Document the issue where Windows DNS Server claims UDP port 51820,
preventing WireGuard from starting on Domain Controllers. Covers
symptoms, diagnosis steps, and the dnscmd fix.
* Update reverse proxy documentation for domain and DNS record changes
* Clarify reverse proxy domain description in migration guide
* Update domain requirement clarification in migration guide
Clarified the domain requirement for the proxy + added missing charactr afer example domain
---------
Co-authored-by: shuuri-labs <61762328+shuuri-labs@users.noreply.github.com>
* Add backend service configuration guide for reverse proxy trusted proxies
Many self-hosted services (Jellyfin, Home Assistant, Nextcloud, Plex)
require a "trusted proxies" or "known hosts" setting when behind a
reverse proxy. With NetBird, the proxy's IP is a dynamic NetBird IP
from 100.64.0.0/10 that can change on restart, so hardcoding it breaks.
This adds a new doc page with the recommended solution (trust the full
CGNAT range), per-service config examples, Docker bridge network
guidance, and a warning on the reverse proxy overview page.
* Update service-configuration.mdx and move/add images
* Fixing typos
---------
Co-authored-by: Brandon Hopkins <brandon@techhut.tv>
* Escape MDX-specific characters in API templates and refine NavigationAPI links
* Update API pages with v0.66.0
---------
Co-authored-by: netbirddev <dev@netbird.io>
- Create Internal DNS Servers page consolidating nameserver configuration,
private DNS routing, and Active Directory guidance
- Trim DNS Overview, DNS Settings removing duplicated and filler content
- Merge Configuring Nameservers page into Internal DNS Servers
- Replace Quickstart and Configuring Nameservers pages with redirects
- Update navigation sidebar and all internal links
Document two approaches for MSPs to access resources inside client
tenant networks: inviting an MSP user via email subaddressing
(recommended) or adding a network and routing peer.
Add use case for running NetBird on Windows Domain Controllers,
recommending a dedicated group with DNS management disabled to
avoid conflicts with Active Directory DNS services.
* Fix reverse proxy docs: add ProxyService gRPC route, fix container commands, support both setups
- add missing /management.ProxyService/ gRPC route to all reverse proxy config templates (traefik, nginx, caddy, NPM) in reverse-proxy.mdx
- change default proxy -> management connection to use direct docker network instead of routing through traefik, avoiding hairpin NAT and missing gRPC route issues
- add "Connecting through Traefik" section for separatevhost deployments
- fix token CLI commands: use /go/bin/ prefix (not on container PATH), add --config flag for combined container
- ratify instructions for enabling reverse proxy both combined (netbird-server) and multi-container (management) setups
* remove unecessary proxy endpoints from reverse proxy templates other than traefik in reverse-proxy.mdx
* - standardize usage of 'docker exec' as opposed to 'docker compose exec + service name' in instructions
- added AuthClientID config instructions
- added traefik grpc rule to configuration file explanation page
- idletimeout for reverse proxy migration is now 0, matching getting-started.sh
* add clarification on grpc ProxyService path for traffic - only required if the proxy service is on a different docker network to traefik
* fix: correct step count in Traefik connection section from two to three
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Jack Carter <128555021+SunsetDrifter@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add Block Inbound Connections documentation to Client settings
Document the previously undocumented "Block Inbound Connections" client
setting (introduced in v0.46.0). Adds a dedicated feature page under
Client > Settings, updates the sidebar navigation, and adds the
--block-inbound flag to the CLI reference.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Move Post-Quantum Cryptography to Client settings and add systray notes
Move the Rosenpass/post-quantum cryptography page from manage/integrations/
to client/ under the new Settings section. Add redirects for the old URL.
Also add systray toggle instructions to both the Quantum-Resistance and
Lazy Connections pages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Rename post-quantum cryptography page and fix hydration error
Drop the "Enable" prefix from the page title and filename for a cleaner
topic name. Update redirects and navigation. Fix hydration mismatch
caused by a <div> (Button component) nested inside a <p> tag.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Change header from H2 to H1 in backup.mdx
With H2 header, the browser tab name was "undefined" instead of the proper name
* Change H2 header to H1 in remove.mdx
With H2 header, the browser tab name was "undefined" instead of the proper name
* Change H2 header to H1 in upgrade.mdx
With H2 header, the browser tab name was "undefined" instead of the proper name
* Promote h3 sub-headings to h2 in upgrade.mdx to fix TOC error
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Jack Carter <128555021+SunsetDrifter@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Remove Network Routes as an alternative for VPN-to-Site rows in the
"Which Scenario Do I Need?" table, directing users to the recommended
Networks feature instead.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
