mirror of
https://github.com/netbirdio/netbird.git
synced 2024-11-21 23:53:14 +01:00
ed075bc9b9
* Refactor: Configurable supported scopes Previously, supported scopes were hardcoded and limited to Auth0 and Keycloak. This update removes the default set of values, providing flexibility. The value to be set for each Identity Provider (IDP) is specified in their respective documentation. * correct var * correct var * skip fetching scopes from openid-configuration
62 lines
2.8 KiB
Plaintext
62 lines
2.8 KiB
Plaintext
## example file, you can copy this file to setup.env and update its values
|
|
##
|
|
# Dashboard domain. e.g. app.mydomain.com
|
|
NETBIRD_DOMAIN=""
|
|
|
|
# -------------------------------------------
|
|
# OIDC
|
|
# e.g., https://example.eu.auth0.com/.well-known/openid-configuration
|
|
# -------------------------------------------
|
|
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT=""
|
|
NETBIRD_AUTH_AUDIENCE=""
|
|
# e.g. netbird-client
|
|
NETBIRD_AUTH_CLIENT_ID=""
|
|
# indicates the scopes that will be requested to the IDP
|
|
NETBIRD_AUTH_SUPPORTED_SCOPES=""
|
|
# NETBIRD_AUTH_CLIENT_SECRET is required only by Google workspace.
|
|
# NETBIRD_AUTH_CLIENT_SECRET=""
|
|
# if you want to use a custom claim for the user ID instead of 'sub', set it here
|
|
# NETBIRD_AUTH_USER_ID_CLAIM=""
|
|
# indicates whether to use Auth0 or not: true or false
|
|
NETBIRD_USE_AUTH0="false"
|
|
# if your IDP provider doesn't support fragmented URIs, configure custom
|
|
# redirect and silent redirect URIs, these will be concatenated into your NETBIRD_DOMAIN domain.
|
|
# NETBIRD_AUTH_REDIRECT_URI="/peers"
|
|
# NETBIRD_AUTH_SILENT_REDIRECT_URI="/add-peers"
|
|
# Updates the preference to use id tokens instead of access token on dashboard
|
|
# Okta and Gitlab IDPs can benefit from this
|
|
# NETBIRD_TOKEN_SOURCE="idToken"
|
|
# -------------------------------------------
|
|
# OIDC Device Authorization Flow
|
|
# -------------------------------------------
|
|
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
|
|
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=""
|
|
# Some IDPs requires different audience, scopes and to use id token for device authorization flow
|
|
# you can customize here:
|
|
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
|
|
NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid"
|
|
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false
|
|
# -------------------------------------------
|
|
# IDP Management
|
|
# -------------------------------------------
|
|
# eg. zitadel, auth0, azure, keycloak
|
|
NETBIRD_MGMT_IDP="none"
|
|
# Some IDPs requires different client id and client secret for management api
|
|
NETBIRD_IDP_MGMT_CLIENT_ID=$NETBIRD_AUTH_CLIENT_ID
|
|
NETBIRD_IDP_MGMT_CLIENT_SECRET=""
|
|
# NETBIRD_IDP_MGMT_EXTRA_ variables. See https://docs.netbird.io/selfhosted/identity-providers for more information about your IDP of choice.
|
|
# -------------------------------------------
|
|
# Letsencrypt
|
|
# -------------------------------------------
|
|
# Disable letsencrypt
|
|
# if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
|
|
NETBIRD_DISABLE_LETSENCRYPT=false
|
|
# e.g. hello@mydomain.com
|
|
NETBIRD_LETSENCRYPT_EMAIL=""
|
|
# -------------------------------------------
|
|
# Extra settings
|
|
# -------------------------------------------
|
|
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
|
|
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
|
|
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
|
|
NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhosted |