mirror of
https://github.com/netbirdio/netbird.git
synced 2026-03-31 06:34:19 -04:00
59c77d0658
* Add postgres config for embedded idp Entire-Checkpoint: 9ace190c1067 * Rename idpStore to authStore Entire-Checkpoint: 73a896c79614 * Fix review notes Entire-Checkpoint: 6556783c0df3 * Don't accept pq port = 0 Entire-Checkpoint: 80d45e37782f * Optimize configs Entire-Checkpoint: 80d45e37782f * Fix lint issues Entire-Checkpoint: 3eec968003d1 * Fail fast on combined postgres config Entire-Checkpoint: b17839d3d8c6 * Simplify management config method Entire-Checkpoint: 0f083effa20e
122 lines
4.2 KiB
Plaintext
122 lines
4.2 KiB
Plaintext
# NetBird Combined Server Configuration
|
|
# Copy this file to config.yaml and customize for your deployment
|
|
#
|
|
# This is a Management server with optional embedded Signal, Relay, and STUN services.
|
|
# By default, all services run locally. You can use external services instead by
|
|
# setting the corresponding override fields.
|
|
#
|
|
# Architecture:
|
|
# - Management: Always runs locally (this IS the management server)
|
|
# - Signal: Local by default; set 'signalUri' to use external (disables local)
|
|
# - Relay: Local by default; set 'relays' to use external (disables local)
|
|
# - STUN: Local on port 3478 by default; set 'stuns' to use external instead
|
|
|
|
server:
|
|
# Main HTTP/gRPC port for all services (Management, Signal, Relay)
|
|
listenAddress: ":443"
|
|
|
|
# Public address that peers will use to connect to this server
|
|
# Used for relay connections and management DNS domain
|
|
# Format: protocol://hostname:port (e.g., https://server.mycompany.com:443)
|
|
exposedAddress: "https://server.mycompany.com:443"
|
|
|
|
# STUN server ports (defaults to [3478] if not specified; set 'stuns' to use external)
|
|
# stunPorts:
|
|
# - 3478
|
|
|
|
# Metrics endpoint port
|
|
metricsPort: 9090
|
|
|
|
# Healthcheck endpoint address
|
|
healthcheckAddress: ":9000"
|
|
|
|
# Logging configuration
|
|
logLevel: "info" # Default log level for all components: panic, fatal, error, warn, info, debug, trace
|
|
logFile: "console" # "console" or path to log file
|
|
|
|
# TLS configuration (optional)
|
|
tls:
|
|
certFile: ""
|
|
keyFile: ""
|
|
letsencrypt:
|
|
enabled: false
|
|
dataDir: ""
|
|
domains: []
|
|
email: ""
|
|
awsRoute53: false
|
|
|
|
# Shared secret for relay authentication (required when running local relay)
|
|
authSecret: "your-secret-key-here"
|
|
|
|
# Data directory for all services
|
|
dataDir: "/var/lib/netbird/"
|
|
|
|
# ============================================================================
|
|
# External Service Overrides (optional)
|
|
# Use these to point to external Signal, Relay, or STUN servers instead of
|
|
# running them locally. When set, the corresponding local service is disabled.
|
|
# ============================================================================
|
|
|
|
# External STUN servers - disables local STUN server
|
|
# stuns:
|
|
# - uri: "stun:stun.example.com:3478"
|
|
# - uri: "stun:stun.example.com:3479"
|
|
|
|
# External relay servers - disables local relay server
|
|
# relays:
|
|
# addresses:
|
|
# - "rels://relay.example.com:443"
|
|
# credentialsTTL: "12h"
|
|
# secret: "relay-shared-secret"
|
|
|
|
# External signal server - disables local signal server
|
|
# signalUri: "https://signal.example.com:443"
|
|
|
|
# ============================================================================
|
|
# Management Settings
|
|
# ============================================================================
|
|
|
|
# Metrics and updates
|
|
disableAnonymousMetrics: false
|
|
disableGeoliteUpdate: false
|
|
|
|
# Embedded authentication/identity provider (Dex) configuration (always enabled)
|
|
auth:
|
|
# OIDC issuer URL - must be publicly accessible
|
|
issuer: "https://example.com/oauth2"
|
|
localAuthDisabled: false
|
|
signKeyRefreshEnabled: false
|
|
# OAuth2 redirect URIs for dashboard
|
|
dashboardRedirectURIs:
|
|
- "https://app.example.com/nb-auth"
|
|
- "https://app.example.com/nb-silent-auth"
|
|
# OAuth2 redirect URIs for CLI
|
|
cliRedirectURIs:
|
|
- "http://localhost:53000/"
|
|
# Optional initial admin user
|
|
# owner:
|
|
# email: "admin@example.com"
|
|
# password: "initial-password"
|
|
|
|
# Store configuration
|
|
store:
|
|
engine: "sqlite" # sqlite, postgres, or mysql
|
|
dsn: "" # Connection string for postgres or mysql
|
|
encryptionKey: ""
|
|
|
|
# Activity events store configuration (optional, defaults to sqlite in dataDir)
|
|
# activityStore:
|
|
# engine: "sqlite" # sqlite or postgres
|
|
# dsn: "" # Connection string for postgres
|
|
|
|
# Auth (embedded IdP) store configuration (optional, defaults to sqlite3 in dataDir/idp.db)
|
|
# authStore:
|
|
# engine: "sqlite3" # sqlite3 or postgres
|
|
# dsn: "" # Connection string for postgres (e.g., "host=localhost port=5432 user=postgres password=postgres dbname=netbird_idp sslmode=disable")
|
|
|
|
# Reverse proxy settings (optional)
|
|
# reverseProxy:
|
|
# trustedHTTPProxies: []
|
|
# trustedHTTPProxiesCount: 0
|
|
# trustedPeers: []
|