refactor

2026-05-05 11:55:19 +03:00
parent d0c5dc8184
commit 6392977e8d
4 changed files with 43 additions and 13 deletions
--- a/Dockerfile.netbird-server
+++ b/Dockerfile.netbird-server
@@ -1,3 +1,2 @@
-FROM netbirdio/netbird:latest
-
+FROM netbirdio/netbird-server:latest
 COPY config.yaml /etc/netbird/config.yaml
--- a/config.yaml
+++ b/config.yaml
@@ -1,13 +1,14 @@
 server:
  listenAddress: ":80"
-  exposedAddress: "https://birdy.greact.online"
+  exposedAddress: "https://birdy.greact.online:443"
  stunPorts:
    - 3478
  logLevel: "info"
  logFile: "console"
  authSecret: "336c2d76-3d00-4863-abc5-afe55211a36a"
+  dataDir: "/var/lib/netbird"

-  auth:                                     # ← ВЛОЖЕНО в server
+  auth:                                          # ← вложено под server
    issuer: "https://birdy.greact.online/oauth2"
    localAuthDisabled: false
    signKeyRefreshEnabled: true
@@ -17,6 +18,11 @@ server:
    cliRedirectURIs:
      - "http://localhost:53000/"

-  store:                                    # ← ВЛОЖЕНО в server
+  reverseProxy:
+    trustedHTTPProxies:
+      - "172.16.0.0/12"  # Docker-подсеть (покрывает NPM-контейнер в сети proxy)
+
+  store:                                         # ← вложено под server
    engine: "sqlite"
    encryptionKey: "336c2d76-3d00-4863-abc5-afe55211a36a"
+    
--- a/dashboard.env
+++ b/dashboard.env
@@ -0,0 +1,11 @@
+NETBIRD_MGMT_API_ENDPOINT=https://birdy.greact.online
+NETBIRD_MGMT_GRPC_API_ENDPOINT=https://birdy.greact.online
+
+AUTH_AUDIENCE=netbird-dashboard
+AUTH_CLIENT_ID=netbird-dashboard
+AUTH_CLIENT_SECRET=
+AUTH_AUTHORITY=https://birdy.greact.online/oauth2
+USE_AUTH0=false
+AUTH_SUPPORTED_SCOPES=openid profile email groups
+AUTH_REDIRECT_URI=/nb-auth
+AUTH_SILENT_REDIRECT_URI=/nb-silent-auth
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,15 +1,28 @@
+version: "3.8"
+
 services:
-  birdy:
+  netbird-server:
    build:
      context: .
      dockerfile: Dockerfile.netbird-server
-    image: birdy/netbird:local
-    container_name: birdy-server
-    volumes:
-      - netbird_data:/var/lib/netbird
+    container_name: netbird-server
    expose:
-      - "80"
-      - "3478/udp"
+      - "80"              # Management API + OAuth2 + Signal → внутрь proxy-сети
+    ports:
+      - "3478:3478/udp"   # STUN — публично (UDP нельзя проксировать через HTTP)
+    volumes:
+      - netbird_data:/var/lib/netbird   # именованный volume (не bind-mount)
+    restart: unless-stopped
+    networks:
+      - proxy
+
+  netbird-dashboard:
+    image: netbirdio/dashboard:latest
+    container_name: netbird-dashboard
+    env_file:
+      - ./dashboard.env
+    expose:
+      - "80"              # Web UI → внутрь proxy-сети
    restart: unless-stopped
    networks:
      - proxy
@@ -20,3 +33,4 @@ volumes:
 networks:
  proxy:
    external: true
+