NetBird ΠΎΠ±ΡΠ΅Π΄ΠΈΠ½ΡΠ΅Ρ Π² ΠΎΠ΄Π½ΠΎΠΉ ΠΏΠ»Π°ΡΡΠΎΡΠΌΠ΅ ΠΎΠ΄Π½ΠΎΡΠ°Π½Π³ΠΎΠ²ΡΡ ΡΠ°ΡΡΠ½ΡΡ ΡΠ΅ΡΡ Π±Π΅Π· Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎΡΡΠΈ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ ΠΈ ΡΠ΅Π½ΡΡΠ°Π»ΠΈΠ·ΠΎΠ²Π°Π½Π½ΡΡ ΡΠΈΡΡΠ΅ΠΌΡ ΠΊΠΎΠ½ΡΡΠΎΠ»Ρ Π΄ΠΎΡΡΡΠΏΠ°, ΡΡΠΎ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ Π»Π΅Π³ΠΊΠΎ ΡΠΎΠ·Π΄Π°Π²Π°ΡΡ Π·Π°ΡΠΈΡΡΠ½Π½ΡΠ΅ ΡΠ°ΡΡΠ½ΡΠ΅ ΡΠ΅ΡΠΈ Π΄Π»Ρ Π²Π°ΡΠ΅ΠΉ ΠΎΡΠ³Π°Π½ΠΈΠ·Π°ΡΠΈΠΈ ΠΈΠ»ΠΈ Π΄ΠΎΠΌΠ°.
Π― ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ Π΅Π³ΠΎ Π΄Π»Ρ ΠΎΡΠ³Π°Π½ΠΈΠ·Π°ΡΠΈΠΈ ΡΠ²ΡΠ·ΠΈ ΠΌΠ΅ΠΆΠ΄Ρ ΡΠ΅ΡΠ²Π΅ΡΠ°ΠΌΠΈ, Π΄Π»Ρ ΠΏΡΠΎΠΊΠΈΠ΄ΡΠ²Π°Π½ΠΈΡ Π΄Π°Π½Π½ΡΡ
ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° ΠΈ Π΄Π»Ρ ΠΏΡΠΎΠΊΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΡΠ°ΠΉΡΠΎΠ² Ρ Π΄ΠΎΠΌΠ°ΡΠ½Π΅Π³ΠΎ ΡΠ΅ΡΠ²Π΅ΡΠ° ΠΊΠ°ΠΊ Π·Π°ΠΌΠ΅Π½Ρ claudflare tunel .
ΠΡΠ½ΠΎΠ²ΠΎΠΉ ΡΠ΅ΡΠ΅Π½ΠΈΡ ΠΎΡΡΠ°Π΅ΡΡΡ wireguard ΠΈΠ· Π·Π° ΡΠ΅Π³ΠΎ ΠΌΠΎΠ³ΡΡ Π±ΡΡΡ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ Ρ Π’Π‘ΠΠ£.
Π Π΅ΠΏΠΎΠ·ΠΈΡΠΎΡΠΈΠΉ: https://github.com/netbirdio/netbird
ΠΠΎΠΊΡΠΌΠ΅Π½ΡΠ°ΡΠΈΡ: Introduction to NetBird - NetBird Docs
ΠΠΈΠΆΠ΅ ΡΠ°ΡΡΠΌΠΎΡΡΠ΅Π½ Π²Π°ΡΠΈΠ°Π½Ρ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠΈ Netbird Π·Π° ΡΠ΅Π²Π΅ΡΡ ΠΏΡΠΎΠΊΡΠΈ Caddy ΠΈ Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠ΅ΠΉ ΠΏΠΎ Authentik.
