": "example.netbird.app",
+ "validated": true,
"type": "free",
- "target_cluster": {
- "type": "string",
- "description": "The proxy cluster this domain is validated against (only for custom domains)"
- }
+ "target_cluster": "eu.proxy.netbird.io",
+ "supports_custom_ports": true,
+ "require_subdomain": false
}
]
```
@@ -4271,7 +3433,9 @@ echo $response;
"domain": "string",
"validated": "boolean",
"type": "string",
- "target_cluster": "string"
+ "target_cluster": "string",
+ "supports_custom_ports": "boolean",
+ "require_subdomain": "boolean"
}
]
```
@@ -4315,28 +3479,16 @@ curl -X POST https://api.netbird.io/api/reverse-proxies/domains \
-H 'Content-Type: application/json' \
-H 'Authorization: Token ' \
--data-raw '{
- "domain": {
- "type": "string",
- "description": "Domain name"
- },
- "target_cluster": {
- "type": "string",
- "description": "The proxy cluster this domain should be validated against"
- }
+ "domain": "myapp.example.com",
+ "target_cluster": "eu.proxy.netbird.io"
}'
```
```js
const axios = require('axios');
let data = JSON.stringify({
- "domain": {
- "type": "string",
- "description": "Domain name"
- },
- "target_cluster": {
- "type": "string",
- "description": "The proxy cluster this domain should be validated against"
- }
+ "domain": "myapp.example.com",
+ "target_cluster": "eu.proxy.netbird.io"
});
let config = {
method: 'post',
@@ -4365,14 +3517,8 @@ import json
url = "https://api.netbird.io/api/reverse-proxies/domains"
payload = json.dumps({
- "domain": {
- "type": "string",
- "description": "Domain name"
- },
- "target_cluster": {
- "type": "string",
- "description": "The proxy cluster this domain should be validated against"
- }
+ "domain": "myapp.example.com",
+ "target_cluster": "eu.proxy.netbird.io"
})
headers = {
'Content-Type': 'application/json',
@@ -4401,14 +3547,8 @@ func main() {
method := "POST"
payload := strings.NewReader(`{
- "domain": {
- "type": "string",
- "description": "Domain name"
- },
- "target_cluster": {
- "type": "string",
- "description": "The proxy cluster this domain should be validated against"
- }
+ "domain": "myapp.example.com",
+ "target_cluster": "eu.proxy.netbird.io"
}`)
client := &http.Client {
}
@@ -4455,14 +3595,8 @@ request["Accept"] = "application/json"
request["Authorization"] = "Token "
request.body = JSON.dump({
- "domain": {
- "type": "string",
- "description": "Domain name"
- },
- "target_cluster": {
- "type": "string",
- "description": "The proxy cluster this domain should be validated against"
- }
+ "domain": "myapp.example.com",
+ "target_cluster": "eu.proxy.netbird.io"
})
response = https.request(request)
puts response.read_body
@@ -4473,14 +3607,8 @@ OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, '{
- "domain": {
- "type": "string",
- "description": "Domain name"
- },
- "target_cluster": {
- "type": "string",
- "description": "The proxy cluster this domain should be validated against"
- }
+ "domain": "myapp.example.com",
+ "target_cluster": "eu.proxy.netbird.io"
}');
Request request = new Request.Builder()
.url("https://api.netbird.io/api/reverse-proxies/domains")
@@ -4507,14 +3635,8 @@ curl_setopt_array($curl, array(
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => '{
- "domain": {
- "type": "string",
- "description": "Domain name"
- },
- "target_cluster": {
- "type": "string",
- "description": "The proxy cluster this domain should be validated against"
- }
+ "domain": "myapp.example.com",
+ "target_cluster": "eu.proxy.netbird.io"
}',
CURLOPT_HTTPHEADER => array(
'Content-Type: application/json',
@@ -4535,138 +3657,76 @@ echo $response;
```json {{ title: 'Example' }}
{
- "id": {
- "type": "string",
- "description": "Service ID"
- },
- "name": {
- "type": "string",
- "description": "Service name"
- },
- "domain": {
- "type": "string",
- "description": "Domain for the service"
- },
+ "id": "cs8i4ug6lnn4g9hqv7mg",
+ "name": "myapp.example.netbird.app",
+ "domain": "myapp.example.netbird.app",
+ "mode": "http",
+ "listen_port": 8443,
+ "port_auto_assigned": false,
"proxy_cluster": "eu.proxy.netbird.io",
"targets": [
{
- "target_id": {
- "type": "string",
- "description": "Target ID"
- },
- "target_type": {
- "type": "string",
- "description": "Target type (e.g., \"peer\", \"resource\")",
- "enum": [
- "peer",
- "resource"
- ]
- },
- "path": {
- "type": "string",
- "description": "URL path prefix for this target"
- },
- "protocol": {
- "type": "string",
- "description": "Protocol to use when connecting to the backend",
- "enum": [
- "http",
- "https"
- ]
- },
- "host": {
- "type": "string",
- "description": "Backend ip or domain for this target"
- },
- "port": {
- "type": "integer",
- "description": "Backend port for this target. Use 0 or omit to use the scheme default (80 for http, 443 for https)."
