Skip to content

[management, reverse proxy] Add reverse proxy feature #5291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pascal-fischer merged 279 commits into from
Feb 13, 2026
Merged

[management, reverse proxy] Add reverse proxy feature #5291

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
279 commits
Select commit Hold shift + click to select a range
7b3523e
return empty domain list when none in database
admacleod Jan 27, 2026
73fbb3f
fix reverse proxy put and post
pascal-fischer Jan 27, 2026
a103f69
remove basic auth scheme
pascal-fischer Jan 27, 2026
b867223
fix domain api registration
admacleod Jan 27, 2026
ae42bbb
Merge remote-tracking branch 'origin/prototype/reverse-proxy' into pr…
admacleod Jan 27, 2026
3c5ac17
fix domain store nil pointer
admacleod Jan 27, 2026
2c9decf
fix domain store slice retrieval
admacleod Jan 27, 2026
b611d4a
pass account manager in to proxy grpc server for setup key generation
admacleod Jan 28, 2026
a4c1362
pass proxy information to management on grpc connection
admacleod Jan 28, 2026
231e80c
Merge branch 'main' into prototype/reverse-proxy
pascal-fischer Jan 28, 2026
f97544a
go mod tidy
pascal-fischer Jan 28, 2026
1daea35
remove scheme information from management address when connecting via…
admacleod Jan 28, 2026
7d01311
Merge remote-tracking branch 'origin/prototype/reverse-proxy' into pr…
admacleod Jan 28, 2026
7700b43
correctly interpret custom domains from the database
admacleod Jan 28, 2026
10b981a
fix gorm id failures
admacleod Jan 28, 2026
a9ce9f8
add grpc TLS with selection inferred from management URL
admacleod Jan 28, 2026
3d116c9
add debug logs and switch to logrus for logs
admacleod Jan 28, 2026
95bf97d
add env var for debug logs
admacleod Jan 28, 2026
57cb6bf
add log on broadcasting update
pascal-fischer Jan 28, 2026
c98dcf5
get all proxy endpoints when a proxy connects
admacleod Jan 28, 2026
5b1fced
Merge remote-tracking branch 'origin/prototype/reverse-proxy' into pr…
admacleod Jan 28, 2026
a0a61d4
add extra debug logs
mlsmaycon Jan 28, 2026
717da8c
fix nil path
mlsmaycon Jan 28, 2026
3f0c577
use util.InitLog
mlsmaycon Jan 28, 2026
c86da92
update log init
mlsmaycon Jan 28, 2026
f4ca36e
fix non-nil path assignment
admacleod Jan 29, 2026
74c7706
fix access log context cancelled
admacleod Jan 29, 2026
4352228
allow setting the proxy url for autocert server name
admacleod Jan 29, 2026
760ac5e
use the netbird client transport directly
admacleod Jan 29, 2026
7d74904
add roundtripper debug log
admacleod Jan 29, 2026
f204da0
fix management reverseproxy proto mapping
admacleod Jan 29, 2026
8e0b7b6
add api for access log events
pascal-fischer Jan 29, 2026
0d48007
pass accountID
pascal-fischer Jan 29, 2026
e95cfa1
add support for some basic authentication methods
admacleod Jan 29, 2026
f882c36
simplify authentication
admacleod Jan 30, 2026
5345d71
Merge branch 'main' into prototype/reverse-proxy
admacleod Jan 30, 2026
3a6f364
use a defined logger
admacleod Jan 30, 2026
30572fe
add domain validation using values from proxies
admacleod Feb 2, 2026
095379f
add logging to domain validation
admacleod Feb 2, 2026
fa6ff00
add validation logging
admacleod Feb 2, 2026
a73ee47
ignore ports when performing proxy mapping lookups
admacleod Feb 2, 2026
3168afb
clean up proxy reported urls when using them for validation
admacleod Feb 2, 2026
30cfc22
correct proto and proxy authentication for oidc
admacleod Feb 3, 2026
02ce918
add management side of OIDC authentication
admacleod Feb 3, 2026
76a39c1
Revert "add management side of OIDC authentication"
admacleod Feb 3, 2026
5243481
get OIDC configuration from proxy flags/env
admacleod Feb 3, 2026
1467748
add management oidc configuration for proxies
admacleod Feb 3, 2026
3af4543
check for domain ownership via subdomain rather than naked domain
admacleod Feb 3, 2026
bffb25b
add status confirmation for certs and tunnel creation
pascal-fischer Feb 3, 2026
92f72bf
add reverse proxy meta to api resp
pascal-fischer Feb 3, 2026
733ea77
Add proxy auth ui
heisbrot Feb 3, 2026
4d89ae2
add clusters logic
mlsmaycon Feb 4, 2026
b02982f
add logs
mlsmaycon Feb 4, 2026
18cd0f1
Fix netstack detection and add wireguard port option
lixmal Feb 4, 2026
ca33849
Use a 1:1 mapping of netbird client to netbird account
lixmal Feb 4, 2026
0dd0c67
Revert "add management oidc configuration for proxies"
admacleod Feb 4, 2026
562923c
management OIDC implementation using pkce
admacleod Feb 4, 2026
28f3354
Merge remote-tracking branch 'origin/prototype/reverse-proxy' into pr…
admacleod Feb 4, 2026
a89bb80
fix protos after merge
admacleod Feb 4, 2026
a0005a6
fix minor potential security issues with OIDC
admacleod Feb 4, 2026
5da2b0f
Add error page
heisbrot Feb 4, 2026
eeabc64
Merge remote-tracking branch 'origin/prototype/reverse-proxy' into pr…
heisbrot Feb 4, 2026
7d844b9
Add health checks
lixmal Feb 4, 2026
907677f
Set readiness false on disconnect right away
lixmal Feb 4, 2026
476785b
Remove health check addr override
lixmal Feb 4, 2026
b5b7dd4
Add other error pages
heisbrot Feb 4, 2026
694ae13
add stateless proxy sessions
admacleod Feb 4, 2026
8fafde6
Merge remote-tracking branch 'origin/prototype/reverse-proxy' into pr…
admacleod Feb 4, 2026
096d4ac
rewrite peer creation and network map calc [WIP]
pascal-fischer Feb 4, 2026
d09c69f
fix scan sql
pascal-fischer Feb 4, 2026
3af16cf
add trace logs
pascal-fischer Feb 4, 2026
790ef39
log on debug
pascal-fischer Feb 4, 2026
b01809f
use logger
pascal-fischer Feb 4, 2026
e366fe3
add log when listener is ready
pascal-fischer Feb 4, 2026
5ccce1a
add debug logging for proxy connections and domain resolution
mlsmaycon Feb 5, 2026
9b0387e
Add /cert dir
lixmal Feb 5, 2026
7504e71
Add better error page
heisbrot Feb 5, 2026
4433f44
Add some other errors
heisbrot Feb 5, 2026
0e00f1c
Merge remote-tracking branch 'origin/prototype/reverse-proxy-clusters…
pascal-fischer Feb 5, 2026
d6e35bd
fix merge conflicts
pascal-fischer Feb 5, 2026
5ae7efe
Merge remote-tracking branch 'origin/prototype/reverse-proxy' into pr…
pascal-fischer Feb 5, 2026
f797d2d
fix cert dir name in docker file
pascal-fischer Feb 5, 2026
0419834
add routed exposed services support in nmap
pascal-fischer Feb 6, 2026
adbd7ab
send account updates on proxy change
pascal-fischer Feb 6, 2026
f65f4fc
fix some conflicts regression
mlsmaycon Feb 6, 2026
2f263bf
fix cluster logic for domains and reverse proxy
mlsmaycon Feb 7, 2026
0a3a9f9
Add proxy <-> management authentication
lixmal Feb 5, 2026
07e59b2