ΠΡΠ»ΠΈ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΏΡΠΎΡΡΠΎ Π±Π°Π·ΠΎΠ²ΠΎΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ Π±Π΅Π· Π²Π½Π΅Π΄ΡΠ΅Π½ΠΈΡ Π² ΡΠ»ΠΎΠΆΠ½ΡΠ΅ ΡΠΈΡΡΠ΅ΠΌΡ ΠΌΠΎΠΆΠ½ΠΎ Π²ΠΎΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡΡΡ ΡΠΊΡΠΈΠΏΡΠΎΠΌ Π±ΡΡΡΡΠΎΠ³ΠΎ Π·Π°ΠΏΡΡΠΊΠ° ΠΈΠ· ΠΎΡΠΈΡΠΈΠ°Π»ΡΠ½ΠΎΠΉ Π΄ΠΎΠΊΡΠΌΠ΅Π½ΡΠ°ΡΠΈΠΈ: Self-hosting quickstart guide (5 min) - NetBird Docs
ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° ΠΈ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ°
Π ΠΎΡΠΈΡΠΈΠ°Π»ΡΠ½ΠΎΠΉ Π΄ΠΎΠΊΡΠΌΠ΅Π½ΡΠ°ΡΠΈΠΈ ΠΎΡΠ΅Π½Ρ ΠΌΠ½ΠΎΠ³ΠΎ Π½Π΅ΡΠΎΡΠ½ΠΎΡΡΠ΅ΠΉ ΡΡΠΎ ΠΊΠ°ΡΠ°ΡΡΡΡ Π½Π΅ΡΡΠ°Π½Π΄Π°ΡΡΠ½ΠΎΠΉ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠΈ. ΠΡΠΎΠ±Π΅Π½Π½ΠΎ ΠΌΠ½ΠΎΠ³ΠΎ ΠΏΡΠΎΠ±Π»Π΅ΠΌ Ρ authentik ΠΈ caddy.
ΠΡΠ½ΠΎΠ²Π½ΠΎΠΉ ΠΏΡΠΎΡΠ΅ΡΡ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠΈ ΠΎΠΏΠΈΡΠ°Π½ Π² Π΄ΠΎΠΊΡΠΌΠ΅Π½ΡΠ°ΡΠΈΠΈ: Advanced guide - NetBird Docs
ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° Authentik
ΠΠΎΠΊΡΠΌΠ΅Π½ΡΠ°ΡΠΈΡ: Identity Providers - NetBird Docs
ΠΡΡΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π²Π°ΡΠΈΠ°Π½Ρ Π½Π° ΡΠ°ΠΉΡΠ΅ Authentik: Integrate with NetBird | authentik
ΠΠ°ΠΆΠ½ΡΠ΅ ΠΌΠΎΠΌΠ΅Π½ΡΡ Π½Π΅ ΠΎΠΏΠΈΡΠ°Π½Π½ΡΠ΅ Π² Π΄ΠΎΠΊΡΠΌΠ΅Π½ΡΠ°ΡΠΈΠΈ:
ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π½Π΅ ΠΏΠ°ΡΠΎΠ»Ρ ΡΠ»ΡΠΆΠ΅Π±Π½ΠΎΠ³ΠΎ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ Π° ΠΏΠ°ΡΠΎΠ»Ρ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ, ΡΠΊΠ°Π·ΡΠ²Π°ΡΡ Π΅Π³ΠΎ Π² ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡ NETBIRD_IDP_MGMT_EXTRA_PASSWORD
ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΈΠ·ΠΌΠ΅Π½ΠΈΡΡ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ ΠΏΡΠΎΠ²Π°ΠΉΠ΄Π΅ΡΠ° Π² ΡΠ°Π·Π΄Π΅Π»Π΅ ΠΏΠ΅ΡΠ΅Π½Π°ΠΏΡΠ°Π²Π»Π΅Π½ΠΈΠ΅ ΠΈ Π² ΡΠ°Π·Π΄Π΅Π»Π΅ ΠΎΠ±Π»Π°ΡΡΠΈ ΠΏΠΎ Π°Π½Π°Π»ΠΎΠ³ΠΈΠΈ ΡΠΎ ΡΠΊΡΠΈΠ½Π°ΠΌΠΈ Π½ΠΈΠΆΠ΅:
Π£ΠΊΠ°Π·Π°ΡΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ Netbird Π² ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΈ
ΠΠ°Π½Π½ΡΠ΅ Π΄Π»Ρ NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT ΡΠΊΠ°Π·Π°Π½Ρ Π² ΠΏΠΎΠ»Π΅ ΠΏΡΠΎΠ²Π°ΠΉΠ΄Π΅ΡΠ° URL-Π°Π΄ΡΠ΅Ρ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ OpenID.
ΠΡΠΈΠΌΠ΅Ρ ΡΠ°ΠΉΠ»Π° ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ:
NETBIRD_DASHBOARD_TAG=""
NETBIRD_SIGNAL_TAG=""
NETBIRD_MANAGEMENT_TAG=""
COTURN_TAG=""
NETBIRD_RELAY_TAG=""
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="subdomein.domein.ru"
# TURN server domain. e.g. turn.mydomain.com
# if not specified it will assume NETBIRD_DOMAIN
NETBIRD_TURN_DOMAIN=""
# TURN server public IP address
# required for a connection involving peers in
# the same network as the server and external peers
# usually matches the IP for the domain set in NETBIRD_TURN_DOMAIN
NETBIRD_TURN_EXTERNAL_IP="<IP_Server>"
# -------------------------------------------
# OIDC
# e.g., https://example.eu.auth0.com/.well-known/openid-configuration
# -------------------------------------------
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authentik.<domein>.ru/application/o/netbird/.well-known/openid-configuration"
NETBIRD_USE_AUTH0=false
NETBIRD_AUTH_CLIENT_ID="<CLIENT_ID>"
NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api"
NETBIRD_AUTH_AUDIENCE="<CLIENT_ID>"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="<CLIENT_ID>"
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE="<CLIENT_ID>"
# -------------------------------------------
# OIDC Device Authorization Flow
# -------------------------------------------
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=""
# Some IDPs requires different audience, scopes and to use id token for device authorization flow
# you can customize here:
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid"
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false
# -------------------------------------------
# OIDC PKCE Authorization Flow
# -------------------------------------------
# Comma separated port numbers. if already in use, PKCE flow will choose an available port from the list as an alternative
# eg. 53000,54000
NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS="53000"
# -------------------------------------------
# IDP Management
# -------------------------------------------
NETBIRD_MGMT_IDP="authentik"
NETBIRD_IDP_MGMT_CLIENT_ID="<CLIENT_ID>"
NETBIRD_IDP_MGMT_EXTRA_USERNAME="Netbird"
NETBIRD_IDP_MGMT_EXTRA_PASSWORD="<ΠΠ°ΡΠΎΠ»Ρ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ>"
# -------------------------------------------
# Letsencrypt
# -------------------------------------------
# Disable letsencrypt
# if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
NETBIRD_DISABLE_LETSENCRYPT=true
# e.g. [email protected]
NETBIRD_LETSENCRYPT_EMAIL="<EMAIL>"
# -------------------------------------------
# Extra settings
# -------------------------------------------
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhosted
# -------------------------------------------
# Relay settings
# -------------------------------------------
# Relay server domain. e.g. relay.mydomain.com
# if not specified it will assume NETBIRD_DOMAIN
NETBIRD_RELAY_DOMAIN=""
# Relay server connection port. If none is supplied
# it will default to 33080
NETBIRD_RELAY_PORT=""
NETBIRD_SIGNAL_PORT="443"
NETBIRD_MGMT_API_PORT="443"
ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅:: ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ netbird
ΠΠ°Π»ΡΠ½Π΅ΠΉΡΠ°Ρ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΡ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΎΠ½Π½ΡΡ
ΡΠ°ΠΉΠ»ΠΎΠ² Π²ΡΠΏΠΎΠ»Π½ΡΠ΅ΡΡΡ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ ΠΏΠΎ ΠΈΠ½ΡΡΡΡΠΊΡΠΈΠΈ.
ΠΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ Π½Π°Π΄ΠΎ Π·Π°ΠΏΡΡΠΊΠ°ΡΡ ΡΠΊΡΠΈΠΏΡ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ ΡΠ°ΠΉΠ»ΠΎΠ² ΠΈΠ· ΠΎΡΠΈΡΠΈΠ°Π»ΡΠ½ΠΎΠΉ ΠΈΠ½ΡΡΡΡΠΊΡΠΈΠΈ ΡΠ°ΠΊ ΠΊΠ°ΠΊ ΠΎΠ½ ΡΠΎΠ·Π΄Π°Π΅Ρ ΡΡΠ°Π·Ρ Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΎ ΡΠ»ΡΠΆΠ΅Π±Π½ΡΡ
ΡΠ°ΠΉΠ»ΠΎΠ² Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π·Π°Π΄Π°Π½Π½ΡΡ
ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠΎΠ².
ΠΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΈΡ docker compose
ΠΠΎΡΠ»Π΅ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ docker-compose Π΅Π³ΠΎ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΏΡΠΈΠ²Π΅ΡΡΠΈ ΠΊ ΡΠ»Π΅Π΄ΡΡΡΠ΅ΠΌΡ Π²ΠΈΠ΄Ρ.
ΠΠ°ΠΆΠ½ΠΎ ΠΈΠ·ΠΌΠ΅Π½ΠΈΡΡ ΠΏΠΎΡΡ Π΄Π»Ρ ΠΊΠΎΠ½ΡΠ΅ΠΉΠ½Π΅ΡΠ° management Π² ΡΡΡΡ
ΠΌΠ΅ΡΡΠ°Ρ
ΡΠΊΠ°Π·Π°Π² Π»ΡΠ±ΠΎΠΉ ΠΎΡΠ»ΠΈΡΠ½ΡΠΉ ΠΎΡ 443.
ΠΡΠΈΠΌΠ΅Ρ docker compose ΡΠ°ΠΉΠ»Π°:
services:
# UI dashboard
dashboard:
image: netbirdio/dashboard:latest
restart: unless-stopped
ports:
- 8080:80
# - 443:443
environment:
# Endpoints
- NETBIRD_MGMT_API_ENDPOINT=https://netbird.<domein>.ru:443
- NETBIRD_MGMT_GRPC_API_ENDPOINT=https://netbird.<domein>.ru:443
# OIDC
- AUTH_AUDIENCE=<secret_authentik>
- AUTH_CLIENT_ID=<secret_authentik>
- AUTH_CLIENT_SECRET=
- AUTH_AUTHORITY=https://authentik.<domein>.ru/application/o/netbird/
- USE_AUTH0=false
- AUTH_SUPPORTED_SCOPES=openid profile email offline_access api
- AUTH_REDIRECT_URI=
- AUTH_SILENT_REDIRECT_URI=
- NETBIRD_TOKEN_SOURCE=accessToken
# SSL
- NGINX_SSL_PORT=443
# Letsencrypt
- LETSENCRYPT_DOMAIN=
- LETSENCRYPT_EMAIL=<email>
volumes:
- netbird-letsencrypt:/etc/letsencrypt/
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
# Signal
signal:
image: netbirdio/signal:latest
restart: unless-stopped
volumes:
- netbird-signal:/var/lib/netbird
ports:
- 10000:10000
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
# Relay
relay:
image: netbirdio/relay:latest
restart: unless-stopped
environment:
- NB_LOG_LEVEL=info
- NB_LISTEN_ADDRESS=:33080
- NB_EXPOSED_ADDRESS=netbird.<domein>.ru:33080
# todo: change to a secure secret
- NB_AUTH_SECRET=<secret>
ports:
- 33080:33080
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
# Management
management:
image: netbirdio/management:latest
restart: unless-stopped
depends_on:
- dashboard
volumes:
- netbird-mgmt:/var/lib/netbird
- netbird-letsencrypt:/etc/letsencrypt:ro
- ./management.json:/etc/netbird/management.json
ports:
- 33073:33073 #API port
# # command for Let's Encrypt validation without dashboard container
# command: ["--letsencrypt-domain", "", "--log-file", "console"]
command: [
"--port", "33073",
"--log-file", "console",
