From e3603aa4ee6ae3cbfb2fc7ab61452cde168c3976 Mon Sep 17 00:00:00 2001 From: Misha Bragin Date: Sat, 14 Feb 2026 16:33:11 +0100 Subject: [PATCH] Fix reverse proxy wording (#599) --- .../selfhosted/selfhosted-quickstart.mdx | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/pages/selfhosted/selfhosted-quickstart.mdx b/src/pages/selfhosted/selfhosted-quickstart.mdx index e20ac9d2..7f7fff0e 100644 --- a/src/pages/selfhosted/selfhosted-quickstart.mdx +++ b/src/pages/selfhosted/selfhosted-quickstart.mdx @@ -13,7 +13,8 @@ This is the quickest way to try self-hosted NetBird. It should take around 5 min ## Infrastructure requirements - A Linux VM with at least **1CPU** and **2GB** of memory. - The VM must be publicly accessible on **TCP ports 80 and 443**, and **UDP port 3478**. -- A **public domain** name that resolves to the VM's public IP address. +- A **public domain** name that resolves to the VM's public IP address (e.g. `netbird.example.com`). +- *(Optional, for Proxy feature)* A **separate domain** for the proxy with a **wildcard DNS record** pointing to the same server IP. For example, if your management domain is `netbird.example.com`, add a wildcard record for `*.proxy.netbird.example.com`. ## Software requirements @@ -146,24 +147,28 @@ When you select the built-in Traefik option (`[0]`), the script asks whether you ``` Do you want to enable the NetBird Proxy service? -The proxy exposes internal NetBird network resources to the internet. +The proxy allows you to selectively expose internal NetBird network resources +to the internet. You control which resources are exposed through the dashboard. Enable proxy? [y/N]: ``` If you answer `y`, the script prompts for a **proxy domain**: ``` -WARNING: The proxy domain MUST NOT be a subdomain of the NetBird management -domain (netbird.example.com). Using a subdomain will cause TLS certificate conflicts. +NOTE: The proxy domain must be different from the management domain (netbird.example.com) +to avoid TLS certificate conflicts. -Enter the domain for the NetBird Proxy (e.g. proxy.my-domain.com): +You also need to add a wildcard DNS record for the proxy domain, +e.g. *.proxy.netbird.example.com pointing to the same server IP as netbird.example.com. + +Enter the domain for the NetBird Proxy (e.g. proxy.netbird.example.com): ``` -The proxy domain **must not** be a subdomain of your NetBird management domain. For example, if your management server is at `netbird.example.com`, do not use `proxy.netbird.example.com`. Use a separate subdomain like `proxy.example.com` instead. Using a subdomain of the management domain causes TLS certificate conflicts. +The proxy domain **must be different** from your NetBird management domain to avoid TLS certificate conflicts. -The script then automatically generates a proxy access token, creates a `proxy.env` configuration file, and starts the proxy container alongside the other services. Point a wildcard DNS record (`*.proxy.example.com`) to your server's IP address so that service subdomains resolve correctly. +The script then automatically generates a proxy access token, creates a `proxy.env` configuration file, and starts the proxy container alongside the other services. Point a wildcard DNS record (e.g. `*.proxy.netbird.example.com`) to your server's IP address so that service subdomains resolve correctly. If you skipped the proxy during initial setup, you can add it later by following the [Enable Reverse Proxy migration guide](/selfhosted/migration/enable-reverse-proxy).