sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 07:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into deploying-netbird-with-intune

Browse Source
This commit is contained in:
Damaso Sanoja
2025-05-14 08:43:07 -04:00
parent 3f266691d5 be0f724c23
commit e8e74e7e85
32 changed files with 532 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
public/docs-static/img/how-to-guides/add-setup-key.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 159 KiB

After

Width:  |  Height:  |  Size: 209 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-01.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 78 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-02.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-03.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 104 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-04.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 155 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-05.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 176 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-06.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-07.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 185 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-08.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 143 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-09.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 170 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-10.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 152 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-11.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 186 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-12.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 206 KiB

BIN
public/docs-static/img/how-to-guides/deploying-netbird-with-intune/intune-13.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 154 KiB

BIN
public/docs-static/img/troubleshooting-client/ui-bundle-success.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 53 KiB

BIN
public/docs-static/img/troubleshooting-client/ui-bundle-wizard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 49 KiB

BIN
public/docs-static/img/troubleshooting-client/ui-settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 116 KiB

31
src/components/GoogleTagManager.jsx Normal file
View File

@@ -0,0 +1,31 @@
import * as React from "react";
import Script from "next/script";
// Google Tag Manager ID
const GTM_ID = "GTM-PGWDPDN3";
export const GoogleTagManagerHeadScript = () => {
return (
<Script id="gtm-script" strategy="afterInteractive">
{`(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','${GTM_ID}');`}
</Script>
);
};
export const GoogleTageManagerBodyScript = () => {
return (
<noscript>
<iframe
title={"Google Tag Manager"}
src={`https://www.googletagmanager.com/ns.html?id=${GTM_ID}`}
height="0"
width="0"
style={{ display: "none", visibility: "hidden" }}
/>
</noscript>
);
};

5
src/pages/_document.jsx
View File

@@ -1,4 +1,5 @@
import { Head, Html, Main, NextScript } from 'next/document'
import {GoogleTageManagerBodyScript, GoogleTagManagerHeadScript} from "@/components/GoogleTagManager";
const modeScript = `
let darkModeMediaQuery = window.matchMedia('(prefers-color-scheme: dark)')
@@ -39,10 +40,12 @@ export default function Document() {
return (
<Html lang="en">
<Head>
<script dangerouslySetInnerHTML={{ __html: modeScript }} />
<GoogleTagManagerHeadScript />
<script dangerouslySetInnerHTML={{ __html: modeScript }} />
<link rel="shortcut icon" href="/docs-static/img/favicon.ico" />
</Head>
<body className="bg-white antialiased dark:bg-zinc-900">
<GoogleTageManagerBodyScript />
<Main />
<NextScript />
</body>

3
src/pages/about-netbird/how-netbird-works.mdx
View File

@@ -113,8 +113,7 @@ It runs in the cloud NetBird-managed and can be self-hosted.
The Relay service is a [TURN server](https://webrtc.org/getting-started/turn-server) in WebRTC terminology.
In fact, we use an open-source implementation called [Coturn](https://github.com/coturn/coturn).
The purpose of this service is to be a "plan B" and relay traffic between peers in case a point-to-point connection isn't possible.
The purpose of this service is to be a "plan B" and relay traffic between peers in case a point-to-point connection isn't possible. However starting with v0.29.0 a new relay based on WebSocket is implemented, moving away from TURN relay (coturn). [More info](https://netbird.io/knowledge-hub/september-newsletter).
<p>
<img src="/docs-static/img/architecture/relay.png" alt="relay-dia" className="imagewrapper-big"/>
</p>

