mirror of
https://github.com/netbirdio/netbird.git
synced 2024-11-27 18:43:17 +01:00
0c039274a4
This update adds new relay integration for NetBird clients. The new relay is based on web sockets and listens on a single port. - Adds new relay implementation with websocket with single port relaying mechanism - refactor peer connection logic, allowing upgrade and downgrade from/to P2P connection - peer connections are faster since it connects first to relay and then upgrades to P2P - maintains compatibility with old clients by not using the new relay - updates infrastructure scripts with new relay service
101 lines
3.5 KiB
Cheetah
101 lines
3.5 KiB
Cheetah
{
|
|
"Stuns": [
|
|
{
|
|
"Proto": "udp",
|
|
"URI": "stun:$TURN_DOMAIN:3478",
|
|
"Username": "",
|
|
"Password": null
|
|
}
|
|
],
|
|
"TURNConfig": {
|
|
"Turns": [
|
|
{
|
|
"Proto": "udp",
|
|
"URI": "turn:$TURN_DOMAIN:3478",
|
|
"Username": "$TURN_USER",
|
|
"Password": "$TURN_PASSWORD"
|
|
}
|
|
],
|
|
"CredentialsTTL": "12h",
|
|
"Secret": "secret",
|
|
"TimeBasedCredentials": false
|
|
},
|
|
"Relay": {
|
|
"Addresses": ["rel://$NETBIRD_RELAY_DOMAIN:$NETBIRD_RELAY_PORT"],
|
|
"CredentialsTTL": "24h",
|
|
"Secret": "$NETBIRD_RELAY_AUTH_SECRET"
|
|
},
|
|
"Signal": {
|
|
"Proto": "$NETBIRD_SIGNAL_PROTOCOL",
|
|
"URI": "$NETBIRD_DOMAIN:$NETBIRD_SIGNAL_PORT",
|
|
"Username": "",
|
|
"Password": null
|
|
},
|
|
"ReverseProxy": {
|
|
"TrustedHTTPProxies": [],
|
|
"TrustedHTTPProxiesCount": 0,
|
|
"TrustedPeers": [
|
|
"0.0.0.0/0"
|
|
]
|
|
},
|
|
"Datadir": "",
|
|
"DataStoreEncryptionKey": "$NETBIRD_DATASTORE_ENC_KEY",
|
|
"StoreConfig": {
|
|
"Engine": "$NETBIRD_STORE_CONFIG_ENGINE"
|
|
},
|
|
"HttpConfig": {
|
|
"Address": "0.0.0.0:$NETBIRD_MGMT_API_PORT",
|
|
"AuthIssuer": "$NETBIRD_AUTH_AUTHORITY",
|
|
"AuthAudience": "$NETBIRD_AUTH_AUDIENCE",
|
|
"AuthKeysLocation": "$NETBIRD_AUTH_JWT_CERTS",
|
|
"AuthUserIDClaim": "$NETBIRD_AUTH_USER_ID_CLAIM",
|
|
"CertFile":"$NETBIRD_MGMT_API_CERT_FILE",
|
|
"CertKey":"$NETBIRD_MGMT_API_CERT_KEY_FILE",
|
|
"IdpSignKeyRefreshEnabled": $NETBIRD_MGMT_IDP_SIGNKEY_REFRESH,
|
|
"OIDCConfigEndpoint":"$NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT"
|
|
},
|
|
"IdpManagerConfig": {
|
|
"ManagerType": "$NETBIRD_MGMT_IDP",
|
|
"ClientConfig": {
|
|
"Issuer": "$NETBIRD_AUTH_AUTHORITY",
|
|
"TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT",
|
|
"ClientID": "$NETBIRD_IDP_MGMT_CLIENT_ID",
|
|
"ClientSecret": "$NETBIRD_IDP_MGMT_CLIENT_SECRET",
|
|
"GrantType": "client_credentials"
|
|
},
|
|
"ExtraConfig": $NETBIRD_IDP_MGMT_EXTRA_CONFIG,
|
|
"Auth0ClientCredentials": null,
|
|
"AzureClientCredentials": null,
|
|
"KeycloakClientCredentials": null,
|
|
"ZitadelClientCredentials": null
|
|
},
|
|
"DeviceAuthorizationFlow": {
|
|
"Provider": "$NETBIRD_AUTH_DEVICE_AUTH_PROVIDER",
|
|
"ProviderConfig": {
|
|
"Audience": "$NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE",
|
|
"AuthorizationEndpoint": "",
|
|
"Domain": "$NETBIRD_AUTH0_DOMAIN",
|
|
"ClientID": "$NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID",
|
|
"ClientSecret": "",
|
|
"TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT",
|
|
"DeviceAuthEndpoint": "$NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT",
|
|
"Scope": "$NETBIRD_AUTH_DEVICE_AUTH_SCOPE",
|
|
"UseIDToken": $NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN,
|
|
"RedirectURLs": null
|
|
}
|
|
},
|
|
"PKCEAuthorizationFlow": {
|
|
"ProviderConfig": {
|
|
"Audience": "$NETBIRD_AUTH_PKCE_AUDIENCE",
|
|
"ClientID": "$NETBIRD_AUTH_CLIENT_ID",
|
|
"ClientSecret": "$NETBIRD_AUTH_CLIENT_SECRET",
|
|
"Domain": "",
|
|
"AuthorizationEndpoint": "$NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT",
|
|
"TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT",
|
|
"Scope": "$NETBIRD_AUTH_SUPPORTED_SCOPES",
|
|
"RedirectURLs": [$NETBIRD_AUTH_PKCE_REDIRECT_URLS],
|
|
"UseIDToken": $NETBIRD_AUTH_PKCE_USE_ID_TOKEN
|
|
}
|
|
}
|
|
}
|