mirror of
https://github.com/netbirdio/netbird.git
synced 2025-04-11 13:08:51 +02:00
966661fe91
This PR is a part of an effort to use standard ports (443 or 80) that are usually allowed by default in most of the environments. Right now Management Service runs the Let'sEncrypt manager on port 443, HTTP API server on port 33071, and a gRPC server on port 33073. There are three separate listeners. This PR combines these listeners into one. With this change, the HTTP and gRPC server runs on either 443 with TLS or 80 without TLS by default (no --port specified). Let's Encrypt manager always runs on port 443 if enabled. The backward compatibility server runs on port 33073 (with TLS or without). HTTP port 33071 is obsolete and not used anymore. Newly installed agents will connect to port 443 by default instead of port 33073 if not specified otherwise.
94 lines
2.4 KiB
Go
94 lines
2.4 KiB
Go
package server
|
|
|
|
import (
|
|
"net/url"
|
|
|
|
"github.com/netbirdio/netbird/management/server/idp"
|
|
"github.com/netbirdio/netbird/util"
|
|
)
|
|
|
|
type Protocol string
|
|
type Provider string
|
|
|
|
const (
|
|
UDP Protocol = "udp"
|
|
DTLS Protocol = "dtls"
|
|
TCP Protocol = "tcp"
|
|
HTTP Protocol = "http"
|
|
HTTPS Protocol = "https"
|
|
AUTH0 Provider = "auth0"
|
|
)
|
|
|
|
// Config of the Management service
|
|
type Config struct {
|
|
Stuns []*Host
|
|
TURNConfig *TURNConfig
|
|
Signal *Host
|
|
|
|
Datadir string
|
|
|
|
HttpConfig *HttpServerConfig
|
|
|
|
IdpManagerConfig *idp.Config
|
|
|
|
DeviceAuthorizationFlow *DeviceAuthorizationFlow
|
|
}
|
|
|
|
// TURNConfig is a config of the TURNCredentialsManager
|
|
type TURNConfig struct {
|
|
TimeBasedCredentials bool
|
|
CredentialsTTL util.Duration
|
|
Secret string
|
|
Turns []*Host
|
|
}
|
|
|
|
// HttpServerConfig is a config of the HTTP Management service server
|
|
type HttpServerConfig struct {
|
|
LetsEncryptDomain string
|
|
//CertFile is the location of the certificate
|
|
CertFile string
|
|
//CertKey is the location of the certificate private key
|
|
CertKey string
|
|
// AuthAudience identifies the recipients that the JWT is intended for (aud in JWT)
|
|
AuthAudience string
|
|
// AuthIssuer identifies principal that issued the JWT.
|
|
AuthIssuer string
|
|
// AuthKeysLocation is a location of JWT key set containing the public keys used to verify JWT
|
|
AuthKeysLocation string
|
|
}
|
|
|
|
// Host represents a Wiretrustee host (e.g. STUN, TURN, Signal)
|
|
type Host struct {
|
|
Proto Protocol
|
|
// URI e.g. turns://stun.wiretrustee.com:4430 or signal.wiretrustee.com:10000
|
|
URI string
|
|
Username string
|
|
Password string
|
|
}
|
|
|
|
// DeviceAuthorizationFlow represents Device Authorization Flow information
|
|
// that can be used by the client to login initiate a Oauth 2.0 device authorization grant flow
|
|
// see https://datatracker.ietf.org/doc/html/rfc8628
|
|
type DeviceAuthorizationFlow struct {
|
|
Provider string
|
|
ProviderConfig ProviderConfig
|
|
}
|
|
|
|
// ProviderConfig has all attributes needed to initiate a device authorization flow
|
|
type ProviderConfig struct {
|
|
// ClientID An IDP application client id
|
|
ClientID string
|
|
// ClientSecret An IDP application client secret
|
|
ClientSecret string
|
|
// Domain An IDP API domain
|
|
Domain string
|
|
// Audience An Audience for to authorization validation
|
|
Audience string
|
|
}
|
|
|
|
// validateURL validates input http url
|
|
func validateURL(httpURL string) bool {
|
|
_, err := url.ParseRequestURI(httpURL)
|
|
return err == nil
|
|
}
|