mirror of
https://github.com/netbirdio/netbird.git
synced 2024-11-27 18:43:17 +01:00
fix some typo spotted with codespell (#1278)
Fixed spelling typos on logs, comments and command help text
This commit is contained in:
parent
8843784312
commit
c99ae6f009
@ -144,7 +144,7 @@ cd client
|
|||||||
CGO_ENABLED=0 go build .
|
CGO_ENABLED=0 go build .
|
||||||
```
|
```
|
||||||
|
|
||||||
> Windows clients have a Wireguard driver requirement. You can downlowd the wintun driver from https://www.wintun.net/builds/wintun-0.14.1.zip, after decompressing, you can copy the file `windtun\bin\ARCH\wintun.dll` to the same path as your binary file or to `C:\Windows\System32\wintun.dll`.
|
> Windows clients have a Wireguard driver requirement. You can download the wintun driver from https://www.wintun.net/builds/wintun-0.14.1.zip, after decompressing, you can copy the file `windtun\bin\ARCH\wintun.dll` to the same path as your binary file or to `C:\Windows\System32\wintun.dll`.
|
||||||
|
|
||||||
To start NetBird the client in the foreground:
|
To start NetBird the client in the foreground:
|
||||||
|
|
||||||
|
@ -57,11 +57,11 @@ func TestPreferences_ReadUncommitedValues(t *testing.T) {
|
|||||||
p.SetManagementURL(exampleString)
|
p.SetManagementURL(exampleString)
|
||||||
resp, err = p.GetManagementURL()
|
resp, err = p.GetManagementURL()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("failed to read managmenet url: %s", err)
|
t.Fatalf("failed to read management url: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if resp != exampleString {
|
if resp != exampleString {
|
||||||
t.Errorf("unexpected managemenet url: %s", resp)
|
t.Errorf("unexpected management url: %s", resp)
|
||||||
}
|
}
|
||||||
|
|
||||||
p.SetPreSharedKey(exampleString)
|
p.SetPreSharedKey(exampleString)
|
||||||
@ -102,11 +102,11 @@ func TestPreferences_Commit(t *testing.T) {
|
|||||||
|
|
||||||
resp, err = p.GetManagementURL()
|
resp, err = p.GetManagementURL()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("failed to read managmenet url: %s", err)
|
t.Fatalf("failed to read management url: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if resp != exampleURL {
|
if resp != exampleURL {
|
||||||
t.Errorf("unexpected managemenet url: %s", resp)
|
t.Errorf("unexpected management url: %s", resp)
|
||||||
}
|
}
|
||||||
|
|
||||||
resp, err = p.GetPreSharedKey()
|
resp, err = p.GetPreSharedKey()
|
||||||
|
@ -123,7 +123,7 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
|
|||||||
defer func() {
|
defer func() {
|
||||||
err := conn.Close()
|
err := conn.Close()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Warnf("failed closing dameon gRPC client connection %v", err)
|
log.Warnf("failed closing daemon gRPC client connection %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
@ -200,11 +200,11 @@ func validateNATExternalIPs(list []string) error {
|
|||||||
|
|
||||||
subElements := strings.Split(element, "/")
|
subElements := strings.Split(element, "/")
|
||||||
if len(subElements) > 2 {
|
if len(subElements) > 2 {
|
||||||
return fmt.Errorf("%s is not a valid input for %s. it should be formated as \"String\" or \"String/String\"", element, externalIPMapFlag)
|
return fmt.Errorf("%s is not a valid input for %s. it should be formatted as \"String\" or \"String/String\"", element, externalIPMapFlag)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(subElements) == 1 && !isValidIP(subElements[0]) {
|
if len(subElements) == 1 && !isValidIP(subElements[0]) {
|
||||||
return fmt.Errorf("%s is not a valid input for %s. it should be formated as \"IP\" or \"IP/IP\", or \"IP/Interface Name\"", element, externalIPMapFlag)
|
return fmt.Errorf("%s is not a valid input for %s. it should be formatted as \"IP\" or \"IP/IP\", or \"IP/Interface Name\"", element, externalIPMapFlag)
|
||||||
}
|
}
|
||||||
|
|
||||||
last := 0
|
last := 0
|
||||||
@ -259,7 +259,7 @@ func parseCustomDNSAddress(modified bool) ([]byte, error) {
