This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port.
- Adds new relay implementation with websocket with single port relaying mechanism
- refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection
- peer connections are faster since it connects first to relay and then upgrades to P2P
- maintains compatibility with old clients by not using the new relay
- updates infrastructure scripts with new relay service
Handles the case when users are running Coturn with peers in the same network, and these peers connect to the relay server via private IP addresses (e.g., Oracle cloud), which causes relay candidates to be allocated using private IP addresses. This causes issues with external peers who can't reach these private addresses.
Use the provided IP address with NETBIRD_TURN_EXTERNAL_IP or discover the address via https://jsonip.com API.
For quick-start guide with Zitadel, we only use the discover method with the external API
This PR aims to organize a little the files within `infrastructure_files` folder and adds some new ENV vars to the process.
1. It creates the `artifacts` folder within the `infrastructure_files` folder, the idea behind it is to split templates from artifacts created after running `./configure.sh`. It makes it easier to cp/rsync only `artifacts` content to the final server/destination.
2. Creates `NETBIRD_TURN_DOMAIN` and `TURN_DOMAIN` ENV vars. The idea behind it is to make it possible to split the management/signal server from TURN server. If `NETBIRD_TURN_DOMAIN` is not set, then, `TURN_DOMAIN` will be set as `NETBIRD_DOMAIN`.
3. Creates `*_TAG` ENVs for each component. The idea behind it is to give the users the choice to use `latest` tag as default or tie it to specific versions of each component in the stack.
Because we provide the option to regenerate the config files, the encryption key could be lost.
- The configure.sh read the existing key and write it back during the config generation
- Backup the previously generated config files before overwrite it
- Fix invalid json output in the Extras field
- Reduce the error logs in case if the encryption key is invalid
- Response in the events API with valid user info in any cases
- Add extra error handling to the configure.sh. I.e. handle the invalid OpenID urls
added intergration with JumpCloud User API. Use the steps in setup.md for configuration.
Additional changes:
- Enhance compatibility for providers that lack audience support in the Authorization Code Flow and the Authorization - - Code Flow with Proof Key for Code Exchange (PKCE) using NETBIRD_DASH_AUTH_USE_AUDIENCE=falseenv
- Verify tokens by utilizing the client ID when audience support is absent in providers
This adds a basic wxs file to build MSI installer
This file was created using docs
from https://wixtoolset.org/docs/schema/wxs/ and
examples from gsudo, qemu-shoggoth, and many others.
The main difference between this and the .exe installer
is that we don't use the netbird service command to install
the daemon
Enhance the user experience by enabling authentication to Netbird using Single Sign-On (SSO) with any Identity Provider (IDP) provider. Current client offers this capability through the Device Authorization Flow, however, is not widely supported by many IDPs, and even some that do support it do not provide a complete verification URL.
To address these challenges, this pull request enable Authorization Code Flow with Proof Key for Code Exchange (PKCE) for client logins, which is a more widely adopted and secure approach to facilitate SSO with various IDP providers.
* Refactor: Configurable supported scopes
Previously, supported scopes were hardcoded and limited to Auth0
and Keycloak. This update removes the default set of values,
providing flexibility. The value to be set for each Identity
Provider (IDP) is specified in their respective documentation.
* correct var
* correct var
* skip fetching scopes from openid-configuration
split setup.env with example and base
add setup.env to .gitignore to avoid overwrite from new versions
Added test workflow for docker-compose
and validated configure.sh generated variables
* rename wiretrustee-signal to netbird-signal
* Rename Signal repositories and source bin
* Adjust docker-compose with signal volume [skip ci]
Co-authored-by: mlsmaycon <mlsmaycon@gmail.com>
Rename documentation and goreleaser build names
Added a migration function for when the old path exists and the new one doesn't
updated the configure.sh to generate the docker-compose with a new path only
if no pre-existing volume with old name exists
* Updated self-hosted scripts and documentation
Added more variables to setup.env and
Updated the documentation.
We are now configuring turn server
with template as well.
* Updated self-hosted scripts and documentation
Added more variables to setup.env and
Updated the documentation.
We are now configuring turn server
with template as well.
* Updated self-hosted scripts and documentation
Added more variables to setup.env and
Updated the documentation.
We are now configuring turn server
with template as well.
* Updated self-hosted scripts and documentation
Added more variables to setup.env and
Updated the documentation.
We are now configuring turn server
with template as well.