22
src/pages/how-to/add-users-to-your-network.mdx
View File

@@ -60,12 +60,31 @@ button.
See the [Provision Users and Groups From Your Identity Provider](/how-to/idp-sync) section for more details.
## Manage user roles
NetBird has three user roles - `Owner`, `Admin`, and `User`. The roles allow you to control the level of access to the management API of your account.
NetBird has five user roles - `Owner`, `Admin`, `Network Admin`, `Auditor` and `User`. The roles allow you to control the level of access to the management API of your account.
- `Owner` role - has full access to the account and can manage all aspects of the account. There can be only one account owner in NetBird. Users with the owner role can delete their organization account. See the [Delete NetBird account](/how-to/delete-account) section for more.
- `Admin` role - has full access to the account except that administrators can't delete or update the role of the Owner user and delete the organization account.
- `Network Admin` role - has access to manage network configurations, including access policies, DNS settings, networks, and network routes, but they can only view user and device information and general settings.
- `Auditor` role - can read all configurations but not modify any of them.
- `User` role - has limited access to the account, allowing users to view peers they own and others they can connect to. Users can create personal access tokens for programmatic access.
| | Owner | Admin | Network Admin | User | Auditor |
| --: | :--: | :--: | :--: | :--: | :--: |
| Peers | ✅ | ✅ | 📖 | 📖 | 📖 |
| Setup Keys | ✅ | ✅ | 📖 | ❌ | 📖 |
| Access Control | ✅ | ✅ | ✅ | ❌ | 📖 |
| Networks | ✅ | ✅ | ✅ | ❌ | 📖 |
| Network Routes | ✅ | ✅ | ✅ | ❌ | 📖 |
| DNS | ✅ | ✅ | ✅ | ❌ | 📖 |
| Team | ✅ | ✅ | 📖 | ❌ | 📖 |
| Activity | ✅ | ✅ | 📖 | ❌ | 📖 |
| Settings | ✅ | ✅ | 📖 | ❌ | 📖 |
| |
|-:|
|✅ = Full access \| 📖 = Read only \| ❌ = No access|
To manage user roles, proceed to the `Users` tab and click on the user you want to update:
<p>
<img src="/docs-static/img/how-to-guides/user-tab-list.png" alt="high-level-dia" className="imagewrapper-big"/>
@@ -78,6 +97,7 @@ Click the `Save` button to save the changes.
<Note>
Only users with the `Owner` role can assign another user as `Owner`; this action will transfer the `Owner` role to another user, making the current user `Admin`.
</Note>
## Get started
<p float="center" >
<Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button>

9
src/pages/how-to/cli.mdx
View File

@@ -60,6 +60,7 @@ The command will check if the peer is logged in and connect to the management se
--dns-resolver-address string Sets a custom address for NetBird's local DNS resolver. If set, the agent won't attempt to discover the best ip and port to listen on. An empty string "" clears the previous configuration. E.g. --dns-resolver-address 127.0.0.1:5053 or --dns-resolver-address ""
--enable-rosenpass [Experimental] Enable Rosenpass feature. If enabled, the connection will be post-quantum secured via Rosenpass.
--external-ip-map strings Sets external IPs maps between local addresses and interfaces.You can specify a comma-separated list with a single IP and IP/IP or IP/Interface Name. An empty string "" clears the previous configuration. E.g. --external-ip-map 12.34.56.78/10.0.0.1 or --external-ip-map 12.34.56.200,12.34.56.78/10.0.0.1,12.34.56.80/eth1 or --external-ip-map ""
--extra-dns-labels strings Sets DNS labels. You can specify a comma-separated list of up to 32 labels. An empty string "" clears the previous configuration. E.g. --extra-dns-labels vpc1 or --extra-dns-labels vpc1,mgmt1 or --extra-dns-labels ""
-F, --foreground-mode start service in foreground
-h, --help help for up
--interface-name string Wireguard interface name (default "utun100")
@@ -86,6 +87,14 @@ In case you need to use a setup key, use the `--setup-key` flag :
```shell
netbird up --setup-key AAAA-BBB-CCC-DDDDDD
```
You can set extra DNS labels with the `--extra-dns-labels` flag:
```shell
netbird up --setup-key AAAA-BBB-CCC-DDDDDD --extra-dns-labels vpc1,mgmt1
```
<Note>
This feature requires a setup-key with permissions to add peers with the extra labels.
</Note>
Multiple peers with the same extra labels will generate grouped DNS labels on the client side, and this feature can be used for DNS round-robing load balancing.
### login
Command to authenticate the NetBird client to a management service. If the peer is not logged in, by default, it will attempt to initiate an SSO login flow.

47
src/pages/how-to/kubernetes-operator.mdx
View File

@@ -16,13 +16,10 @@ seamlessly access your Kubernetes services and control plane from your NetBird n
- Access to a Kubernetes v1.11.3+ cluster.
- (Recommended) Cert Manager.
### Installation
You have two methods of installing the NetBird Kubernetes operator: using Helm or the install.yaml file.
#### Using Helm
1. Add helm repository.
```shell
helm repo add netbirdio https://netbirdio.github.io/kubernetes-operator
helm repo add netbirdio https://netbirdio.github.io/helms
```
2. (Recommended) Install [cert-manager](https://cert-manager.io/docs/installation/#default-static-install) for k8s API to communicate with the NetBird operator.
```shell
@@ -77,16 +74,6 @@ The configuration or version update of the operator can be done with `helm upgra
helm upgrade --create-namespace -f values.yaml -n netbird netbird-operator netbirdio/kubernetes-operator
```
#### Using install.yaml
<Note>
install.yaml only includes a very basic template for deploying a stripped-down version of Kubernetes-operator.
This option does not include any configurations for ingress capabilities and requires the cert-manager to be installed.
</Note>
```shell
kubectl create namespace netbird
kubectl apply -n netbird -f https://raw.githubusercontent.com/netbirdio/kubernetes-operator/refs/heads/main/manifests/install.yaml
```
## Expose Kubernetes Control Plane to your NetBird Network
To access your Kubernetes control plane from a NetBird network, you can expose your Kubernetes control plane as a
[NetBird resource](/how-to/networks#resources) by enabling the following option in the operator values:
@@ -231,6 +218,38 @@ The operator will create a policy in your management account similar to the one
You can reference multiple policy bases using a comma separated list of policy bases: `netbird.io/policy: "app-users,app-admins"`
### Policy auto-creation
1. Ensure `ingress.allowAutomaticPolicyCreation` is set to true in the Helm chart and apply.
2. Annotate a service with `netbird.io/policy` with the name of the policy as a kubernetes object, for example `netbird.io/policy: default`. This will create an NBPolicy with the name `default-<Service Namespace>-<Service Name>`.
3. Annotate the same service with `netbird.io/policy-source-groups` with a comma-separated list of group names to allow as a source, for example `netbird.io/policy-source-groups: dev`.
4. (Optional) Annotate the service with `netbird.io/policy-name` for a human-friendly name, for example `netbird.io/policy-name: "default:Default policy for kubernetes cluster"`.
Example:
```yaml
apiVersion: v1
kind: Service
metadata:
name: app
annotations:
netbird.io/expose: "true"
netbird.io/groups: "app-access"
netbird.io/policy: "app-users"
netbird.io/policy-source-groups: "dev"
netbird.io/policy-name: "dev:Developers to app"
spec:
selector:
app: app
ports:
- protocol: TCP
port: 8080
targetPort: 80
type: ClusterIP
```
<Note>
If a policy already exists with the name specified in `netbird.io/policy`, the other settings will be ignored in favor of the existing policy.
</Note>
## Accessing Remote Services Using Sidecars
To access services running in different locations from your Kubernetes clusters, you can deploy NetBird sidecars—additional
containers that run alongside your Kubernetes service containers within the same pod.