|
|||||||
var parsed []byte
|
var parsed []byte
|
||||||
if modified {
|
if modified {
|
||||||
if !isValidAddrPort(customDNSAddress) {
|
if !isValidAddrPort(customDNSAddress) {
|
||||||
return nil, fmt.Errorf("%s is invalid, it should be formated as IP:Port string or as an empty string like \"\"", customDNSAddress)
|
return nil, fmt.Errorf("%s is invalid, it should be formatted as IP:Port string or as an empty string like \"\"", customDNSAddress)
|
||||||
}
|
}
|
||||||
if customDNSAddress == "" && logFile != "console" {
|
if customDNSAddress == "" && logFile != "console" {
|
||||||
parsed = []byte("empty")
|
parsed = []byte("empty")
|
||||||
|
@ -192,7 +192,7 @@ func (m *Manager) AddFiltering(
|
|||||||
}
|
}
|
||||||
if ipsetName != "" {
|
if ipsetName != "" {
|
||||||
// ipset name is defined and it means that this rule was created
|
// ipset name is defined and it means that this rule was created
|
||||||
// for it, need to assosiate it with ruleset
|
// for it, need to associate it with ruleset
|
||||||
m.rulesets[ipsetName] = ruleset{
|
m.rulesets[ipsetName] = ruleset{
|
||||||
rule: rule,
|
rule: rule,
|
||||||
ips: map[string]string{rule.ip: ruleID},
|
ips: map[string]string{rule.ip: ruleID},
|
||||||
@ -236,7 +236,7 @@ func (m *Manager) DeleteRule(rule fw.Rule) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// we delete last IP from the set, that means we need to delete
|
// we delete last IP from the set, that means we need to delete
|
||||||
// set itself and assosiated firewall rule too
|
// set itself and associated firewall rule too
|
||||||
delete(m.rulesets, r.ipsetName)
|
delete(m.rulesets, r.ipsetName)
|
||||||
|
|
||||||
if err := ipset.Destroy(r.ipsetName); err != nil {
|
if err := ipset.Destroy(r.ipsetName); err != nil {
|
||||||
|
@ -754,7 +754,7 @@ func (m *Manager) AllowNetbird() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if chain == nil {
|
if chain == nil {
|
||||||
log.Debugf("chain INPUT not found. Skiping add allow netbird rule")
|
log.Debugf("chain INPUT not found. Skipping add allow netbird rule")
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -148,7 +148,7 @@ func TestNftablesManager(t *testing.T) {
|
|||||||
// test expectations:
|
// test expectations:
|
||||||
// 1) "accept extra routed traffic rule" for the interface
|
// 1) "accept extra routed traffic rule" for the interface
|
||||||
// 2) "drop all rule" for the interface
|
// 2) "drop all rule" for the interface
|
||||||
require.Len(t, rules, 2, "expected 2 rules after deleteion")
|
require.Len(t, rules, 2, "expected 2 rules after deletion")
|
||||||
|
|
||||||
err = manager.Reset()
|
err = manager.Reset()
|
||||||
require.NoError(t, err, "failed to reset")
|
require.NoError(t, err, "failed to reset")
|
||||||
|
@ -188,7 +188,7 @@ func (m *Manager) DropIncoming(packetData []byte) bool {
|
|||||||
return m.dropFilter(packetData, m.incomingRules, true)
|
return m.dropFilter(packetData, m.incomingRules, true)
|
||||||
}
|
}
|
||||||
|
|
||||||
// dropFilter imlements same logic for booth direction of the traffic
|
// dropFilter implements same logic for booth direction of the traffic
|
||||||
func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isIncomingPacket bool) bool {
|
func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isIncomingPacket bool) bool {
|
||||||
m.mutex.RLock()
|
m.mutex.RLock()
|
||||||
defer m.mutex.RUnlock()
|
defer m.mutex.RUnlock()
|
||||||
|
@ -53,7 +53,7 @@ func newDefaultManager(fm firewall.Manager) *DefaultManager {
|
|||||||
|
|
||||||
// ApplyFiltering firewall rules to the local firewall manager processed by ACL policy.
|
// ApplyFiltering firewall rules to the local firewall manager processed by ACL policy.
|
||||||
//
|
//
|
||||||
// If allowByDefault is ture it appends allow ALL traffic rules to input and output chains.
|
// If allowByDefault is true it appends allow ALL traffic rules to input and output chains.
|
||||||
func (d *DefaultManager) ApplyFiltering(networkMap *mgmProto.NetworkMap) {
|
func (d *DefaultManager) ApplyFiltering(networkMap *mgmProto.NetworkMap) {
|
||||||
d.mutex.Lock()
|
d.mutex.Lock()
|
||||||
defer d.mutex.Unlock()
|
defer d.mutex.Unlock()
|
||||||
@ -366,7 +366,7 @@ func (d *DefaultManager) squashAcceptRules(
|
|||||||
protocols[r.Protocol] = map[string]int{}
|
protocols[r.Protocol] = map[string]int{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// special case, when we recieve this all network IP address
|
// special case, when we receive this all network IP address
|
||||||
// it means that rules for that protocol was already optimized on the
|
// it means that rules for that protocol was already optimized on the
|
||||||
// management side
|
// management side
|
||||||
if r.PeerIP == "0.0.0.0" {
|
if r.PeerIP == "0.0.0.0" {
|
||||||
@ -393,7 +393,7 @@ func (d *DefaultManager) squashAcceptRules(
|
|||||||
}
|
}
|
||||||
|
|
||||||
// order of squashing by protocol is important
|
// order of squashing by protocol is important
|
||||||
// only for ther first element ALL, it must be done first
|
// only for their first element ALL, it must be done first
|
||||||
protocolOrders := []mgmProto.FirewallRuleProtocol{
|
protocolOrders := []mgmProto.FirewallRuleProtocol{
|
||||||
mgmProto.FirewallRule_ALL,
|
mgmProto.FirewallRule_ALL,
|
||||||
mgmProto.FirewallRule_ICMP,
|
mgmProto.FirewallRule_ICMP,
|
||||||
|
@ -99,7 +99,7 @@ func runClient(ctx context.Context, config *Config, statusRecorder *peer.Status,
|
|||||||
cancel()
|
cancel()
|
||||||
}()
|
}()
|
||||||
|
|
||||||
log.Debugf("conecting to the Management service %s", config.ManagementURL.Host)
|
log.Debugf("connecting to the Management service %s", config.ManagementURL.Host)
|
||||||
mgmClient, err := mgm.NewClient(engineCtx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
|
mgmClient, err := mgm.NewClient(engineCtx, config.ManagementURL.Host, myPrivateKey, mgmTlsEnabled)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return wrapErr(gstatus.Errorf(codes.FailedPrecondition, "failed connecting to Management Service : %s", err))
|
return wrapErr(gstatus.Errorf(codes.FailedPrecondition, "failed connecting to Management Service : %s", err))
|
||||||
|
@ -69,7 +69,7 @@ func (f *fileConfigurator) applyDNSConfig(config hostDNSConfig) error {
|
|||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
// todo improve this and maybe restart DNS manager from scratch
|
// todo improve this and maybe restart DNS manager from scratch
|
||||||
return fmt.Errorf("something happened and file manager is not your prefered host dns configurator, restart the agent")
|
return fmt.Errorf("something happened and file manager is not your preferred host dns configurator, restart the agent")
|
||||||
}
|
}
|
||||||
|
|
||||||
var searchDomains string
|
var searchDomains string
|
||||||
|
@ -89,7 +89,7 @@ func (r *resolvconf) applyConfig(content string) error {
|
|||||||
cmd.Stdin = strings.NewReader(content)
|
cmd.Stdin = strings.NewReader(content)
|
||||||
_, err := cmd.Output()
|
_, err := cmd.Output()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("got an error while appying resolvconf configuration for %s interface, error: %s", r.ifaceName, err)
|
return fmt.Errorf("got an error while applying resolvconf configuration for %s interface, error: %s", r.ifaceName, err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -288,7 +288,7 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
|
|||||||
handler := newUpstreamResolver(s.ctx)
|
handler := newUpstreamResolver(s.ctx)
|
||||||
for _, ns := range nsGroup.NameServers {
|
for _, ns := range nsGroup.NameServers {
|
||||||
if ns.NSType != nbdns.UDPNameServerType {
|
if ns.NSType != nbdns.UDPNameServerType {
|
||||||
log.Warnf("skiping nameserver %s with type %s, this peer supports only %s",
|
log.Warnf("skipping nameserver %s with type %s, this peer supports only %s",
|
||||||
ns.IP.String(), ns.NSType.String(), nbdns.UDPNameServerType.String())
|
ns.IP.String(), ns.NSType.String(), nbdns.UDPNameServerType.String())
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
@ -306,7 +306,7 @@ func (s *DefaultServer) buildUpstreamHandlerUpdate(nameServerGroups []*nbdns.Nam
|
|||||||
// reapply DNS settings, but it not touch the original configuration and serial number
|
// reapply DNS settings, but it not touch the original configuration and serial number
|
||||||
// because it is temporal deactivation until next try
|
// because it is temporal deactivation until next try
|
||||||
//
|
//
|
||||||
// after some period defined by upstream it trys to reactivate self by calling this hook
|
// after some period defined by upstream it tries to reactivate self by calling this hook
|
||||||
// everything we need here is just to re-apply current configuration because it already
|
// everything we need here is just to re-apply current configuration because it already
|
||||||
// contains this upstream settings (temporal deactivation not removed it)
|
// contains this upstream settings (temporal deactivation not removed it)
|
||||||
handler.deactivate, handler.reactivate = s.upstreamCallbacks(nsGroup, handler)
|
handler.deactivate, handler.reactivate = s.upstreamCallbacks(nsGroup, handler)
|
||||||
|
@ -19,6 +19,6 @@ func TestGetServerDns(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if srvB != srv {
|
if srvB != srv {
|
||||||
t.Errorf("missmatch dns instances")
|
t.Errorf("mismatch dns instances")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -53,7 +53,7 @@ func newUpstreamResolver(parentCTX context.Context) *upstreamResolver {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (u *upstreamResolver) stop() {
|
func (u *upstreamResolver) stop() {
|
||||||
log.Debugf("stoping serving DNS for upstreams %s", u.upstreamServers)
|
log.Debugf("stopping serving DNS for upstreams %s", u.upstreamServers)
|
||||||
u.cancel()
|
u.cancel()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -155,7 +155,7 @@ func (m *DefaultManager) classifiesRoutes(newRoutes []*route.Route) (map[string]
|
|||||||
// if prefix is too small, lets assume is a possible default route which is not yet supported
|
// if prefix is too small, lets assume is a possible default route which is not yet supported
|
||||||
// we skip this route management
|
// we skip this route management
|
||||||
if newRoute.Network.Bits() < 7 {
|
if newRoute.Network.Bits() < 7 {
|
||||||
log.Errorf("this agent version: %s, doesn't support default routes, received %s, skiping this route",
|
log.Errorf("this agent version: %s, doesn't support default routes, received %s, skipping this route",
|
||||||
version.NetbirdVersion(), newRoute.Network)
|
version.NetbirdVersion(), newRoute.Network)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -487,7 +487,7 @@ func (n *nftablesManager) RemoveRoutingRules(pair routerPair) error {
|
|||||||
if len(n.rules) == 2 && n.defaultForwardRules[0] != nil {
|
if len(n.rules) == 2 && n.defaultForwardRules[0] != nil {
|
||||||
err := n.eraseDefaultForwardRule()
|
err := n.eraseDefaultForwardRule()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("failed to delte default fwd rule: %s", err)
|
log.Errorf("failed to delete default fwd rule: %s", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ func Decrypt(encryptedMsg []byte, peerPublicKey wgtypes.Key, privateKey wgtypes.
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if len(encryptedMsg) < nonceSize {
|
if len(encryptedMsg) < nonceSize {
|
||||||
return nil, fmt.Errorf("invalid encrypted message lenght")
|
return nil, fmt.Errorf("invalid encrypted message length")
|
||||||
}
|
}
|
||||||
copy(nonce[:], encryptedMsg[:nonceSize])
|
copy(nonce[:], encryptedMsg[:nonceSize])
|
||||||
opened, ok := box.Open(nil, encryptedMsg[nonceSize:], nonce, toByte32(peerPublicKey), toByte32(privateKey))
|
opened, ok := box.Open(nil, encryptedMsg[nonceSize:], nonce, toByte32(peerPublicKey), toByte32(privateKey))
|
||||||
|
@ -282,7 +282,7 @@ func (a *xorMapped) closeWaiters() {
|
|||||||
// just exit
|
// just exit
|
||||||
break
|
break
|
||||||
default:
|
default:
|
||||||
// notify tha twe have a new addr
|
// notify that twe have a new addr
|
||||||
close(a.waitAddrReceived)
|
close(a.waitAddrReceived)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -59,7 +59,7 @@ func TestDeviceWrapperRead(t *testing.T) {
|
|||||||
|
|
||||||
n, err := wrapped.Read(bufs, sizes, offset)
|
n, err := wrapped.Read(bufs, sizes, offset)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("unexpeted error: %v", err)
|
t.Errorf("unexpected error: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if n != 1 {
|
if n != 1 {
|
||||||
@ -105,7 +105,7 @@ func TestDeviceWrapperRead(t *testing.T) {
|
|||||||
|
|
||||||
n, err := wrapped.Write(bufs, 0)
|
n, err := wrapped.Write(bufs, 0)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("unexpeted error: %v", err)
|
t.Errorf("unexpected error: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if n != 1 {
|
if n != 1 {
|
||||||
@ -154,7 +154,7 @@ func TestDeviceWrapperRead(t *testing.T) {
|
|||||||
|
|
||||||
n, err := wrapped.Write(bufs, 0)
|
n, err := wrapped.Write(bufs, 0)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("unexpeted error: %v", err)
|
t.Errorf("unexpected error: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if n != 0 {
|
if n != 0 {
|
||||||
@ -211,7 +211,7 @@ func TestDeviceWrapperRead(t *testing.T) {
|
|||||||
|
|
||||||
n, err := wrapped.Read(bufs, sizes, offset)
|
n, err := wrapped.Read(bufs, sizes, offset)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("unexpeted error: %v", err)
|
t.Errorf("unexpected error: %v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if n != 0 {
|
if n != 0 {
|
||||||
|
@ -13,7 +13,7 @@ import (
|
|||||||
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
|
||||||
)
|
)
|
||||||
|
|
||||||
// keep darwin compability
|
// keep darwin compatibility
|
||||||
const (
|
const (
|
||||||
WgIntNumber = 2000
|
WgIntNumber = 2000
|
||||||
)
|
)
|
||||||
|
@ -110,7 +110,7 @@ func canCreateFakeWireGuardInterface() bool {
|
|||||||
// We willingly try to create a device with an invalid
|
// We willingly try to create a device with an invalid
|
||||||
// MTU here as the validation of the MTU will be performed after
|
// MTU here as the validation of the MTU will be performed after
|
||||||
// the validation of the link kind and hence allows us to check
|
// the validation of the link kind and hence allows us to check
|
||||||
// for the existance of the wireguard module without actually
|
// for the existence of the wireguard module without actually
|
||||||
// creating a link.
