- Create NPM proxy host WITHOUT SSL initially (ssl_forced=False), then request Let's Encrypt cert, then enable SSL only after cert is assigned. Prevents broken proxy when cert fails. - If SSL cert creation fails, automatically fall back to HTTP mode: re-render management.json, dashboard.env, relay.env with http:// URLs and recreate containers so dashboard login works. - Better error logging in _request_ssl with specific timeout hints. - Use template variables for relay WebSocket protocol (rels/rel) instead of hardcoded rels:// in management.json.j2 and relay.env.j2. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
57 lines
1.4 KiB
Django/Jinja
57 lines
1.4 KiB
Django/Jinja
{
|
|
"Stuns": [
|
|
{
|
|
"Proto": "udp",
|
|
"URI": "stun:{{ netbird_domain }}:{{ relay_udp_port }}",
|
|
"Username": "",
|
|
"Password": null
|
|
}
|
|
],
|
|
"TURNConfig": {
|
|
"Turns": [
|
|
{
|
|
"Proto": "udp",
|
|
"URI": "turn:{{ netbird_domain }}:{{ relay_udp_port }}",
|
|
"Username": "netbird",
|
|
"Password": "{{ relay_secret }}"
|
|
}
|
|
],
|
|
"CredentialsTTL": "12h",
|
|
"Secret": "{{ relay_secret }}",
|
|
"TimeBasedCredentials": false
|
|
},
|
|
"Relay": {
|
|
"Addresses": [
|
|
"{{ relay_ws_protocol }}://{{ netbird_domain }}:{{ netbird_port }}"
|
|
],
|
|
"CredentialsTTL": "24h",
|
|
"Secret": "{{ relay_secret }}"
|
|
},
|
|
"Signal": {
|
|
"Proto": "{{ netbird_protocol }}",
|
|
"URI": "{{ netbird_domain }}:{{ netbird_port }}",
|
|
"Username": "",
|
|
"Password": null
|
|
},
|
|
"HttpConfig": {
|
|
"AuthIssuer": "{{ external_url }}/oauth2",
|
|
"AuthAudience": "netbird-dashboard",
|
|
"OIDCConfigEndpoint": "{{ external_url }}/oauth2/.well-known/openid-configuration"
|
|
},
|
|
"EmbeddedIdP": {
|
|
"Enabled": true,
|
|
"Issuer": "{{ external_url }}/oauth2",
|
|
"LocalAddress": "http://127.0.0.1:80",
|
|
"DashboardRedirectURIs": [
|
|
"{{ external_url }}/nb-auth",
|
|
"{{ external_url }}/nb-silent-auth"
|
|
],
|
|
"CLIRedirectURIs": [
|
|
"http://localhost:53000/",
|
|
"http://localhost:54000/"
|
|
],
|
|
"SignKeyRefreshEnabled": true
|
|
},
|
|
"DataStoreEncryptionKey": "{{ datastore_encryption_key }}"
|
|
}
|