DYNR/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-03-31 06:24:18 -04:00
Code Issues Packages Projects Releases 10 Wiki Activity

[infra] add embedded STUN to getting started (#5141)

Browse Source
This commit is contained in:
Misha Bragin
2026-01-20 19:01:34 +01:00
committed by GitHub
parent 07e4a5a23c
commit e01998815e
1 changed files with 34 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
infrastructure_files/getting-started.sh
View File

@@ -82,16 +82,6 @@ read_nb_domain() {
return 0
}
get_turn_external_ip() {
TURN_EXTERNAL_IP_CONFIG="#external-ip="
IP=$(curl -s -4 https://jsonip.com | jq -r '.ip')
if [[ "x-$IP" != "x-" ]]; then
TURN_EXTERNAL_IP_CONFIG="external-ip=$IP"
fi
echo "$TURN_EXTERNAL_IP_CONFIG"
return 0
}
read_reverse_proxy_type() {
echo "" > /dev/stderr
echo "Which reverse proxy will you use?" > /dev/stderr
@@ -249,14 +239,17 @@ initialize_default_values() {
NETBIRD_PORT=80
NETBIRD_HTTP_PROTOCOL="http"
NETBIRD_RELAY_PROTO="rel"
TURN_USER="self"
TURN_PASSWORD=$(openssl rand -base64 32 | sed "$SED_STRIP_PADDING")
NETBIRD_RELAY_AUTH_SECRET=$(openssl rand -base64 32 | sed "$SED_STRIP_PADDING")
# Note: DataStoreEncryptionKey must keep base64 padding (=) for Go's base64.StdEncoding
DATASTORE_ENCRYPTION_KEY=$(openssl rand -base64 32)
TURN_MIN_PORT=49152
TURN_MAX_PORT=65535
TURN_EXTERNAL_IP_CONFIG=$(get_turn_external_ip)
NETBIRD_STUN_PORT=3478
# Docker images
CADDY_IMAGE="caddy"
DASHBOARD_IMAGE="netbirdio/dashboard:latest"
SIGNAL_IMAGE="netbirdio/signal:latest"
RELAY_IMAGE="netbirdio/relay:latest"
MANAGEMENT_IMAGE="netbirdio/management:latest"
# Reverse proxy configuration
REVERSE_PROXY_TYPE="0"
@@ -320,7 +313,7 @@ check_existing_installation() {
echo "Generated files already exist, if you want to reinitialize the environment, please remove them first."
echo "You can use the following commands:"
echo " $DOCKER_COMPOSE_COMMAND down --volumes # to remove all containers and volumes"
echo " rm -f docker-compose.yml Caddyfile dashboard.env turnserver.conf management.json relay.env nginx-netbird.conf caddyfile-netbird.txt npm-advanced-config.txt"
echo " rm -f docker-compose.yml Caddyfile dashboard.env management.json relay.env nginx-netbird.conf caddyfile-netbird.txt npm-advanced-config.txt"
echo "Be aware that this will remove all data from the database, and you will have to reconfigure the dashboard."
exit 1
fi
@@ -363,7 +356,6 @@ generate_configuration_files() {
# Common files for all configurations
render_dashboard_env > dashboard.env
render_management_json > management.json
render_turn_server_conf > turnserver.conf
render_relay_env > relay.env
return 0
}
@@ -487,34 +479,13 @@ EOF
return 0
}
render_turn_server_conf() {
cat <<EOF
listening-port=3478
$TURN_EXTERNAL_IP_CONFIG
tls-listening-port=5349
min-port=$TURN_MIN_PORT
max-port=$TURN_MAX_PORT
fingerprint
lt-cred-mech
user=$TURN_USER:$TURN_PASSWORD
realm=wiretrustee.com
cert=/etc/coturn/certs/cert.pem
pkey=/etc/coturn/private/privkey.pem
log-file=stdout
no-software-attribute
pidfile="/var/tmp/turnserver.pid"
no-cli
EOF
return 0
}
render_management_json() {
cat <<EOF
{
"Stuns": [
{
"Proto": "udp",
"URI": "stun:$NETBIRD_DOMAIN:3478"
"URI": "stun:$NETBIRD_DOMAIN:$NETBIRD_STUN_PORT"
}
],
"Relay": {
@@ -569,6 +540,9 @@ NB_LOG_LEVEL=info
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=$NETBIRD_RELAY_PROTO://$NETBIRD_DOMAIN:$NETBIRD_PORT
NB_AUTH_SECRET=$NETBIRD_RELAY_AUTH_SECRET
NB_ENABLE_STUN=true
NB_STUN_LOG_LEVEL=info
NB_STUN_PORTS=$NETBIRD_STUN_PORT
EOF
return 0
}
@@ -578,7 +552,7 @@ render_docker_compose() {
services:
# Caddy reverse proxy
caddy:
image: caddy
image: $CADDY_IMAGE
container_name: netbird-caddy
restart: unless-stopped
networks: [netbird]
@@ -597,7 +571,7 @@ services:
# UI dashboard
dashboard:
image: netbirdio/dashboard:latest
image: $DASHBOARD_IMAGE
container_name: netbird-dashboard
restart: unless-stopped
networks: [netbird]
@@ -611,7 +585,7 @@ services:
# Signal
signal:
image: netbirdio/signal:latest
image: $SIGNAL_IMAGE