16
src/pages/how-to/register-machines-using-setup-keys.mdx
View File

@@ -23,14 +23,11 @@ There are 2 types of setup keys:
## Ephemeral peers
Ephemeral peers allows you to add temporary peers to your network and having them automatically removed once they become offline for over 10 minutes.
This is particular useful when you want to run NetBird with Kubernetes pods or autoscaling groups.
You can create a setup key with the ephemeral peers option enabled.
Peers added with this key that later become offline for over 10 minutes will be removed automatically from the NetBird system.
## Allow Extra DNS Labels
This flag allows peers added with the setup key to add additional extra DNS labels to their peers.
This is useful when you want to add more context to your peers and access these peers using a single domain name.
This is useful when you want to add containers or auto scaling instances to your network.
```bash {{ title: 'Starting NetBird Client' }}
## Using setup keys
Setup keys are available in the NetBird Management Dashboard under the `Setup Keys` tab [https://app.netbird.io/setup-keys](https://app.netbird.io/setup-keys).
@@ -53,6 +50,13 @@ You can set expiration when creating a key. When expired, the setup key can't be
By default, every reusable key has unlimited usage.
We recommend limiting the number of times the key can be used, e.g., set it to 30 if you need to enroll only 30 machines.
## Allow Extra DNS labels
You can create a setup key with the `Allow Extra DNS labels` option enabled.
When enabled, peers added using this key will be able to add extra DNS labels and with that other peers in the NetBird network can reach them with these labels.
If you add multiple peers with the same labels, they became part of a DNS round-robin group for the shared label. This is useful to access services running on multiple nodes.
## Peer Auto-grouping

4
src/pages/how-to/routing-traffic-to-multiple-resources.mdx
View File

@@ -4,7 +4,7 @@ Adding routes to resources within on-premises or cloud is a common scenario for
## Example
In the following scenario, we will cover the case where all users have restricted access to internal DNS servers in the internal network, and the DevOps team has full access to the entire network.
The network address is `172.16.0.0/15` and DNS servers has the IPs `172.16.30.2` and `172.17.100.2`.
These IP ranges will routed using [Routing peers](/how-to/networks-concept#routing-peers) running in the network.
These IP ranges will be routed using [Routing peers](/how-to/networks-concept#routing-peers) running in the network.
### Create a Network
To create a Network, navigate to the `Networks` > `Networks` section in the NetBird dashboard:
@@ -108,4 +108,4 @@ With the steps above, we created resources that allow different levels of access
- Make sure to [star us on GitHub](https://github.com/netbirdio/netbird)
- Follow us [on Twitter](https://twitter.com/netbird)
- Join our [Slack Channel](https://join.slack.com/t/netbirdio/shared_invite/zt-31rofwmxc-27akKd0Le0vyRpBcwXkP0g)
- NetBird [latest release](https://github.com/netbirdio/netbird/releases) on GitHub
- NetBird [latest release](https://github.com/netbirdio/netbird/releases) on GitHub

49
src/pages/how-to/troubleshooting-client.mdx
View File

@@ -106,7 +106,54 @@ names. Adding the `-S` flag will add system information like network routes and
netbird debug bundle -AS
```
This will output the path of the generated file, which can be accessed with administrative privileges.
This will output the path of the generated file. The output file is owned by and can only be accessed by the user
NetBird is running as, by default it is: `Administrator` on Windows, `root` on MacOS/Linux or the operating system's
equivalent.
### Debug bundle uploads
<Note>
New in version `0.43.1`.
</Note>
Without local administrative privileges you can still share the debug bundles with us
by using the `-U` / `--upload-bundle` flag.
It will securely upload the debug bundle to our servers for access by the NetBird support team.
```shell
netbird debug bundle -AS -U
```
This will output an `Upload file key`, which is effectively a random filename in our internal storage system
and can be safely shared with us through insecure channels such as GitHub Issues or Slack.
```text
> sudo netbird debug bundle -U
Local file:
/tmp/netbird.debug.2611377582.zip
Upload file key:
1234567890ab27fb37c88b3b4be7011e22aa2e5ca6f38ffa9c4481884941f726/12345678-90ab-cdef-1234-567890abcdef
```
### Debug bundle uploads with GUI
<Note>
New in version `0.43.2`.
</Note>
You can also use the GUI `Settings` > `Create Debug Bundle` wizard to upload the bundle:
<p>
<img src="/docs-static/img/troubleshooting-client/ui-settings.png" alt="service-user-overview" className="imagewrapper-big"/>
</p>
<p>
<img src="/docs-static/img/troubleshooting-client/ui-bundle-wizard.png" alt="service-user-overview" className="imagewrapper-big"/>
</p>
<p>
<img src="/docs-static/img/troubleshooting-client/ui-bundle-success.png" alt="service-user-overview" className="imagewrapper-big"/>
</p>
### Debug for a specific time

