From 6392977e8dedba807d556a35e41f9eb11331e0f9 Mon Sep 17 00:00:00 2001
From: Nikita Bizyaev <NBizyaev@alabuga.ru>
Date: Tue, 5 May 2026 11:55:19 +0300
Subject: [PATCH] refactor

---
 Dockerfile.netbird-server |  3 +--
 config.yaml               | 14 ++++++++++----
 dashboard.env             | 11 +++++++++++
 docker-compose.yml        | 28 +++++++++++++++++++++-------
 4 files changed, 43 insertions(+), 13 deletions(-)
 create mode 100644 dashboard.env

diff --git a/Dockerfile.netbird-server b/Dockerfile.netbird-server
index 87e5be7..9929813 100644
--- a/Dockerfile.netbird-server
+++ b/Dockerfile.netbird-server
@@ -1,3 +1,2 @@
-FROM netbirdio/netbird:latest
-
+FROM netbirdio/netbird-server:latest
 COPY config.yaml /etc/netbird/config.yaml
diff --git a/config.yaml b/config.yaml
index 41f30f2..bc3d0e7 100644
--- a/config.yaml
+++ b/config.yaml
@@ -1,13 +1,14 @@
 server:
   listenAddress: ":80"
-  exposedAddress: "https://birdy.greact.online"
+  exposedAddress: "https://birdy.greact.online:443"
   stunPorts:
     - 3478
   logLevel: "info"
   logFile: "console"
   authSecret: "336c2d76-3d00-4863-abc5-afe55211a36a"
+  dataDir: "/var/lib/netbird"
 
-  auth:                                     # ← ВЛОЖЕНО в server
+  auth:                                          # ← вложено под server
     issuer: "https://birdy.greact.online/oauth2"
     localAuthDisabled: false
     signKeyRefreshEnabled: true
@@ -17,6 +18,11 @@ server:
     cliRedirectURIs:
       - "http://localhost:53000/"
 
-  store:                                    # ← ВЛОЖЕНО в server
+  reverseProxy:
+    trustedHTTPProxies:
+      - "172.16.0.0/12"  # Docker-подсеть (покрывает NPM-контейнер в сети proxy)
+
+  store:                                         # ← вложено под server
     engine: "sqlite"
-    encryptionKey: "336c2d76-3d00-4863-abc5-afe55211a36a"
\ No newline at end of file
+    encryptionKey: "336c2d76-3d00-4863-abc5-afe55211a36a"
+    
\ No newline at end of file
diff --git a/dashboard.env b/dashboard.env
new file mode 100644
index 0000000..2ede034
--- /dev/null
+++ b/dashboard.env
@@ -0,0 +1,11 @@
+NETBIRD_MGMT_API_ENDPOINT=https://birdy.greact.online
+NETBIRD_MGMT_GRPC_API_ENDPOINT=https://birdy.greact.online
+
+AUTH_AUDIENCE=netbird-dashboard
+AUTH_CLIENT_ID=netbird-dashboard
+AUTH_CLIENT_SECRET=
+AUTH_AUTHORITY=https://birdy.greact.online/oauth2
+USE_AUTH0=false
+AUTH_SUPPORTED_SCOPES=openid profile email groups
+AUTH_REDIRECT_URI=/nb-auth
+AUTH_SILENT_REDIRECT_URI=/nb-silent-auth
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 0ef8af0..d7a6b92 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,15 +1,28 @@
+version: "3.8"
+
 services:
-  birdy:
+  netbird-server:
     build:
       context: .
       dockerfile: Dockerfile.netbird-server
-    image: birdy/netbird:local
-    container_name: birdy-server
-    volumes:
-      - netbird_data:/var/lib/netbird
+    container_name: netbird-server
     expose:
-      - "80"
-      - "3478/udp"
+      - "80"              # Management API + OAuth2 + Signal → внутрь proxy-сети
+    ports:
+      - "3478:3478/udp"   # STUN — публично (UDP нельзя проксировать через HTTP)
+    volumes:
+      - netbird_data:/var/lib/netbird   # именованный volume (не bind-mount)
+    restart: unless-stopped
+    networks:
+      - proxy
+
+  netbird-dashboard:
+    image: netbirdio/dashboard:latest
+    container_name: netbird-dashboard
+    env_file:
+      - ./dashboard.env
+    expose:
+      - "80"              # Web UI → внутрь proxy-сети
     restart: unless-stopped
     networks:
       - proxy
@@ -20,3 +33,4 @@ volumes:
 networks:
   proxy:
     external: true
+    
\ No newline at end of file