BurgerGames/NetBirdMSP-Appliance
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36 Commits 2 Branches 11 Tags
78a07122beff0d951c8aa4bbd5346e6d7f873f22
Commit Graph

8 Commits

Author SHA1 Message Date
twothatit
78a07122be Fix NPM SSL: preserve existing cert on update, find cert by domain 
Three fixes:
1. When updating existing proxy host, preserve its certificate_id
   and SSL settings instead of resetting to 0
2. Search NPM certificates by domain if proxy host has no cert
   assigned (handles manually created certs)
3. Remove invalid 'nice_name' and 'dns_challenge' from LE cert
   request payload (caused 400 error on newer NPM versions)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 22:38:31 +01:00
twothatit
9bc48a3e94 Fix NPM: reuse existing proxy host and SSL cert on redeployment 
When a proxy host already exists in NPM (domain "already in use"),
the code now finds the existing host, updates it, and requests SSL
instead of failing with an error. Also checks if the host already
has a valid certificate before requesting a new one from Let's Encrypt.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 22:31:49 +01:00
twothatit
8853087161 Fix SSL cert creation and HTTP fallback for Unauthenticated error 
- Create NPM proxy host WITHOUT SSL initially (ssl_forced=False),
  then request Let's Encrypt cert, then enable SSL only after cert
  is assigned. Prevents broken proxy when cert fails.
- If SSL cert creation fails, automatically fall back to HTTP mode:
  re-render management.json, dashboard.env, relay.env with http://
  URLs and recreate containers so dashboard login works.
- Better error logging in _request_ssl with specific timeout hints.
- Use template variables for relay WebSocket protocol (rels/rel)
  instead of hardcoded rels:// in management.json.j2 and relay.env.j2.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 21:18:37 +01:00
twothatit
6d42e583d6 Fix NPM forwarding: use HOST_IP env var instead of socket detection 
Socket detection inside Docker returns the container IP (172.18.0.x),
not the host IP. Now:
- install.sh detects host IP via hostname -I and stores in .env
- docker-compose.yml passes HOST_IP to the container
- npm_service.py reads HOST_IP from environment
- Increased SSL cert timeout to 120s (LE validation is slow)
- Added better logging for SSL cert creation/assignment
- README updated with HOST_IP in .env example

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 21:00:29 +01:00
twothatit
b56f0eb8a4 Fix NPM forward host: use real host IP instead of Docker gateway 
- npm_service._get_forward_host() now detects the actual host IP via
  UDP socket (works inside Docker containers) instead of using
  172.17.0.1 Docker gateway which NPM can't reach
- install.sh uses hostname -I for NPM forward host
- Removed npm_api_url parameter from _get_forward_host()

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 20:45:01 +01:00
twothatit
db878ff35d Fix NPM integration: correct forward host, SSL, and add UDP stream 
- Forward proxy to host IP + dashboard_port instead of container name
- Remove redundant advanced_config (Caddy handles internal routing)
- Add provider: letsencrypt to SSL certificate request
- Add NPM UDP stream creation/deletion for STUN/TURN relay ports
- Add npm_stream_id to Deployment model with migration
- Fix API docs URL in README (/api/docs)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 19:51:32 +01:00
twothatit
a18df0018c bugfix 2026-02-07 21:13:50 +01:00
twothatit
42a3cc9d9f First Build alpha 0.1 2026-02-07 12:18:20 +01:00