40
src/pages/ipa/resources/accounts.mdx
View File

@@ -176,12 +176,17 @@ echo $response;
"Administrators"
],
"routing_peer_dns_resolution_enabled": true,
"dns_domain": "my-organization.org",
"extra": {
"peer_approval_enabled": true,
"network_traffic_logs_enabled": true,
"network_traffic_packet_counter_enabled": true
}
}
},
"domain": "netbird.io",
"domain_category": "private",
"created_at": "2023-05-05T09:00:35.477782Z",
"created_by": "google-oauth2|277474792786460067937"
}
]
```
@@ -202,12 +207,17 @@ echo $response;
"string"
],
"routing_peer_dns_resolution_enabled": "boolean",
"dns_domain": "string",
"extra": {
"peer_approval_enabled": "boolean",
"network_traffic_logs_enabled": "boolean",
"network_traffic_packet_counter_enabled": "boolean"
}
}
},
"domain": "string",
"domain_category": "string",
"created_at": "string",
"created_by": "string"
}
]
```
@@ -455,6 +465,11 @@ echo $response;
Enables or disables DNS resolution on the routing peers
</Property>
<Property name="dns_domain" type="string" required={false}>
Allows to define a custom dns domain for the account
</Property>
<Property name="extra" type="object" required={false}>
@@ -515,6 +530,7 @@ curl -X PUT https://api.netbird.io/api/accounts/{accountId} \
"Administrators"
],
"routing_peer_dns_resolution_enabled": true,
"dns_domain": "my-organization.org",
"extra": {
"peer_approval_enabled": true,
"network_traffic_logs_enabled": true,
@@ -540,6 +556,7 @@ let data = JSON.stringify({
"Administrators"
],
"routing_peer_dns_resolution_enabled": true,
"dns_domain": "my-organization.org",
"extra": {
"peer_approval_enabled": true,
"network_traffic_logs_enabled": true,
@@ -587,6 +604,7 @@ payload = json.dumps({
"Administrators"
],
"routing_peer_dns_resolution_enabled": true,
"dns_domain": "my-organization.org",
"extra": {
"peer_approval_enabled": true,
"network_traffic_logs_enabled": true,
@@ -634,6 +652,7 @@ func main() {
"Administrators"
],
"routing_peer_dns_resolution_enabled": true,
"dns_domain": "my-organization.org",
"extra": {
"peer_approval_enabled": true,
"network_traffic_logs_enabled": true,
@@ -699,6 +718,7 @@ request.body = JSON.dump({
"Administrators"
],
"routing_peer_dns_resolution_enabled": true,
"dns_domain": "my-organization.org",
"extra": {
"peer_approval_enabled": true,
"network_traffic_logs_enabled": true,
@@ -728,6 +748,7 @@ RequestBody body = RequestBody.create(mediaType, '{
"Administrators"
],
"routing_peer_dns_resolution_enabled": true,
"dns_domain": "my-organization.org",
"extra": {
"peer_approval_enabled": true,
"network_traffic_logs_enabled": true,
@@ -773,6 +794,7 @@ curl_setopt_array($curl, array(
"Administrators"
],
"routing_peer_dns_resolution_enabled": true,
"dns_domain": "my-organization.org",
"extra": {
"peer_approval_enabled": true,
"network_traffic_logs_enabled": true,
@@ -813,12 +835,17 @@ echo $response;
"Administrators"
],
"routing_peer_dns_resolution_enabled": true,
"dns_domain": "my-organization.org",
"extra": {
"peer_approval_enabled": true,
"network_traffic_logs_enabled": true,
"network_traffic_packet_counter_enabled": true
}
}
},
"domain": "netbird.io",
"domain_category": "private",
"created_at": "2023-05-05T09:00:35.477782Z",
"created_by": "google-oauth2|277474792786460067937"
}
```
```json {{ title: 'Schema' }}
@@ -837,12 +864,17 @@ echo $response;
"string"
],
"routing_peer_dns_resolution_enabled": "boolean",
"dns_domain": "string",
"extra": {
"peer_approval_enabled": "boolean",
"network_traffic_logs_enabled": "boolean",
"network_traffic_packet_counter_enabled": "boolean"
}
}
},
"domain": "string",
"domain_category": "string",
"created_at": "string",
"created_by": "string"
}
```
</CodeGroup>

242
src/pages/ipa/resources/events.mdx
View File

@@ -216,7 +216,47 @@ echo $response;
<Row>
<Col>
Returns a list of all network traffic events
</Col>
### Query Parameters
<Properties>
<Property name="page" type="integer" required={false}>
Page number
</Property>
<Property name="page_size" type="integer" required={false}>