|
// creating a link.
|
||||||
//
|
//
|
||||||
// As a side-effect, this will also let the kernel lazy-load
|
// As a side-effect, this will also let the kernel lazy-load
|
||||||
@ -271,12 +271,12 @@ func moduleStatus(name string) (status, error) {
|
|||||||
func loadModuleWithDependencies(name, path string) error {
|
func loadModuleWithDependencies(name, path string) error {
|
||||||
deps, err := getModuleDependencies(name)
|
deps, err := getModuleDependencies(name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("couldn't load list of module %s dependecies", name)
|
return fmt.Errorf("couldn't load list of module %s dependencies", name)
|
||||||
}
|
}
|
||||||
for _, dep := range deps {
|
for _, dep := range deps {
|
||||||
err = loadModule(dep.name, dep.path)
|
err = loadModule(dep.name, dep.path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("couldn't load dependecy module %s for %s", dep.name, name)
|
return fmt.Errorf("couldn't load dependency module %s for %s", dep.name, name)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return loadModule(name, path)
|
return loadModule(name, path)
|
||||||
|
@ -20,7 +20,7 @@ func (c *tunDevice) Create() error {
|
|||||||
func (c *tunDevice) assignAddr() error {
|
func (c *tunDevice) assignAddr() error {
|
||||||
cmd := exec.Command("ifconfig", c.name, "inet", c.address.IP.String(), c.address.IP.String())
|
cmd := exec.Command("ifconfig", c.name, "inet", c.address.IP.String(), c.address.IP.String())
|
||||||
if out, err := cmd.CombinedOutput(); err != nil {
|
if out, err := cmd.CombinedOutput(); err != nil {
|
||||||
log.Infof(`adding addreess command "%v" failed with output %s and error: `, cmd.String(), out)
|
log.Infof(`adding address command "%v" failed with output %s and error: `, cmd.String(), out)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -6,10 +6,10 @@
|
|||||||
NETBIRD_MGMT_API_PORT=${NETBIRD_MGMT_API_PORT:-33073}
|
NETBIRD_MGMT_API_PORT=${NETBIRD_MGMT_API_PORT:-33073}
|
||||||
# Management API endpoint address, used by the Dashboard
|
# Management API endpoint address, used by the Dashboard
|
||||||
NETBIRD_MGMT_API_ENDPOINT=https://$NETBIRD_DOMAIN:$NETBIRD_MGMT_API_PORT
|
NETBIRD_MGMT_API_ENDPOINT=https://$NETBIRD_DOMAIN:$NETBIRD_MGMT_API_PORT
|
||||||
# Management Certficate file path. These are generated by the Dashboard container
|
# Management Certificate file path. These are generated by the Dashboard container
|
||||||
NETBIRD_LETSENCRYPT_DOMAIN=$NETBIRD_DOMAIN
|
NETBIRD_LETSENCRYPT_DOMAIN=$NETBIRD_DOMAIN
|
||||||
NETBIRD_MGMT_API_CERT_FILE="/etc/letsencrypt/live/$NETBIRD_LETSENCRYPT_DOMAIN/fullchain.pem"
|
NETBIRD_MGMT_API_CERT_FILE="/etc/letsencrypt/live/$NETBIRD_LETSENCRYPT_DOMAIN/fullchain.pem"