container_name: netbird-signal
restart: unless-stopped
networks: [netbird]
@@ -621,12 +595,14 @@ services:
max-size: "500m"
max-file: "2"
# Relay
# Relay (includes embedded STUN server)
relay:
image: netbirdio/relay:latest
image: $RELAY_IMAGE
container_name: netbird-relay
restart: unless-stopped
networks: [netbird]
ports:
- '$NETBIRD_STUN_PORT:$NETBIRD_STUN_PORT/udp'
env_file:
- ./relay.env
logging:
@@ -637,7 +613,7 @@ services:
# Management (includes embedded IdP)
management:
image: netbirdio/management:latest
image: $MANAGEMENT_IMAGE
container_name: netbird-management
restart: unless-stopped
networks: [netbird]
@@ -659,22 +635,6 @@ services:
max-size: "500m"
max-file: "2"
# Coturn, AKA TURN server
coturn:
image: coturn/coturn
container_name: netbird-coturn
restart: unless-stopped
volumes:
- ./turnserver.conf:/etc/turnserver.conf:ro
network_mode: host
command:
- -c /etc/turnserver.conf
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
volumes:
netbird_caddy_data:
netbird_management:
@@ -702,7 +662,7 @@ render_docker_compose_traefik() {
services:
# UI dashboard
dashboard:
image: netbirdio/dashboard:latest
image: $DASHBOARD_IMAGE
container_name: netbird-dashboard
restart: unless-stopped
networks: [$network_name]
@@ -724,7 +684,7 @@ $(if [[ -n "$tls_labels" ]]; then echo " - traefik.http.routers.netbird-das
# Signal
signal:
image: netbirdio/signal:latest
image: $SIGNAL_IMAGE
container_name: netbird-signal
restart: unless-stopped
networks: [$network_name]
@@ -751,12 +711,14 @@ $(if [[ -n "$tls_labels" ]]; then echo " - traefik.http.routers.netbird-sig
max-size: "500m"
max-file: "2"
# Relay
# Relay (includes embedded STUN server)
relay:
image: netbirdio/relay:latest
image: $RELAY_IMAGE
container_name: netbird-relay
restart: unless-stopped
networks: [$network_name]
ports:
- '$NETBIRD_STUN_PORT:$NETBIRD_STUN_PORT/udp'
env_file:
- ./relay.env
labels:
@@ -774,7 +736,7 @@ $(if [[ -n "$tls_labels" ]]; then echo " - traefik.http.routers.netbird-rel
# Management (includes embedded IdP)
management:
image: netbirdio/management:latest
image: $MANAGEMENT_IMAGE
container_name: netbird-management
restart: unless-stopped
networks: [$network_name]
@@ -827,24 +789,6 @@ $(if [[ -n "$tls_labels" ]]; then echo " - traefik.http.routers.netbird-oau
max-size: "500m"
max-file: "2"
# Coturn, AKA TURN server
coturn:
image: coturn/coturn
container_name: netbird-coturn
restart: unless-stopped
volumes:
- ./turnserver.conf:/etc/turnserver.conf:ro
network_mode: host
labels:
- traefik.enable=false
command:
- -c /etc/turnserver.conf
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
volumes:
netbird_management:
@@ -874,7 +818,7 @@ render_docker_compose_exposed_ports() {
services:
# UI dashboard
dashboard:
image: netbirdio/dashboard:latest
image: $DASHBOARD_IMAGE
container_name: netbird-dashboard
restart: unless-stopped
networks: ${networks}
@@ -890,7 +834,7 @@ services:
# Signal
signal:
image: netbirdio/signal:latest
image: $SIGNAL_IMAGE
container_name: netbird-signal
restart: unless-stopped
networks: ${networks}
@@ -903,14 +847,15 @@ services:
max-size: "500m"
max-file: "2"
# Relay
# Relay (includes embedded STUN server)
relay:
image: netbirdio/relay:latest
image: $RELAY_IMAGE
container_name: netbird-relay
restart: unless-stopped
networks: ${networks}
ports:
- '${bind_addr}:${RELAY_HOST_PORT}:80'
- '$NETBIRD_STUN_PORT:$NETBIRD_STUN_PORT/udp'
env_file:
- ./relay.env
logging:
@@ -921,7 +866,7 @@ services:
# Management (includes embedded IdP)
management:
image: netbirdio/management:latest
image: $MANAGEMENT_IMAGE
container_name: netbird-management
restart: unless-stopped
networks: ${networks}
@@ -945,22 +890,6 @@ services:
max-size: "500m"
max-file: "2"
# Coturn, AKA TURN server
coturn:
image: coturn/coturn
container_name: netbird-coturn
restart: unless-stopped
volumes:
- ./turnserver.conf:/etc/turnserver.conf:ro
network_mode: host
command:
- -c /etc/turnserver.conf
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
volumes:
netbird_management: