use embedded netbird agent for tunneling

2026-04-19 00:36:38 +00:00 · 2026-01-15 17:03:27 +01:00
parent ed5f98da5b
commit 7527e0ebdb
10 changed files with 116 additions and 186 deletions
--- a/proxy/pkg/proxy/config.go
+++ b/proxy/pkg/proxy/config.go
@@ -10,7 +10,7 @@ import (

 	"github.com/caarlos0/env/v11"

-	"github.com/netbirdio/netbird/proxy/internal/auth/oidc"
+	"github.com/netbirdio/netbird/proxy/internal/reverseproxy"
 )

 var (
@@ -48,9 +48,6 @@ func (d Duration) ToDuration() time.Duration {

 // Config holds the configuration for the reverse proxy server
 type Config struct {
-	// ListenAddress is the address the proxy server will listen on (e.g., ":443" or "0.0.0.0:443")
-	ListenAddress string `env:"NB_PROXY_LISTEN_ADDRESS" envDefault:":443" json:"listen_address"`
-
 	// ReadTimeout is the maximum duration for reading the entire request, including the body
 	ReadTimeout time.Duration `env:"NB_PROXY_READ_TIMEOUT" envDefault:"30s" json:"read_timeout"`

@@ -76,20 +73,7 @@ type Config struct {
 	EnableGRPC bool `env:"NB_PROXY_ENABLE_GRPC" envDefault:"false" json:"enable_grpc"`

 	// Reverse Proxy Configuration
-	// HTTPListenAddress is the address for HTTP (default ":80")
-	HTTPListenAddress string `json:"http_listen_address"`
-
-	// EnableHTTPS enables automatic HTTPS with Let's Encrypt
-	EnableHTTPS bool `json:"enable_https"`
-
-	// TLSEmail is the email for Let's Encrypt registration
-	TLSEmail string `json:"tls_email"`
-
-	// CertCacheDir is the directory to cache certificates (default "./certs")
-	CertCacheDir string `json:"cert_cache_dir"`
-
-	// OIDCConfig is the global OIDC/OAuth configuration for authentication
-	OIDCConfig *oidc.Config `json:"oidc_config,omitempty"`
+	ReverseProxy reverseproxy.Config `json:"reverse_proxy"`
 }

 // ParseAndLoad parses configuration from environment variables
@@ -138,11 +122,11 @@ func LoadFromFileOrEnv(configPath string) (Config, error) {
 			return Config{}, fmt.Errorf("failed to load config from file: %w", err)
 		}
 		cfg = fileCfg
-	}
-
-	// Parse environment variables (will override file config with any set env vars)
-	if err := env.Parse(&cfg); err != nil {
-		return Config{}, fmt.Errorf("%w: %s", ErrFailedToParseConfig, err)
+	} else {
+		// Parse environment variables (will override file config with any set env vars)
+		if err := env.Parse(&cfg); err != nil {
+			return Config{}, fmt.Errorf("%w: %s", ErrFailedToParseConfig, err)
+		}
 	}

 	if err := cfg.Validate(); err != nil {
@@ -228,10 +212,6 @@ func (c *Config) UnmarshalJSON(data []byte) error {

 // Validate checks if the configuration is valid
 func (c *Config) Validate() error {
-	if c.ListenAddress == "" {
-		return errors.New("listen_address is required")
-	}
-
 	validLogLevels := map[string]bool{
 		"debug": true,
 		"info":  true,
--- a/proxy/pkg/proxy/server.go
+++ b/proxy/pkg/proxy/server.go
@@ -86,33 +86,24 @@ func NewServer(config Config) (*Server, error) {
 		exposedServices: make(map[string]*ExposedServiceConfig),
 	}

-	// Set defaults for reverse proxy config if not provided
-	httpListenAddr := config.HTTPListenAddress
-	if httpListenAddr == "" {
-		httpListenAddr = ":54321" // Use port 54321 for local testing
+	// Create reverse proxy using embedded config
+	proxy, err := reverseproxy.New(config.ReverseProxy)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create reverse proxy: %w", err)
 	}

-	// Create reverse proxy with request callback
-	proxyConfig := reverseproxy.Config{
-		HTTPListenAddress: httpListenAddr,
-		EnableHTTPS:       config.EnableHTTPS,
-		TLSEmail:          config.TLSEmail,
-		CertCacheDir:      config.CertCacheDir,
-		RequestDataCallback: func(data reverseproxy.RequestData) {
-			log.WithFields(log.Fields{
-				"service_id":    data.ServiceID,
-				"host":          data.Host,
-				"method":        data.Method,
-				"path":          data.Path,
-				"response_code": data.ResponseCode,
-				"duration_ms":   data.DurationMs,
-				"source_ip":     data.SourceIP,
-			}).Info("Access log received")
-		},
-		// Use global OIDC configuration from config
-		OIDCConfig: config.OIDCConfig,
-	}
-	proxy, err := reverseproxy.New(proxyConfig)
+	// Set request data callback
+	proxy.SetRequestCallback(func(data reverseproxy.RequestData) {
+		log.WithFields(log.Fields{
+			"service_id":    data.ServiceID,
+			"host":          data.Host,
+			"method":        data.Method,
+			"path":          data.Path,
+			"response_code": data.ResponseCode,
+			"duration_ms":   data.DurationMs,
+			"source_ip":     data.SourceIP,
+		}).Info("Access log received")
+	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to create reverse proxy: %w", err)
 	}
@@ -140,7 +131,7 @@ func (s *Server) Start() error {
 	s.isRunning = true
 	s.mu.Unlock()

-	log.Infof("Starting proxy reverse proxy server on %s", s.config.ListenAddress)
+	log.Infof("Starting proxy reverse proxy server on %s", s.config.ReverseProxy.ListenAddress)

 	// Start reverse proxy
 	if err := s.proxy.Start(); err != nil {
@@ -185,9 +176,9 @@ func (s *Server) Start() error {
 		&reverseproxy.RouteConfig{
 			ID:           "test",
 			Domain:       "test.netbird.io",
-			PathMappings: map[string]string{"/": "localhost:8080"},
-			Conn:         reverseproxy.NewDefaultConn(),
+			PathMappings: map[string]string{"/": "localhost:8181"},
 			AuthConfig:   testAuthConfig,
+			SetupKey:     "setup-key",
 		}); err != nil {
 		log.Warn("Failed to add test route: ", err)
 	}