Document two approaches for MSPs to access resources inside client
tenant networks: inviting an MSP user via email subaddressing
(recommended) or adding a network and routing peer.
Add use case for running NetBird on Windows Domain Controllers,
recommending a dedicated group with DNS management disabled to
avoid conflicts with Active Directory DNS services.
* Fix reverse proxy docs: add ProxyService gRPC route, fix container commands, support both setups
- add missing /management.ProxyService/ gRPC route to all reverse proxy config templates (traefik, nginx, caddy, NPM) in reverse-proxy.mdx
- change default proxy -> management connection to use direct docker network instead of routing through traefik, avoiding hairpin NAT and missing gRPC route issues
- add "Connecting through Traefik" section for separatevhost deployments
- fix token CLI commands: use /go/bin/ prefix (not on container PATH), add --config flag for combined container
- ratify instructions for enabling reverse proxy both combined (netbird-server) and multi-container (management) setups
* remove unecessary proxy endpoints from reverse proxy templates other than traefik in reverse-proxy.mdx
* - standardize usage of 'docker exec' as opposed to 'docker compose exec + service name' in instructions
- added AuthClientID config instructions
- added traefik grpc rule to configuration file explanation page
- idletimeout for reverse proxy migration is now 0, matching getting-started.sh
* add clarification on grpc ProxyService path for traffic - only required if the proxy service is on a different docker network to traefik
* fix: correct step count in Traefik connection section from two to three
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Jack Carter <128555021+SunsetDrifter@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add Block Inbound Connections documentation to Client settings
Document the previously undocumented "Block Inbound Connections" client
setting (introduced in v0.46.0). Adds a dedicated feature page under
Client > Settings, updates the sidebar navigation, and adds the
--block-inbound flag to the CLI reference.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Move Post-Quantum Cryptography to Client settings and add systray notes
Move the Rosenpass/post-quantum cryptography page from manage/integrations/
to client/ under the new Settings section. Add redirects for the old URL.
Also add systray toggle instructions to both the Quantum-Resistance and
Lazy Connections pages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Rename post-quantum cryptography page and fix hydration error
Drop the "Enable" prefix from the page title and filename for a cleaner
topic name. Update redirects and navigation. Fix hydration mismatch
caused by a <div> (Button component) nested inside a <p> tag.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Change header from H2 to H1 in backup.mdx
With H2 header, the browser tab name was "undefined" instead of the proper name
* Change H2 header to H1 in remove.mdx
With H2 header, the browser tab name was "undefined" instead of the proper name
* Change H2 header to H1 in upgrade.mdx
With H2 header, the browser tab name was "undefined" instead of the proper name
* Promote h3 sub-headings to h2 in upgrade.mdx to fix TOC error
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Jack Carter <128555021+SunsetDrifter@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Remove Network Routes as an alternative for VPN-to-Site rows in the
"Which Scenario Do I Need?" table, directing users to the recommended
Networks feature instead.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Users commonly run services (Pi-hole, Home Assistant, monitoring) on
routing peer machines but have no guidance that a network resource policy
only grants access to the network behind the peer, not the peer itself.
Add notes to Networks, Network Routes, Access Control, and the Zero
Trust guide clarifying that a peer-to-peer access policy is needed.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Reverse Proxy Doc Amendments
- update custom domains page to more closely reflect wording in the UI, added screenshots
- add warning to index page that reverse proxy feature does not currently work with pre-shared keys/rosenpass
* Update navigation order (move reverse proxy below network routes)
* update migration guide to mention the need for TWO cname records (proxy and proxy wildcard)
* Streamlined site-to-site docs in new dedicated section. Removed old use-case guide and added redirects
* restructure use-cases, move network use cases to network sections
* Reorganize network routes and networks documentation structure
- Restructure use cases into by-scenario and by-configuration folders
- Reorganize images to match new doc structure (concepts, by-scenario, by-resource-type)
- Add screenshots for site-to-site guides (home, office, cloud)
- Add policy screenshots for networks use cases
- Update site-to-site docs to use two separate policies instead of bidirectional
- Fix Access Control Groups to use correct destination groups
- Move "Self-Hosted vs Cloud" page to about section
- Update navigation and add redirects for moved pages
- Add CLAUDE.md for Claude Code guidance
* cleaned up network docs/image folder structure
* Align site-to-site use case links and redirects
Co-authored-by: Cursor <cursoragent@cursor.com>
* Update CLAUDE.md with accurate project details
Fix Next.js version (14 → 16), add React 19/Tailwind/Pages Router
details, document MDX page conventions, image paths, and note
absence of test suite.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix broken images and hydration error on networks page
- Restore 6 network index images accidentally deleted in 4116092
- Fix keycloak image filename typo (keycloack -> keycloak)
- Fix hydration mismatch by replacing invalid <p><div> nesting with <div>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix 4 broken internal links found in PR review
- Fix missing by-scenario/ segment in site-to-site-home and
site-to-site-office Tile hrefs (network-routes use-cases index)
- Fix lazy-connections typo to lazy-connection (implement-zero-trust)
- Update stale redirect link to direct path for access-control
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Jack Carter <128555021+SunsetDrifter@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The document has several outdated references to server addresses (e.g. api.wiretrustee.com, signal2.wiretrustee.com) and ports.
I've updated the document with the current addresses and ports according to https://docs.netbird.io/about-netbird/faq
* docs: add Zero Trust implementation guide
* minor text and formatting fixes
* various improvements to the zero trust guide
* Added links to other relevant docs pages
* docs: improve Zero Trust implementation guide
- Add guide to navigation menu
- Rewrite section 5.2 on routing peer traffic direction for clarity
- Add documentation links throughout (Networks, Access Control, DNS,
Control Center, Setup Keys, IdP sync, Traffic Events, Event Streaming)
- Add internal section and appendix cross-references
- Remove "Subject" terminology, replace with "source groups" and
clearer user/peer terminology
- Expand acronyms on first use (IdP, SSO, MFA, SIEM, CIDR, VPC, etc.)
- Add explanations for technical concepts (masquerading, overlay networks,
NAT traversal, protocols, ports)
- Enhance firewall rules section with service explanations and FAQ link
- Improve worked examples with port and protocol context
- Add command-line tool explanations for troubleshooting
- Make guide more accessible for junior network admins and students
* Minor changes and adjustments.
* Add various diagrams
* Add dashboard settings best practices section
* Improve zero trust guide with MDX components, examples, and clarity
- Add Note/Warning MDX components replacing markdown blockquotes
- Add TURN service rules to firewall configuration section
- Add JSON API example for policy creation
- Improve three-tier app diagram with box-drawing characters
- Add Networks vs legacy Network Routes warning for Zero Trust
- Add CIDR posture check limitation note (iOS/Android unsupported)
- Add DNS forwarder port change note (v0.59.0+)
- Add lazy connections feature limitations and version requirements
- Add Users view to Control Center documentation
- Convert verification checklists to Note components
- Fix grammar throughout (serial commas, hyphenation consistency)
- Improve term definitions and service descriptions
* Update zero trust guide to enhance clarity and provide outbound port references
- Replace detailed outbound allowlist rules with links to FAQ and self-hosted guide for port requirements
- Minor adjustments to lazy connections feature description for consistency
---------
Co-authored-by: Brandon Hopkins <76761586+TechHutTV@users.noreply.github.com>
Co-authored-by: Ashley Mensah <ashleyamo982@gmail.com>
