Merge remote-tracking branch 'origin/prototype/reverse-proxy' into prototype/reverse-proxy

# Conflicts: # management/internals/modules/reverseproxy/reverseproxy.go # management/internals/server/boot.go # management/internals/shared/grpc/proxy.go # proxy/internal/auth/middleware.go # shared/management/proto/proxy_service.pb.go # shared/management/proto/proxy_service.proto # shared/management/proto/proxy_service_grpc.pb.go
2026-04-19 00:36:38 +00:00 · 2026-02-04 11:56:04 +00:00
parent 562923c600 ca33849f31
commit 28f3354ffa
81 changed files with 8413 additions and 458 deletions
--- a/proxy/README.md
+++ b/proxy/README.md
@@ -40,6 +40,25 @@ Certificate generation can either be via ACME (by default, using Let's Encrypt,
 When not using ACME, the proxy server attempts to load a certificate and key from the files `tls.crt` and `tls.key` in a specified certificate directory.
 When using ACME, the proxy server will store generated certificates in the specified certificate directory.

+
+## Auth UI
+
+The authentication UI is a Vite + React application located in the `web/` directory. It is embedded into the Go binary at build time.
+
+To build the UI:
+```bash
+cd web
+npm install
+npm run build
+```
+
+For UI development with hot reload (served at http://localhost:3031):
+```bash
+npm run dev
+```
+
+The built assets in `web/dist/` are embedded via `//go:embed` and served by the `web.ServeHTTP` handler.
+
 ## Configuration

 NetBird Proxy deployment configuration is via flags or environment variables, with flags taking precedence over the environment.