"--log-level", "info",
"--disable-anonymous-metrics=false",
"--single-account-mode-domain=spb.<domein>.ru",
"--dns-domain=netbird.selfstil"
]
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
environment:
- NETBIRD_STORE_ENGINE_POSTGRES_DSN=
- NETBIRD_STORE_ENGINE_MYSQL_DSN=
# Coturn
coturn:
image: coturn/coturn:latest
restart: unless-stopped
volumes:
- ./turnserver.conf:/etc/turnserver.conf:ro
network_mode: host
command:
- -c /etc/turnserver.conf
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
volumes:
netbird-mgmt:
netbird-signal:
netbird-letsencrypt:
ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° ΡΠ΅Π²Π΅ΡΡ ΠΏΡΠΎΠΊΡΠΈ traefik
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ Π΄Π»Ρ traefik
http:
routers:
# netbird-dashboard
netbird-dashboard:
rule: "Host(`netbird.domein.ru`)"
entrypoints:
- http
middlewares:
- netbird-dashboard-https-redirect
service: netbird-dashboard
netbird-dashboard-secure:
rule: "Host(`netbird.domein.ru`)"
entrypoints:
- https
tls:
certResolver: cloudflare
service: netbird-dashboard
# netbird-signal
netbird-signal:
rule: "Host(`netbird.domein.ru`) && PathPrefix(`/signalexchange.SignalExchange/`)"
entrypoints:
- http
middlewares:
- netbird-signal-https-redirect
service: netbird-signal
netbird-signal-secure:
rule: "Host(`netbird.domein.ru`) && PathPrefix(`/signalexchange.SignalExchange/`)"
entrypoints:
- https
service: netbird-signal
tls:
certResolver: cloudflare
# netbird-relay
netbird-relay:
rule: "Host(`netbird.domein.ru`) && PathPrefix(`/relay`)"
entrypoints:
- http
middlewares:
- netbird-relay-https-redirect
service: netbird-relay
netbird-relay-secure:
rule: "Host(`netbird.domein.ru`) && PathPrefix(`/relay`)"
entrypoints:
- https
service: netbird-relay
tls:
certResolver: cloudflare
# netbird-api
netbird-api:
rule: "Host(`netbird.domein.ru`) && PathPrefix(`/api`)"
entrypoints:
- http
middlewares:
- netbird-api-https-redirect
service: netbird-api
netbird-api-secure:
rule: "Host(`netbird.domein.ru`) && PathPrefix(`/api`)"
entrypoints:
- https
service: netbird-api
tls:
certResolver: cloudflare
# netbird-api
netbird-management:
rule: "Host(`netbird.domein.ru`) && PathPrefix(`/management.ManagementService/`)"
entrypoints:
- http
middlewares:
- netbird-management-https-redirect
service: netbird-management
netbird-management-secure:
rule: "Host(`netbird.domein.ru`) && PathPrefix(`/management.ManagementService/`)"
entrypoints:
- https
service: netbird-management
tls:
certResolver: cloudflare
middlewares:
netbird-dashboard-https-redirect:
redirectScheme:
scheme: https
netbird-signal-https-redirect:
redirectScheme:
scheme: https
netbird-relay-https-redirect:
redirectScheme:
scheme: https
netbird-api-https-redirect:
redirectScheme:
scheme: https
netbird-management-https-redirect:
redirectScheme:
scheme: https
services:
netbird-dashboard:
loadBalancer:
servers:
- url: "http://192.168.0.131:8085"
netbird-signal:
loadBalancer:
servers:
- url: "h2c://192.168.0.131:10000"
netbird-relay:
loadBalancer:
servers:
- url: "http://192.168.0.131:3478"
netbird-api:
loadBalancer:
servers:
- url: "http://192.168.0.131:33073"
netbird-management:
loadBalancer:
servers:
- url: "h2c://192.168.0.131:33073"
ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅:: ΠΡΠΈΠΌΠ΅Ρ ΠΊΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΠΈ traefik Π΄Π»Ρ netbird
ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° ΡΠ΅Π²Π΅ΡΡ ΠΏΡΠΎΠΊΡΠΈ caddy
Caddy ΡΠΎ ΡΠ»Π΅Π΄ΡΡΡΠΈΠΌΠΈ Π½Π°ΡΡΡΠΎΠΉΠΊΠ°ΠΌΠΈ
services:
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./logs:/var/log/caddy
- caddy_data_panel:/data
- caddy_config_panel:/config
env_file:
- .env
network_mode: "host"
volumes:
caddy_data_panel:
caddy_config_panel:
env
SELF_STEAL_DOMAIN=netberd.domein.ru
ΠΠΎΠ½ΡΠΈΠ³ΡΡΠ°ΡΠΈΡ Caddy:
Caddy Netbird
(security_headers) {
header * {
Strict-Transport-Security "max-age=3600; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
X-XSS-Protection "1; mode=block"
-Server
Referrer-Policy strict-origin-when-cross-origin
}
}
https://{$SELF_STEAL_DOMAIN} {
import security_headers
reverse_proxy /signalexchange.SignalExchange/* h2c://127.0.0.1:10000
reverse_proxy /api/* 127.0.0.1:33073
reverse_proxy /management.ManagementService/* h2c://127.0.0.1:33073
reverse_proxy /* 127.0.0.1:8080
}
ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅:: ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° Caddy Π΄Π»Ρ Netbird
ΠΠ½ΠΎΠ³Π΄Π° ΠΏΡΠΎΠΈΡΡ
ΠΎΠ΄ΡΡ ΠΏΠΎΠ΄Π²ΠΈΡΠ°Π½ΠΈΡ ΠΏΠΎΡΠ»Π΅ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ ΠΈ ΠΌΠΎΠΆΠ΅Ρ Π΄ΠΎΠ»Π³ΠΎ ΠΊΡΡΡΠΈΡΡ ΡΡΡΠ°Π½ΠΈΡΡ. ΠΠ΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎ ΠΏΠ΅ΡΠ΅Π·Π°Π³ΡΡΠ·ΠΈΡΡ ΡΡΡΠ°Π½ΠΈΡΡ.
ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° Π² ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ΅ ΠΈ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΊΠ»ΠΈΠ΅Π½ΡΠΎΠ²
ΠΡΠ½ΠΎΠ²Π½ΡΠ΅ Π½Π°ΡΡΡΠΎΠΉΠΊΠΈ Π²ΡΠΏΠΎΠ»Π½ΡΡΡΡΡ ΡΠ΅ΡΠ΅Π· ΡΠ΄ΠΎΠ±Π½ΡΠΉ web ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ. ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΊΠ»ΠΈΠ΅Π½ΡΠΎΠ² Π»ΡΡΡΠ΅ Π²ΡΠΏΠΎΠ»Π½ΡΡΡ ΡΠ΅ΡΠ΅Π· ΠΌΠ΅Π½Ρ Setup Keys ΠΏΡΠΈ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ ΡΡΠ°Π·Ρ ΡΠΊΠ°Π·ΡΠ²Π°ΡΡ Π³ΡΡΠΏΠΏΡ ΠΊΠ»ΠΈΠ΅Π½ΡΠ°, ΠΎΠ½ΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡΡΡΡ Π΄Π»Ρ ΠΏΡΠ°Π²ΠΈΠ» ΠΌΠ°ΡΡΡΡΡΠΈΠ·Π°ΡΠΈΠΈ.
