BurgerGames/NetBirdMSP-Appliance
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SSL cert creation and HTTP fallback for Unauthenticated error

Browse Source 
- Create NPM proxy host WITHOUT SSL initially (ssl_forced=False),
  then request Let's Encrypt cert, then enable SSL only after cert
  is assigned. Prevents broken proxy when cert fails.
- If SSL cert creation fails, automatically fall back to HTTP mode:
  re-render management.json, dashboard.env, relay.env with http://
  URLs and recreate containers so dashboard login works.
- Better error logging in _request_ssl with specific timeout hints.
- Use template variables for relay WebSocket protocol (rels/rel)
  instead of hardcoded rels:// in management.json.j2 and relay.env.j2.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Sascha Lustenberger
2026-02-08 21:18:37 +01:00
parent 6d42e583d6
commit 8853087161
4 changed files with 105 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
templates/relay.env.j2
View File

@@ -2,6 +2,6 @@
# {{ subdomain }}.{{ base_domain }}
NB_AUTH_SECRET={{ relay_secret }}
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=rels://{{ subdomain }}.{{ base_domain }}:443
NB_EXPOSED_ADDRESS={{ relay_ws_protocol }}://{{ subdomain }}.{{ base_domain }}:{{ netbird_port }}
NB_ENABLE_STUN=true
NB_STUN_PORTS=3478