|
||||||
# Management Certficate key file path.
|
# Management Certificate key file path.
|
||||||
NETBIRD_MGMT_API_CERT_KEY_FILE="/etc/letsencrypt/live/$NETBIRD_LETSENCRYPT_DOMAIN/privkey.pem"
|
NETBIRD_MGMT_API_CERT_KEY_FILE="/etc/letsencrypt/live/$NETBIRD_LETSENCRYPT_DOMAIN/privkey.pem"
|
||||||
# By default Management single account mode is enabled and domain set to $NETBIRD_DOMAIN, you may want to set this to your user's email domain
|
# By default Management single account mode is enabled and domain set to $NETBIRD_DOMAIN, you may want to set this to your user's email domain
|
||||||
NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN=$NETBIRD_DOMAIN
|
NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN=$NETBIRD_DOMAIN
|
||||||
|
@ -125,7 +125,7 @@ if [[ "$NETBIRD_DISABLE_LETSENCRYPT" == "true" ]]; then
|
|||||||
echo "- $NETBIRD_SIGNAL_ENDPOINT/signalexchange.SignalExchange/ -grpc-> signal:80"
|
echo "- $NETBIRD_SIGNAL_ENDPOINT/signalexchange.SignalExchange/ -grpc-> signal:80"
|
||||||
echo "You most likely also have to change NETBIRD_MGMT_API_ENDPOINT in base.setup.env and port-mappings in docker-compose.yml.tmpl and rerun this script."
|
echo "You most likely also have to change NETBIRD_MGMT_API_ENDPOINT in base.setup.env and port-mappings in docker-compose.yml.tmpl and rerun this script."
|
||||||
echo " The target of the forwards depends on your setup. Beware of the gRPC protocol instead of http for management and signal!"
|
echo " The target of the forwards depends on your setup. Beware of the gRPC protocol instead of http for management and signal!"
|
||||||
echo "You are also free to remove any occurences of the Letsencrypt-volume $LETSENCRYPT_VOLUMENAME"
|
echo "You are also free to remove any occurrences of the Letsencrypt-volume $LETSENCRYPT_VOLUMENAME"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
export NETBIRD_SIGNAL_PROTOCOL="https"
|
export NETBIRD_SIGNAL_PROTOCOL="https"
|
||||||
|
@ -696,7 +696,7 @@ no-cli
|
|||||||
#web-admin-port=8080
|
#web-admin-port=8080
|
||||||
|
|
||||||
# Web-admin server listen on STUN/TURN worker threads
|
# Web-admin server listen on STUN/TURN worker threads
|
||||||
# By default it is disabled for security resons! (Not recommended in any production environment!)
|
# By default it is disabled for security reasons! (Not recommended in any production environment!)
|
||||||
#
|
#
|
||||||
#web-admin-listen-on-workers
|
#web-admin-listen-on-workers
|
||||||
|
|
||||||
|
@ -101,7 +101,7 @@ var (
|
|||||||
|
|
||||||
_, valid := dns.IsDomainName(dnsDomain)
|
_, valid := dns.IsDomainName(dnsDomain)
|
||||||
if !valid || len(dnsDomain) > 192 {
|
if !valid || len(dnsDomain) > 192 {
|
||||||
return fmt.Errorf("failed parsing the provided dns-domain. Valid status: %t, Lenght: %d", valid, len(dnsDomain))
|
return fmt.Errorf("failed parsing the provided dns-domain. Valid status: %t, Length: %d", valid, len(dnsDomain))
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -61,7 +61,7 @@ func init() {
|
|||||||
mgmtCmd.Flags().StringVar(&certFile, "cert-file", "", "Location of your SSL certificate. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
|
mgmtCmd.Flags().StringVar(&certFile, "cert-file", "", "Location of your SSL certificate. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
|
||||||
mgmtCmd.Flags().StringVar(&certKey, "cert-key", "", "Location of your SSL certificate private key. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
|
mgmtCmd.Flags().StringVar(&certKey, "cert-key", "", "Location of your SSL certificate private key. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect")
|
||||||
mgmtCmd.Flags().BoolVar(&disableMetrics, "disable-anonymous-metrics", false, "disables push of anonymous usage metrics to NetBird")
|
mgmtCmd.Flags().BoolVar(&disableMetrics, "disable-anonymous-metrics", false, "disables push of anonymous usage metrics to NetBird")
|
||||||
mgmtCmd.Flags().StringVar(&dnsDomain, "dns-domain", defaultSingleAccModeDomain, fmt.Sprintf("Domain used for peer resolution. This is appended to the peer's name, e.g. pi-server. %s. Max lenght is 192 characters to allow appending to a peer name with up to 63 characters.", defaultSingleAccModeDomain))
|
mgmtCmd.Flags().StringVar(&dnsDomain, "dns-domain", defaultSingleAccModeDomain, fmt.Sprintf("Domain used for peer resolution. This is appended to the peer's name, e.g. pi-server. %s. Max length is 192 characters to allow appending to a peer name with up to 63 characters.", defaultSingleAccModeDomain))
|
||||||
mgmtCmd.Flags().BoolVar(&idpSignKeyRefreshEnabled, "idp-sign-key-refresh-enabled", false, "Enable cache headers evaluation to determine signing key rotation period. This will refresh the signing key upon expiry.")
