Skip to content

fix: traefik relay accessibility #3696

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: traefik relay accessibility #3696

wants to merge 1 commit into from

Conversation

ghazyami
Copy link

@ghazyami ghazyami commented Apr 17, 2025
edited
Loading

Describe your changes

  • Remove commented lines on traefik template compose file

  • Fix relay accessibility with traefik reverse proxy (I think my understanding is correct, but please feel free to correct me if I got it wrong)

    • Instructions here mentioned to update NETBIRD_MGMT_API_PORT and NETBIRD_SIGNAL_PORT to be reverse-proxy TLS-port but not NETBIRD_RELAY_PORT, which defaults to 33080.

    • management.json.tmpl has relay address as rel://$NETBIRD_RELAY_DOMAIN:$NETBIRD_RELAY_PORT so it will resolve to <netbird_domain>:33080 which in case of using traefik is not accessible. relay should be accessible on
      <netbird_domain>:<reverse-proxy TLS-port>/relay

    • Updating traefik template to use port 33080 for relay internally. and I will open another PR to update the docs as well to include NETBIRD_RELAY_PORT along NETBIRD_MGMT_API_PORT and NETBIRD_SIGNAL_PORT.

    • Introduce NETBIRD_RELAY_ENDPOINT and use it on compose + management template files with value

      • rel://$NETBIRD_RELAY_DOMAIN:$NETBIRD_RELAY_PORT when NETBIRD_DISABLE_LETSENCRYPT=false
      • rels://$NETBIRD_DOMAIN:$NETBIRD_SIGNAL_PORT/relay when NETBIRD_DISABLE_LETSENCRYPT=true

I encountered this setting up a self-hosted instance with traefik, is there a way to verify the changes with my instance?
I tested with running netbird status -d I got

...
Relays: 
  [stun:mydomain.example.com:3478] is Available
  [turn:mydomain.example.com:3478?transport=udp] is Available
  [rels://mydomain.example.com:443/relay] is Available
...

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)
  • Extended the README / documentation, if necessary

@CLAassistant
Copy link

CLAassistant commented Apr 17, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@ghazyami

This comment was marked as outdated.

Sign in to view
@ghazyami ghazyami marked this pull request as draft April 17, 2025 12:06
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@ghazyami ghazyami marked this pull request as ready for review April 19, 2025 11:44
@ghazyami
Copy link
Author

fixes #3144

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ghazyami @CLAassistant