Add documentation for enabling the NetBird enterprise application in
Microsoft Entra ID, including finding the app by Application ID and
granting admin consent for the directory.
Document the issue where Windows DNS Server claims UDP port 51820,
preventing WireGuard from starting on Domain Controllers. Covers
symptoms, diagnosis steps, and the dnscmd fix.
* Update reverse proxy documentation for domain and DNS record changes
* Clarify reverse proxy domain description in migration guide
* Update domain requirement clarification in migration guide
Clarified the domain requirement for the proxy + added missing charactr afer example domain
---------
Co-authored-by: shuuri-labs <61762328+shuuri-labs@users.noreply.github.com>
* Add backend service configuration guide for reverse proxy trusted proxies
Many self-hosted services (Jellyfin, Home Assistant, Nextcloud, Plex)
require a "trusted proxies" or "known hosts" setting when behind a
reverse proxy. With NetBird, the proxy's IP is a dynamic NetBird IP
from 100.64.0.0/10 that can change on restart, so hardcoding it breaks.
This adds a new doc page with the recommended solution (trust the full
CGNAT range), per-service config examples, Docker bridge network
guidance, and a warning on the reverse proxy overview page.
* Update service-configuration.mdx and move/add images
* Fixing typos
---------
Co-authored-by: Brandon Hopkins <brandon@techhut.tv>
* Escape MDX-specific characters in API templates and refine NavigationAPI links
* Update API pages with v0.66.0
---------
Co-authored-by: netbirddev <dev@netbird.io>
- Create Internal DNS Servers page consolidating nameserver configuration,
private DNS routing, and Active Directory guidance
- Trim DNS Overview, DNS Settings removing duplicated and filler content
- Merge Configuring Nameservers page into Internal DNS Servers
- Replace Quickstart and Configuring Nameservers pages with redirects
- Update navigation sidebar and all internal links
Document two approaches for MSPs to access resources inside client
tenant networks: inviting an MSP user via email subaddressing
(recommended) or adding a network and routing peer.
Add use case for running NetBird on Windows Domain Controllers,
recommending a dedicated group with DNS management disabled to
avoid conflicts with Active Directory DNS services.
* Fix reverse proxy docs: add ProxyService gRPC route, fix container commands, support both setups
- add missing /management.ProxyService/ gRPC route to all reverse proxy config templates (traefik, nginx, caddy, NPM) in reverse-proxy.mdx
- change default proxy -> management connection to use direct docker network instead of routing through traefik, avoiding hairpin NAT and missing gRPC route issues
- add "Connecting through Traefik" section for separatevhost deployments
- fix token CLI commands: use /go/bin/ prefix (not on container PATH), add --config flag for combined container
- ratify instructions for enabling reverse proxy both combined (netbird-server) and multi-container (management) setups
* remove unecessary proxy endpoints from reverse proxy templates other than traefik in reverse-proxy.mdx
* - standardize usage of 'docker exec' as opposed to 'docker compose exec + service name' in instructions
- added AuthClientID config instructions
- added traefik grpc rule to configuration file explanation page
- idletimeout for reverse proxy migration is now 0, matching getting-started.sh
* add clarification on grpc ProxyService path for traffic - only required if the proxy service is on a different docker network to traefik
* fix: correct step count in Traefik connection section from two to three
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Jack Carter <128555021+SunsetDrifter@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add Block Inbound Connections documentation to Client settings
Document the previously undocumented "Block Inbound Connections" client
setting (introduced in v0.46.0). Adds a dedicated feature page under
Client > Settings, updates the sidebar navigation, and adds the
--block-inbound flag to the CLI reference.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Move Post-Quantum Cryptography to Client settings and add systray notes
Move the Rosenpass/post-quantum cryptography page from manage/integrations/
to client/ under the new Settings section. Add redirects for the old URL.
Also add systray toggle instructions to both the Quantum-Resistance and
Lazy Connections pages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Rename post-quantum cryptography page and fix hydration error
Drop the "Enable" prefix from the page title and filename for a cleaner
topic name. Update redirects and navigation. Fix hydration mismatch
caused by a <div> (Button component) nested inside a <p> tag.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