ΠΠ»Ρ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΡ Π»ΠΈΠ½ΡΠΊΡ ΠΊΠ»ΠΈΠ΅Π½ΡΠΎΠ² Π»ΡΡΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΡ ΡΠ΅ΡΠ΅Π· ΠΏΠ°ΠΊΠ΅Ρ, Π΄ΠΎΠΊΠ΅Ρ ΠΊΠ»ΠΈΠ΅Π½Ρ Π·Π°Π²ΠΈΡΡΠΈ ΠΏΠΎΠ»Π½ΠΎΡΠ΅Π½Π½ΠΎ ΡΠ°ΠΊ ΠΈ Π½Π΅ ΠΏΠΎΠ»ΡΡΠΈΠ»ΠΎΡΡ.
ΠΡΠ°Π²ΠΈΠ»Π° ΠΌΠ°ΡΡΡΡΡΠΈΠ·Π°ΡΠΈΠΈ ΡΡΡΠ°Π½Π°Π²Π»ΠΈΠ²Π°ΡΡΡΡ Π² ΡΠ°Π·Π΄Π΅Π»Π΅ Acces Control -> Policies
ΠΠΎΠ»ΠΈΡΠΈΠΊΡ ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ Π»ΡΡΡΠ΅ ΡΡΠ°Π·Ρ ΠΎΡΠΊΠ»ΡΡΠΈΡΡ ΠΎΠ½Π° Π΄Π°Π΅Ρ ΠΏΠΎΠ»Π½ΡΠΉ Π΄ΠΎΡΡΡΠΏ ΠΌΠ΅ΠΆΠ΄Ρ ΡΠ΅ΡΠ²Π΅ΡΠ°ΠΌΠΈ!
ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° ΠΏΠΎΠ»ΠΈΡΠΈΠΊΠΈ Π΄ΠΎΡΡΡΠΏΠ° Π΄Π»Ρ ΠΏΠΈΠ½Π³Π°
ΠΠ°ΡΡΡΠΎΠΉΠΊΠ° Π΄ΠΎΡΡΡΠΏΠ° Π΄Π»Ρ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° ΡΠ΅ΡΠ²Π΅ΡΠΎΠ²
ΠΡΠΎΠ΅ΠΊΡΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ ΡΠ°ΠΉΡΠΎΠ² Ρ Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΡΠ΅ΡΠ²Π΅ΡΠ° Π½Π° Π½ΠΎΠ΄Ρ
Π ΠΏΡΠΎΡΠ΅ΡΡΠ΅ ΠΎΠΏΠΈΡΠ°Π½ΠΈΡ
ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ Π΄Π»Ρ ΠΎΠ±Ρ
ΠΎΠ΄Π° Π±Π»ΠΎΠΊΠΈΡΠΎΠ²ΠΎΠΊ
Π‘ΠΈΡΡΠ΅ΠΌΠ° ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ ΠΎΡΠ³Π°Π½ΠΈΠ·ΠΎΠ²Π°ΡΡ Π²ΡΡ
ΠΎΠ΄Π½ΡΡ Π½ΠΎΠ΄Ρ ΠΈ Π½Π°ΠΏΡΠ°Π²Π»ΡΡΡ ΡΡΠ°ΡΠΈΠΊ ΠΏΠΎ ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠ½ΠΎΠΌΡ ip ΠΈΠ»ΠΈ Π΄ΠΎΠΌΠ΅Π½Ρ ΡΡΠ°Π·Ρ Π½Π° ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠ½ΠΎΠ³ΠΎ ΠΊΠ»ΠΈΠ΅Π½ΡΠ° ΠΈ Π²ΡΡ
ΠΎΠ΄ΠΈΡΡ ΡΠ΅ΡΠ΅Π· Π½Π΅Π³ΠΎ Π² ΠΈΠ½ΡΠ΅ΡΠ½Π΅Ρ. ΠΠ»Ρ ΡΡΠΎΠ³ΠΎ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡΡΡΡ Exit Node.
Configuring default routes for Internet traffic - NetBird Docs
ΠΡΠΈΠΌΠ΅ΡΠ°Π½ΠΈΠ΅:: zerotier ΡΠ΅ΡΡ