Number of items per page
</Property>
<Property name="user_id" type="string" required={false}>
Filter by user ID
</Property>
<Property name="protocol" type="integer" required={false}>
Filter by protocol
</Property>
<Property name="type" type="string" required={false}>
Filter by event type
</Property>
<Property name="direction" type="string" required={false}>
Filter by direction
</Property>
<Property name="search" type="string" required={false}>
Filters events with a partial match on user email, source and destination names and source and destination addresses
</Property>
<Property name="start_date" type="string" required={false}>
Start date for filtering events (ISO 8601 format, e.g., 2024-01-01T00:00:00Z).
</Property>
<Property name="end_date" type="string" required={false}>
End date for filtering events (ISO 8601 format, e.g., 2024-01-31T23:59:59Z).
</Property>
</Properties>
</Col>
<Col sticky>
<CodeGroup title="Request" tag="GET" label="/api/events/network-traffic">
@@ -369,102 +409,126 @@ echo $response;
<CodeGroup title="Response">
```json {{ title: 'Example' }}
[
{
"id": "18e204d6-f7c6-405d-8025-70becb216add",
"flow_id": "61092452-b17c-4b14-b7cf-a2158c549826",
"reporter_id": "ch8i4ug6lnn4g9hqv7m0",
"timestamp": "2025-03-20T16:23:58.125397Z",
"receive_timestamp": "2025-03-20T16:23:58.125397Z",
"source": {
"id": "ch8i4ug6lnn4g9hqv7m0",
"type": "PEER",
"name": "My Peer",
"geo_location": {
"city_name": "Berlin",
"country_code": "DE"
{
"data": [
{
"id": "18e204d6-f7c6-405d-8025-70becb216add",
"flow_id": "61092452-b17c-4b14-b7cf-a2158c549826",
"reporter_id": "ch8i4ug6lnn4g9hqv7m0",
"timestamp": "2025-03-20T16:23:58.125397Z",
"receive_timestamp": "2025-03-20T16:23:58.125397Z",
"source": {
"id": "ch8i4ug6lnn4g9hqv7m0",
"type": "PEER",
"name": "My Peer",
"geo_location": {
"city_name": "Berlin",
"country_code": "DE"
},
"os": "Linux",
"address": "100.64.0.10:51820",
"dns_label": "*.mydomain.com"
},
"os": "Linux",
"address": "100.64.0.10:51820",
"dns_label": "*.mydomain.com"
},
"user_id": "google-oauth2|123456789012345678901",
"user_email": "alice@netbird.io",
"user_name": "Alice Smith",
"destination": {
"id": "ch8i4ug6lnn4g9hqv7m0",
"type": "PEER",
"name": "My Peer",
"geo_location": {
"city_name": "Berlin",
"country_code": "DE"
"user_id": "google-oauth2|123456789012345678901",
"user_email": "alice@netbird.io",
"user_name": "Alice Smith",
"destination": {
"id": "ch8i4ug6lnn4g9hqv7m0",
"type": "PEER",
"name": "My Peer",
"geo_location": {
"city_name": "Berlin",
"country_code": "DE"
},
"os": "Linux",
"address": "100.64.0.10:51820",
"dns_label": "*.mydomain.com"
},
"os": "Linux",
"address": "100.64.0.10:51820",
"dns_label": "*.mydomain.com"
},
"protocol": 6,
"type": "TYPE_START",
"direction": "INGRESS",
"rx_bytes": 1234,
"rx_packets": 5,
"tx_bytes": 1234,
"tx_packets": 5,
"policy_id": "ch8i4ug6lnn4g9hqv7m0",
"policy_name": "All to All",
"icmp_type": 8,
"icmp_code": 0
"protocol": 6,
"type": "TYPE_START",
"direction": "INGRESS",
"rx_bytes": 1234,
"rx_packets": 5,
"tx_bytes": 1234,
"tx_packets": 5,
"policy_id": "ch8i4ug6lnn4g9hqv7m0",
"policy_name": "All to All",
"icmp_type": 8,
"icmp_code": 0
}
],
"page": {
"type": "integer",
"description": "Current page number"
},
"page_size": {
"type": "integer",
"description": "Number of items per page"
},
"total_records": {
"type": "integer",
"description": "Total number of event records available"
},
"total_pages": {
"type": "integer",
"description": "Total number of pages available"
}
]
}
```
```json {{ title: 'Schema' }}
[
{
"id": "string",
"flow_id": "string",
"reporter_id": "string",
"timestamp": "string",
"receive_timestamp": "string",
"source": {
{
"data": [
{
"id": "string",
"type": "string",
"name": "string",
"geo_location": {
"city_name": "string",
"country_code": "string"
"flow_id": "string",
"reporter_id": "string",
"timestamp": "string",
"receive_timestamp": "string",
"source": {
"id": "string",
"type": "string",
"name": "string",
"geo_location": {
"city_name": "string",
"country_code": "string"
},
"os": "string",
"address": "string",
"dns_label": "string"
},
"os": "string",
"address": "string",
"dns_label": "string"
},
"user_id": "string",
"user_email": "string",
"user_name": "string",
"destination": {
"id": "string",
"type": "string",
"name": "string",
"geo_location": {
"city_name": "string",
"country_code": "string"
"user_id": "string",
"user_email": "string",
"user_name": "string",
"destination": {
"id": "string",
"type": "string",
"name": "string",
"geo_location": {
"city_name": "string",
"country_code": "string"
},
"os": "string",
"address": "string",
"dns_label": "string"
},
"os": "string",
"address": "string",
"dns_label": "string"
},
"protocol": "integer",
"type": "string",
"direction": "string",
"rx_bytes": "integer",
"rx_packets": "integer",
"tx_bytes": "integer",
"tx_packets": "integer",
"policy_id": "string",
"policy_name": "string",
"icmp_type": "integer",
"icmp_code": "integer"
}
]
"protocol": "integer",
"type": "string",
"direction": "string",
"rx_bytes": "integer",
"rx_packets": "integer",
"tx_bytes": "integer",
"tx_packets": "integer",
"policy_id": "string",
"policy_name": "string",
"icmp_type": "integer",
"icmp_code": "integer"
}
],
"page": "integer",
"page_size": "integer",
"total_records": "integer",
"total_pages": "integer"
}
```
</CodeGroup>

176
src/pages/ipa/resources/users.mdx
View File

@@ -184,7 +184,24 @@ echo $response;
"is_blocked": false,
"issued": "api",
"permissions": {
"dashboard_view": "limited"
"is_restricted": {
"type": "boolean",
"description": "Indicates whether this User's Peers view is restricted"
},
"modules": {
"networks": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"peers": {
"read": false,
"create": false,
"update": false,
"delete": false
}
}
}
}
]
@@ -206,7 +223,30 @@ echo $response;
"is_blocked": "boolean",
"issued": "string",
"permissions": {
"dashboard_view": "string"
"is_restricted": "boolean",
"modules": {
"type": "object",
"additionalProperties": {
"type": "object",
"additionalProperties": "boolean",
"propertyNames": "string"
},
"propertyNames": "string",
"example": {
"networks": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"peers": {
"read": false,
"create": false,
"update": false,
"delete": false
}
}
}
}
}
]
@@ -493,7 +533,24 @@ echo $response;
"is_blocked": false,
"issued": "api",
"permissions": {
"dashboard_view": "limited"
"is_restricted": {
"type": "boolean",
"description": "Indicates whether this User's Peers view is restricted"
},
"modules": {
"networks": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"peers": {
"read": false,
"create": false,
"update": false,
"delete": false
}
}
}
}
```
@@ -513,7 +570,30 @@ echo $response;
"is_blocked": "boolean",
"issued": "string",
"permissions": {
"dashboard_view": "string"
"is_restricted": "boolean",
"modules": {
"type": "object",
"additionalProperties": {
"type": "object",
"additionalProperties": "boolean",
"propertyNames": "string"
},
"propertyNames": "string",
"example": {
"networks": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"peers": {
"read": false,
"create": false,
"update": false,
"delete": false
}
}
}
}
}
```
@@ -783,7 +863,24 @@ echo $response;
"is_blocked": false,
"issued": "api",
"permissions": {
"dashboard_view": "limited"
"is_restricted": {
"type": "boolean",
"description": "Indicates whether this User's Peers view is restricted"
},
"modules": {
"networks": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"peers": {
"read": false,
"create": false,
"update": false,
"delete": false
}
}
}
}
```
@@ -803,7 +900,30 @@ echo $response;
"is_blocked": "boolean",
"issued": "string",
"permissions": {
"dashboard_view": "string"
"is_restricted": "boolean",
"modules": {
"type": "object",
"additionalProperties": {
"type": "object",
"additionalProperties": "boolean",
"propertyNames": "string"
},
"propertyNames": "string",
"example": {
"networks": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"peers": {
