Add /relay* location block to Caddyfile template so that NetBird relay
WebSocket connections (rels://) are correctly forwarded to the relay
container instead of falling through to the dashboard handler.
Without this fix, all relay WebSocket connections silently hit the
dashboard container, causing STUN/relay connectivity failures for all
deployed NetBird instances.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The management container was trying to fetch its own OIDC config via
the external URL (https://domain/oauth2/.well-known/...), which creates
a circular dependency: management -> DNS -> NPM -> Caddy -> management.
This fails because the management container can't reach itself through
the external network during startup.
Changed OIDCConfigEndpoint to http://127.0.0.1:80/oauth2/... (same as
LocalAddress) so the management server accesses its own embedded IdP
directly without going through DNS/NPM/Caddy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create NPM proxy host WITHOUT SSL initially (ssl_forced=False),
then request Let's Encrypt cert, then enable SSL only after cert
is assigned. Prevents broken proxy when cert fails.
- If SSL cert creation fails, automatically fall back to HTTP mode:
re-render management.json, dashboard.env, relay.env with http://
URLs and recreate containers so dashboard login works.
- Better error logging in _request_ssl with specific timeout hints.
- Use template variables for relay WebSocket protocol (rels/rel)
instead of hardcoded rels:// in management.json.j2 and relay.env.j2.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Multi-language support (EN/DE) with i18n engine and language files
- Configurable branding (name, subtitle, logo) in Settings
- Global default language and per-user language preference
- User management router with CRUD endpoints
- Customer status sync on start/stop/restart
- Health check fixes: derive status from container state, remove broken wget healthcheck
- Caddy reverse proxy and dashboard env templates for customer stacks
- Updated README with real hardware specs, prerequisites, and new features
- Removed .claude settings (JWT tokens) and build artifacts from tracking
- Updated .gitignore for .claude/ and Windows artifacts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
