BurgerGames/NetBirdMSP-Appliance
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
88530871614c19882ca12d7e0554114c20b3e025
NetBirdMSP-Appliance/templates/management.json.j2
twothatit 8853087161 Fix SSL cert creation and HTTP fallback for Unauthenticated error 
- Create NPM proxy host WITHOUT SSL initially (ssl_forced=False),
  then request Let's Encrypt cert, then enable SSL only after cert
  is assigned. Prevents broken proxy when cert fails.
- If SSL cert creation fails, automatically fall back to HTTP mode:
  re-render management.json, dashboard.env, relay.env with http://
  URLs and recreate containers so dashboard login works.
- Better error logging in _request_ssl with specific timeout hints.
- Use template variables for relay WebSocket protocol (rels/rel)
  instead of hardcoded rels:// in management.json.j2 and relay.env.j2.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 21:18:37 +01:00

57 lines
1.4 KiB
Django/Jinja
Raw Blame History

{
"Stuns": [
{
"Proto": "udp",
"URI": "stun:{{ netbird_domain }}:{{ relay_udp_port }}",
"Username": "",
"Password": null
}
],
"TURNConfig": {
"Turns": [
{
"Proto": "udp",
"URI": "turn:{{ netbird_domain }}:{{ relay_udp_port }}",
"Username": "netbird",
"Password": "{{ relay_secret }}"
}
],
"CredentialsTTL": "12h",
"Secret": "{{ relay_secret }}",
"TimeBasedCredentials": false
},
"Relay": {
"Addresses": [
"{{ relay_ws_protocol }}://{{ netbird_domain }}:{{ netbird_port }}"
],
"CredentialsTTL": "24h",
"Secret": "{{ relay_secret }}"
},
"Signal": {
"Proto": "{{ netbird_protocol }}",
"URI": "{{ netbird_domain }}:{{ netbird_port }}",
"Username": "",
"Password": null
},
"HttpConfig": {
"AuthIssuer": "{{ external_url }}/oauth2",
"AuthAudience": "netbird-dashboard",
"OIDCConfigEndpoint": "{{ external_url }}/oauth2/.well-known/openid-configuration"
},
"EmbeddedIdP": {
"Enabled": true,
"Issuer": "{{ external_url }}/oauth2",
"LocalAddress": "http://127.0.0.1:80",
"DashboardRedirectURIs": [
"{{ external_url }}/nb-auth",
"{{ external_url }}/nb-silent-auth"
],
"CLIRedirectURIs": [
"http://localhost:53000/",
"http://localhost:54000/"
],
"SignKeyRefreshEnabled": true
},
"DataStoreEncryptionKey": "{{ datastore_encryption_key }}"
}
Reference in New Issue View Git Blame Copy Permalink