|
mgmtCmd.Flags().BoolVar(&idpSignKeyRefreshEnabled, "idp-sign-key-refresh-enabled", false, "Enable cache headers evaluation to determine signing key rotation period. This will refresh the signing key upon expiry.")
|
||||||
mgmtCmd.Flags().BoolVar(&userDeleteFromIDPEnabled, "user-delete-from-idp", false, "Allows to delete user from IDP when user is deleted from account")
|
mgmtCmd.Flags().BoolVar(&userDeleteFromIDPEnabled, "user-delete-from-idp", false, "Allows to delete user from IDP when user is deleted from account")
|
||||||
rootCmd.MarkFlagRequired("config") //nolint
|
rootCmd.MarkFlagRequired("config") //nolint
|
||||||
|
@ -1116,7 +1116,7 @@ func TestAccountManager_DeletePeer(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if account.Network.CurrentSerial() != 2 {
|
if account.Network.CurrentSerial() != 2 {
|
||||||
t.Errorf("expecting Network Serial=%d to be incremented and be equal to 2 after adding and deleteing a peer", account.Network.CurrentSerial())
|
t.Errorf("expecting Network Serial=%d to be incremented and be equal to 2 after adding and deleting a peer", account.Network.CurrentSerial())
|
||||||
}
|
}
|
||||||
|
|
||||||
ev := getEvent(t, account.Id, manager, activity.PeerRemovedByUser)
|
ev := getEvent(t, account.Id, manager, activity.PeerRemovedByUser)
|
||||||
|
@ -216,7 +216,7 @@ func addPeerLabelsToAccount(account *Account, peerLabels lookupMap) {
|
|||||||
log.Errorf("got an error while generating a peer host label. Peer name %s, error: %v. Trying with the peer's meta hostname", peer.Name, err)
|
log.Errorf("got an error while generating a peer host label. Peer name %s, error: %v. Trying with the peer's meta hostname", peer.Name, err)
|
||||||
label, err = getPeerHostLabel(peer.Meta.Hostname, peerLabels)
|
label, err = getPeerHostLabel(peer.Meta.Hostname, peerLabels)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("got another error while generating a peer host label with hostname. Peer hostname %s, error: %v. Skiping", peer.Meta.Hostname, err)
|
log.Errorf("got another error while generating a peer host label with hostname. Peer hostname %s, error: %v. Skipping", peer.Meta.Hostname, err)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -169,7 +169,7 @@ func (s *GRPCServer) Sync(req *proto.EncryptedMessage, srv proto.ManagementServi
|
|||||||
s.cancelPeerRoutines(peer)
|
s.cancelPeerRoutines(peer)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
log.Debugf("recevied an update for peer %s", peerKey.String())
|
log.Debugf("received an update for peer %s", peerKey.String())
|
||||||
|
|
||||||
encryptedResp, err := encryption.EncryptMessage(peerKey, s.wgKey, update.Update)
|
encryptedResp, err := encryption.EncryptMessage(peerKey, s.wgKey, update.Update)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -117,7 +117,7 @@ func TestAccounts_AccountsHandler(t *testing.T) {
|
|||||||
expectedID: accountID,
|
expectedID: accountID,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "PutAccount OK wiht JWT",
|
name: "PutAccount OK with JWT",
|
||||||
expectedBody: true,
|
expectedBody: true,
|
||||||
requestType: http.MethodPut,
|
requestType: http.MethodPut,
|
||||||
requestPath: "/api/accounts/" + accountID,
|
requestPath: "/api/accounts/" + accountID,
|
||||||
@ -134,7 +134,7 @@ func TestAccounts_AccountsHandler(t *testing.T) {
|
|||||||
expectedID: accountID,
|
expectedID: accountID,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "PutAccount OK wiht JWT Propagation",
|
name: "PutAccount OK with JWT Propagation",
|
||||||
expectedBody: true,
|
expectedBody: true,
|
||||||
requestType: http.MethodPut,
|
requestType: http.MethodPut,
|
||||||
requestPath: "/api/accounts/" + accountID,
|
requestPath: "/api/accounts/" + accountID,
|
||||||
|
@ -18,7 +18,7 @@ type ErrorResponse struct {
|
|||||||
Code int `json:"code"`
|
Code int `json:"code"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// WriteJSONObject simply writes object to the HTTP reponse in JSON format
|
// WriteJSONObject simply writes object to the HTTP response in JSON format
|
||||||
func WriteJSONObject(w http.ResponseWriter, obj interface{}) {
|
func WriteJSONObject(w http.ResponseWriter, obj interface{}) {
|
||||||
w.WriteHeader(http.StatusOK)
|
w.WriteHeader(http.StatusOK)
|
||||||
w.Header().Set("Content-Type", "application/json; charset=UTF-8")
|
w.Header().Set("Content-Type", "application/json; charset=UTF-8")
|
||||||
|
@ -731,7 +731,7 @@ func checkAuth(loginUserID string, peer *Peer) error {
|
|||||||
return status.Errorf(status.PermissionDenied, "peer login has expired, please log in once more")
|
return status.Errorf(status.PermissionDenied, "peer login has expired, please log in once more")
|
||||||
}
|
}
|
||||||
if peer.UserID != loginUserID {
|
if peer.UserID != loginUserID {
|
||||||
log.Warnf("user mismatch when loggin in peer %s: peer user %s, login user %s ", peer.ID, peer.UserID, loginUserID)
|
log.Warnf("user mismatch when logging in peer %s: peer user %s, login user %s ", peer.ID, peer.UserID, loginUserID)
|
||||||
return status.Errorf(status.Unauthenticated, "can't login")
|
return status.Errorf(status.Unauthenticated, "can't login")
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -43,7 +43,7 @@ const (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// PolicyRuleFlowDirect allows trafic from source to destination
|
// PolicyRuleFlowDirect allows traffic from source to destination
|
||||||
PolicyRuleFlowDirect = PolicyRuleDirection("direct")
|
PolicyRuleFlowDirect = PolicyRuleDirection("direct")
|
||||||
// PolicyRuleFlowBidirect allows traffic to both directions
|
// PolicyRuleFlowBidirect allows traffic to both directions
|
||||||
PolicyRuleFlowBidirect = PolicyRuleDirection("bidirect")
|
PolicyRuleFlowBidirect = PolicyRuleDirection("bidirect")
|
||||||
|
@ -111,8 +111,8 @@ func TestAccount_getPeersByPolicy(t *testing.T) {
|
|||||||
t.Run("check that all peers get map", func(t *testing.T) {
|
t.Run("check that all peers get map", func(t *testing.T) {
|
||||||
for _, p := range account.Peers {
|
for _, p := range account.Peers {
|
||||||
peers, firewallRules := account.getPeerConnectionResources(p.ID)
|
peers, firewallRules := account.getPeerConnectionResources(p.ID)
|
||||||
assert.GreaterOrEqual(t, len(peers), 2, "mininum number peers should present")
|
assert.GreaterOrEqual(t, len(peers), 2, "minimum number peers should present")
|
||||||
assert.GreaterOrEqual(t, len(firewallRules), 2, "mininum number of firewall rules should present")
|
assert.GreaterOrEqual(t, len(firewallRules), 2, "minimum number of firewall rules should present")
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -719,7 +719,7 @@ func (am *DefaultAccountManager) SaveUser(accountID, initiatorUserID string, upd
|
|||||||
|
|
||||||
if update.AutoGroups != nil && account.Settings.GroupsPropagationEnabled {
|
if update.AutoGroups != nil && account.Settings.GroupsPropagationEnabled {
|
||||||
removedGroups := difference(oldUser.AutoGroups, update.AutoGroups)
|
removedGroups := difference(oldUser.AutoGroups, update.AutoGroups)
|
||||||
// need force update all auto groups in any case they will not be dublicated
|
// need force update all auto groups in any case they will not be duplicated
|
||||||
account.UserGroupsAddToPeers(oldUser.Id, update.AutoGroups...)
|
account.UserGroupsAddToPeers(oldUser.Id, update.AutoGroups...)
|
||||||
account.UserGroupsRemoveFromPeers(oldUser.Id, removedGroups...)
|
account.UserGroupsRemoveFromPeers(oldUser.Id, removedGroups...)
|
||||||
|
|
||||||
|
@ -360,7 +360,7 @@ if type uname >/dev/null 2>&1; then
|
|||||||
echo "NetBird UI installation will be omitted as $ARCH is not a compatible architecture"
|
echo "NetBird UI installation will be omitted as $ARCH is not a compatible architecture"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Allow netbird UI installation for linux running desktop enviroment
|
# Allow netbird UI installation for linux running desktop environment
|
||||||
if [ -z "$XDG_CURRENT_DESKTOP" ];then
|
if [ -z "$XDG_CURRENT_DESKTOP" ];then
|
||||||
SKIP_UI_APP=true
|
SKIP_UI_APP=true
|
||||||
echo "NetBird UI installation will be omitted as Linux does not run desktop environment"
|
echo "NetBird UI installation will be omitted as Linux does not run desktop environment"
|
||||||
|
@ -82,7 +82,7 @@ func TestDaemonUpdate(t *testing.T) {
|
|||||||
|
|
||||||
waitTimeout(wg)
|
waitTimeout(wg)
|
||||||
if onUpdate != true {
|
if onUpdate != true {
|
||||||
t.Errorf("invalid dameon version check")
|
t.Errorf("invalid daemon version check")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user