BurgerGames/NetBirdMSP-Appliance
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove HTTP fallback that broke HTTPS deployments

Browse Source 
The HTTP fallback (Step 9b) would rewrite all configs to HTTP when SSL
cert creation failed, but if the user then manually set up SSL in NPM
the dashboard would fail with "Unauthenticated" due to mixed content
(HTTPS page loading HTTP OAuth endpoints). Now keeps HTTPS configs and
logs a warning instead, so manual SSL setup works correctly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sascha Lustenberger
2026-02-08 22:08:08 +01:00
parent 52e1d251b7
commit 6c33753ada
1 changed files with 6 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
app/services/netbird_service.py
View File

@@ -313,34 +313,15 @@ async def deploy_customer(db: Session, customer_id: int) -> dict[str, Any]:
f"NPM UDP stream created: port {allocated_port} -> {forward_host}:{allocated_port}", f"NPM UDP stream created: port {allocated_port} -> {forward_host}:{allocated_port}",
) )
# Step 9b: If SSL failed, fall back to HTTP so the dashboard works # Note: Keep HTTPS configs even if SSL cert creation failed.
# SSL can be set up manually in NPM later. Switching to HTTP
# would break the dashboard when the user accesses via HTTPS.
ssl_ok = npm_result.get("ssl", False) if not npm_result.get("error") else False ssl_ok = npm_result.get("ssl", False) if not npm_result.get("error") else False
if not ssl_ok: if not ssl_ok:
logger.warning("SSL cert failed for %s — switching configs to HTTP", netbird_domain)
external_url = f"http://{netbird_domain}"
netbird_protocol = "http"
netbird_port = "80"
relay_ws_protocol = "rel"
template_vars["external_url"] = external_url
template_vars["netbird_protocol"] = netbird_protocol
template_vars["netbird_port"] = netbird_port
template_vars["relay_ws_protocol"] = relay_ws_protocol
# Re-render configs that contain URL/protocol references
_render_template(jinja_env, "management.json.j2",
os.path.join(instance_dir, "management.json"), **template_vars)
_render_template(jinja_env, "dashboard.env.j2",
os.path.join(instance_dir, "dashboard.env"), **template_vars)
_render_template(jinja_env, "relay.env.j2",
os.path.join(instance_dir, "relay.env"), **template_vars)
# Recreate containers to pick up new config
docker_service.compose_up(instance_dir, container_prefix, timeout=120)
_log_action( _log_action(
db, customer_id, "deploy", "info", db, customer_id, "deploy", "warning",
"SSL not available — switched to HTTP mode. " "SSL certificate not created automatically. "
"To enable HTTPS: ensure DNS resolves and port 80 is reachable, then re-deploy.", "Please create it manually in NPM or ensure DNS resolves and port 80 is reachable, then re-deploy.",
) )
# Step 10: Create or update deployment record # Step 10: Create or update deployment record