- },
- "enabled": {
- "type": "boolean",
- "description": "Whether this target is enabled"
- },
+ "target_id": "cs8i4ug6lnn4g9hqv7mg",
+ "target_type": "subnet",
+ "path": "/",
+ "protocol": "http",
+ "host": "10.10.0.1",
+ "port": 8080,
+ "enabled": true,
"options": {
- "skip_tls_verify": {
- "type": "boolean",
- "description": "Skip TLS certificate verification for this backend"
- },
- "request_timeout": {
- "type": "string",
- "description": "Per-target response timeout as a Go duration string (e.g. \"30s\", \"2m\")"
- },
- "path_rewrite": {
- "type": "string",
- "description": "Controls how the request path is rewritten before forwarding to the backend. Default strips the matched prefix. \"preserve\" keeps the full original request path.",
- "enum": [
- "preserve"
- ]
- },
+ "skip_tls_verify": false,
+ "request_timeout": "30s",
+ "path_rewrite": "preserve",
"custom_headers": {
- "type": "object",
- "description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
- "propertyNames": {
- "type": "string",
- "pattern": "^[!#$%&'*+.^_`|~0-9A-Za-z-]+$"
- },
- "additionalProperties": {
- "type": "string",
- "pattern": "^[^\\r\\n]*$"
- }
- }
+ "X-Custom-Header": "value"
+ },
+ "proxy_protocol": false,
+ "session_idle_timeout": "2m"
}
}
],
- "enabled": {
- "type": "boolean",
- "description": "Whether the service is enabled"
- },
- "pass_host_header": {
- "type": "boolean",
- "description": "When true, the original client Host header is passed through to the backend instead of being rewritten to the backend's address"
- },
- "rewrite_redirects": {
- "type": "boolean",
- "description": "When true, Location headers in backend responses are rewritten to replace the backend address with the public-facing domain"
- },
+ "enabled": true,
+ "pass_host_header": false,
+ "rewrite_redirects": false,
"auth": {
"password_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether password auth is enabled"
- },
- "password": {
- "type": "string",
- "description": "Auth password"
- }
+ "enabled": true,
+ "password": "s3cret"
},
"pin_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether PIN auth is enabled"
- },
- "pin": {
- "type": "string",
- "description": "PIN value"
- }
+ "enabled": false,
+ "pin": "1234"
},
"bearer_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether bearer auth is enabled"
- },
+ "enabled": true,
"distribution_groups": [
- {
- "type": "string"
- }
+ "ch8i4ug6lnn4g9hqv7mg"
]
},
"link_auth": {
- "enabled": {
- "type": "boolean",
- "description": "Whether link auth is enabled"
+ "enabled": false
+ },
+ "header_auths": [
+ {
+ "enabled": true,
+ "header": "X-API-Key",
+ "value": "my-secret-api-key"
}
- }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "192.168.1.0/24"
+ ],
+ "blocked_cidrs": [
+ "10.0.0.0/8"
+ ],
+ "allowed_countries": [
+ "US"
+ ],
+ "blocked_countries": [
+ "DE"
+ ]
},
"meta": {
"created_at": "2024-02-03T10:30:00Z",
@@ -4680,6 +3740,9 @@ echo $response;
"id": "string",
"name": "string",
"domain": "string",
+ "mode": "string",
+ "listen_port": "integer",
+ "port_auto_assigned": "boolean",
"proxy_cluster": "string",
"targets": [
{
@@ -4698,8 +3761,13 @@ echo $response;
"type": "object",
"description": "Extra headers sent to the backend. Hop-by-hop and proxy-managed headers (Host, Connection, Transfer-Encoding, etc.) are rejected.",
"propertyNames": "string",
- "additionalProperties": "string"
- }
+ "additionalProperties": "string",
+ "example": {
+ "X-Custom-Header": "value"
+ }
+ },
+ "proxy_protocol": "boolean",
+ "session_idle_timeout": "string"
}
}
],
@@ -4723,7 +3791,28 @@ echo $response;
},
"link_auth": {
"enabled": "boolean"
- }
+ },
+ "header_auths": [
+ {
+ "enabled": "boolean",
+ "header": "string",
+ "value": "string"
+ }
+ ]
+ },
+ "access_restrictions": {
+ "allowed_cidrs": [
+ "string"
+ ],
+ "blocked_cidrs": [
+ "string"
+ ],
+ "allowed_countries": [
+ "string"
+ ],
+ "blocked_countries": [
+ "string"
+ ]
},
"meta": {
"created_at": "string",