"read": false,
"create": false,
"update": false,
"delete": false
}
}
}
}
}
```
@@ -1317,7 +1437,24 @@ echo $response;
"is_blocked": false,
"issued": "api",
"permissions": {
"dashboard_view": "limited"
"is_restricted": {
"type": "boolean",
"description": "Indicates whether this User's Peers view is restricted"
},
"modules": {
"networks": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"peers": {
"read": false,
"create": false,
"update": false,
"delete": false
}
}
}
}
```
@@ -1337,7 +1474,30 @@ echo $response;
"is_blocked": "boolean",
"issued": "string",
"permissions": {
"dashboard_view": "string"
"is_restricted": "boolean",
"modules": {
"type": "object",
"additionalProperties": {
"type": "object",
"additionalProperties": "boolean",
"propertyNames": "string"
},
"propertyNames": "string",
"example": {
"networks": {
"read": true,
"create": false,
"update": false,
"delete": false
},
"peers": {
"read": false,
"create": false,
"update": false,
"delete": false
}
}
}
}
}
```

17
src/pages/selfhosted/identity-providers.mdx
View File

@@ -536,17 +536,28 @@ In this step, we will add `Netbird` service account to `authentik Admins` group.
</p>
#### Step 5: Create a authentication flow for device token authentication
Navigate to Authentik admin interface > Flows & Stages > Flows > Create
- Navigate to authentik admin interface
- Click `Flows and Stages` on the left menu, then click `Flows` then `Create`
- Fill in the form with the following values and click `Create`
- Name: `default-device-code-flow`
- Title: `Device Code Flow`
- Designation: `Stage Configuration`
- Authentication: `Require authentication`
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-new-device-flow.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
- Navigate to authentik admin interface
- Click `System` on the left menu, then click `Brands`
- Click on the edit button of domain `authentik-default`
- Under Default flows set Device code flow to `default-device-code-flow`
- Click `Update`
Then go to: System > Brands > Edit used default > Default Flows > set **Device code flow** to newly created device flow
<p>
<img src="/docs-static/img/integrations/identity-providers/self-hosted/authentik-brand-device-flow.png" alt="high-level-dia" className="imagewrapper-big"/>
</p>
Press `Update`
Your authority OIDC configuration will be available under:

6
src/pages/selfhosted/postgres-store.mdx
View File

@@ -1,9 +1,5 @@
# Management Postgresql store
<Note>
This feature provides experimental support for using Postgres as the storage engine. Please use with caution and ensure proper testing in your environment.
</Note>
## Using Postgres for fresh installations
As of version 0.26.0, the default configuration for fresh installations is SQLite storage.
@@ -198,4 +194,4 @@ docker compose logs management
You should see an entry similar to:
```
2024-05-10T15:09:34Z INFO management/server/store.go:109: using SQLite file store engine
```
```

1
src/pages/selfhosted/selfhosted-guide.mdx
View File

@@ -22,6 +22,7 @@ NetBird with custom IdPs.
- Virtual machine offered by any cloud provider (e.g., AWS, DigitalOcean, Hetzner, Google Cloud, Azure ...).
- Any Linux OS.
- Docker Compose installed (see [Install Docker Compose](https://docs.docker.com/compose/install/)).
- [jq](https://jqlang.github.io/jq/) installed. In most distributions usually available in the official repositories and can be installed with `sudo apt install jq` or `sudo yum install jq`
- Domain name pointing to the public IP address of your server.
- Open TCP ports ```80, 443, 33073, 10000, 33080``` (Dashboard HTTP & HTTPS, Management gRPC & HTTP APIs, Signal gRPC API, Relay respectively) on your server.
- Coturn is used for relay using the STUN/TURN protocols. It requires a listening port, `UDP 3478`, and range of ports, `UDP 49152-65535`, for dynamic relay connections. These are set as defaults in setup file, but can be configured to your requirements.