sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-18 00:06:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

[misc] add extra proxy domain instructions (#5328)

Browse Source 
improve proxy domain instructions
expose wireguard port
This commit is contained in:
Maycon Santos
2026-02-15 12:51:46 +01:00
committed by GitHub
parent 68c481fa44
commit cb9b39b950
1 changed files with 23 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
infrastructure_files/getting-started.sh
View File

@@ -183,14 +183,14 @@ read_enable_proxy() {
} }
read_proxy_domain() { read_proxy_domain() {
local suggested_proxy="proxy.${NETBIRD_DOMAIN}" local suggested_proxy="proxy.${BASE_DOMAIN}"
echo "" > /dev/stderr echo "" > /dev/stderr
echo "NOTE: The proxy domain must be different from the management domain ($NETBIRD_DOMAIN)" > /dev/stderr echo "NOTE: The proxy domain must be different from the management domain ($NETBIRD_DOMAIN)" > /dev/stderr
echo "to avoid TLS certificate conflicts." > /dev/stderr echo "to avoid TLS certificate conflicts." > /dev/stderr
echo "" > /dev/stderr echo "" > /dev/stderr
echo "You also need to add a wildcard DNS record for the proxy domain," > /dev/stderr echo "You also need to add a wildcard DNS record for the proxy domain," > /dev/stderr
echo "e.g. *.${suggested_proxy} pointing to the same server IP as $NETBIRD_DOMAIN." > /dev/stderr echo "e.g. *.${suggested_proxy} pointing to the same server domain as $NETBIRD_DOMAIN with a CNAME record." > /dev/stderr
echo "" > /dev/stderr echo "" > /dev/stderr
echo -n "Enter the domain for the NetBird Proxy (e.g. ${suggested_proxy}): " > /dev/stderr echo -n "Enter the domain for the NetBird Proxy (e.g. ${suggested_proxy}): " > /dev/stderr
read -r READ_PROXY_DOMAIN < /dev/tty read -r READ_PROXY_DOMAIN < /dev/tty
@@ -202,13 +202,16 @@ read_proxy_domain() {
fi fi
if [[ "$READ_PROXY_DOMAIN" == "$NETBIRD_DOMAIN" ]]; then if [[ "$READ_PROXY_DOMAIN" == "$NETBIRD_DOMAIN" ]]; then
echo "The proxy domain cannot be the same as the management domain ($NETBIRD_DOMAIN)." > /dev/stderr echo "" > /dev/stderr
echo "WARNING: The proxy domain cannot be the same as the management domain ($NETBIRD_DOMAIN)." > /dev/stderr
read_proxy_domain read_proxy_domain
return return
fi fi
if [[ "$READ_PROXY_DOMAIN" == *".${NETBIRD_DOMAIN}" ]]; then echo ${READ_PROXY_DOMAIN} | grep ${NETBIRD_DOMAIN} > /dev/null
echo "The proxy domain cannot be a subdomain of the management domain ($NETBIRD_DOMAIN)." > /dev/stderr if [[ $? -eq 0 ]]; then
echo "" > /dev/stderr
echo "WARNING: The proxy domain cannot be a subdomain of the management domain ($NETBIRD_DOMAIN)." > /dev/stderr
read_proxy_domain read_proxy_domain
return return
fi fi
@@ -340,10 +343,12 @@ configure_domain() {
if [[ "$NETBIRD_DOMAIN" == "use-ip" ]]; then if [[ "$NETBIRD_DOMAIN" == "use-ip" ]]; then
NETBIRD_DOMAIN=$(get_main_ip_address) NETBIRD_DOMAIN=$(get_main_ip_address)
BASE_DOMAIN=$NETBIRD_DOMAIN
else else
NETBIRD_PORT=443 NETBIRD_PORT=443
NETBIRD_HTTP_PROTOCOL="https" NETBIRD_HTTP_PROTOCOL="https"
NETBIRD_RELAY_PROTO="rels" NETBIRD_RELAY_PROTO="rels"
BASE_DOMAIN=$(echo $NETBIRD_DOMAIN | sed -E 's/^[^.]+\.//')
fi fi
return 0 return 0
} }
@@ -566,6 +571,8 @@ render_docker_compose_traefik_builtin() {
# Hairpin NAT fix: route domain back to traefik's static IP within Docker # Hairpin NAT fix: route domain back to traefik's static IP within Docker
extra_hosts: extra_hosts:
- \"$NETBIRD_DOMAIN:172.30.0.10\" - \"$NETBIRD_DOMAIN:172.30.0.10\"
ports:
- 51820:51820/udp
restart: unless-stopped restart: unless-stopped
networks: [netbird] networks: [netbird]
depends_on: depends_on:
@@ -1150,23 +1157,29 @@ print_builtin_traefik_instructions() {
echo " NETBIRD SETUP COMPLETE" echo " NETBIRD SETUP COMPLETE"
echo "$MSG_SEPARATOR" echo "$MSG_SEPARATOR"
echo "" echo ""
echo "You can access the NetBird dashboard at $NETBIRD_HTTP_PROTOCOL://$NETBIRD_DOMAIN" echo "You can access the NetBird dashboard at:"
echo " $NETBIRD_HTTP_PROTOCOL://$NETBIRD_DOMAIN"
echo ""
echo "Follow the onboarding steps to set up your NetBird instance." echo "Follow the onboarding steps to set up your NetBird instance."
echo "" echo ""
echo "Traefik is handling TLS certificates automatically via Let's Encrypt." echo "Traefik is handling TLS certificates automatically via Let's Encrypt."
echo "If you see certificate warnings, wait a moment for certificate issuance to complete." echo "If you see certificate warnings, wait a moment for certificate issuance to complete."
echo "" echo ""
echo "Open ports:" echo "Open ports:"
echo " - 443/tcp (HTTPS - all NetBird services)" echo " - 443/tcp (HTTPS - all NetBird services)"
echo " - 80/tcp (HTTP - redirects to HTTPS)" echo " - 80/tcp (HTTP - redirects to HTTPS)"
echo " - $NETBIRD_STUN_PORT/udp (STUN - required for NAT traversal)" echo " - $NETBIRD_STUN_PORT/udp (STUN - required for NAT traversal)"
if [[ "$ENABLE_PROXY" == "true" ]]; then if [[ "$ENABLE_PROXY" == "true" ]]; then
echo " - 51820/udp (WIREGUARD - (optional) for P2P proxy connections)"
echo "" echo ""
echo "NetBird Proxy:" echo "NetBird Proxy:"
echo " The proxy service is enabled and running." echo " The proxy service is enabled and running."
echo " Any domain NOT matching $NETBIRD_DOMAIN will be passed through to the proxy." echo " Any domain NOT matching $NETBIRD_DOMAIN will be passed through to the proxy."
echo " The proxy handles its own TLS certificates via ACME TLS-ALPN-01 challenge." echo " The proxy handles its own TLS certificates via ACME TLS-ALPN-01 challenge."
echo " Point your proxy domains (CNAMEs) to this server's IP address." echo " Point your proxy domain to this server's domain address like in the example below:"
echo ""
echo " *.$PROXY_DOMAIN CNAME $NETBIRD_DOMAIN"
echo ""
fi fi
return 0 return 0
} }