Add reverse proxy header security and forwarding
lixmal Feb 8, 2026
7c647dd
Add peer firewall to the receiving peer
lixmal Feb 8, 2026
5190923
Improve logging requests
lixmal Feb 8, 2026
ed58659
Set forwarded headers from trusted proxies only
lixmal Feb 8, 2026
3883b2f
Fix netbird_test.go
lixmal Feb 8, 2026
dc26a5a
Merge branch 'main' into prototype/reverse-proxy
lixmal Feb 8, 2026
99e6b1e
attempt to trigger ssl before first request
mlsmaycon Feb 8, 2026
51e63c2
Add health status to debug
lixmal Feb 8, 2026
6a64d4e
Remove test deployment specs
lixmal Feb 8, 2026
d2a7f3a
Fix pass host header
lixmal Feb 8, 2026
2cf00db
Fix missing route
lixmal Feb 8, 2026
156d0b1
Fix duplicate path
lixmal Feb 8, 2026
7b6294b
Refuse to service a service if auth setup failed
lixmal Feb 8, 2026
1c8f92a
Fix management nil pointer
lixmal Feb 8, 2026
7f11e32
Validate target id
lixmal Feb 8, 2026
260c46d
Fix broken auth redirect
lixmal Feb 8, 2026
3630ebb
Add option to rewrite redirects
lixmal Feb 8, 2026
2f390e1
Conflate default ports
lixmal Feb 8, 2026
3b43c00
Use unique static path for auth assets to avoid collision with routes
lixmal Feb 8, 2026
a8db732
add issued time log and CT timestamp logs
mlsmaycon Feb 8, 2026
780e9f5
Improve mgmt backoff
lixmal Feb 8, 2026
9904235
Improve embed client error detection and reporting
lixmal Feb 8, 2026
aaad3b2
Increase client startup timeout
lixmal Feb 8, 2026
1c5ab7c
add logger support to acme manager
mlsmaycon Feb 8, 2026
cf9fd5d
add AuthClientID
mlsmaycon Feb 8, 2026
7c996ac
add AuthCallbackURL
mlsmaycon Feb 9, 2026
09a1d5a
rename endpoint
mlsmaycon Feb 9, 2026
36cd0dd
temp fix import cycle
mlsmaycon Feb 9, 2026
778c223
fix api handler path
mlsmaycon Feb 9, 2026
2390c2e
change network map calc to inject proxy policies
pascal-fischer Feb 9, 2026
7467e9f
use portrange
pascal-fischer Feb 9, 2026
be5f302
fix embedded exception
pascal-fischer Feb 9, 2026
fd44213
Add cert hot reload and cert file locking
lixmal Feb 9, 2026
53c1016
Add graceful shutdown for Kubernetes
lixmal Feb 9, 2026
73aa078
Add cert health info to checks
lixmal Feb 9, 2026
9a67a8e
send updates on changes
pascal-fischer Feb 9, 2026
6a08695
Merge branch 'main' into prototype/reverse-proxy
pascal-fischer Feb 9, 2026
62e37dc
fix host resolution
pascal-fischer Feb 9, 2026
7c14056
fix resource lookup
pascal-fischer Feb 9, 2026
16d1b4a
handle default ports
pascal-fischer Feb 9, 2026
423f626
handle default ports
pascal-fischer Feb 9, 2026
1754160
handle default ports
pascal-fischer Feb 9, 2026
1ff75ac
handle default ports
pascal-fischer Feb 9, 2026
9e5fa11
handle multiple path
pascal-fischer Feb 9, 2026
e2adef1
add back notBefore and now to cert log
mlsmaycon Feb 9, 2026
6b00bb0
Strip session_token on redirect
lixmal Feb 10, 2026
79fed32
Add wg port configuration
lixmal Feb 10, 2026
a803f47
add network map support for clustering
pascal-fischer Feb 10, 2026
ca9a7e1
continue on host lookup failure
pascal-fischer Feb 10, 2026
ba9158d
Remove peer card from proxy error page
heisbrot Feb 10, 2026
940d01b
Merge remote-tracking branch 'origin/prototype/reverse-proxy' into pr…
heisbrot Feb 10, 2026
b16d636
Add group-based access control for SSO reverse proxy authentication
mlsmaycon Feb 10, 2026
08d3867
update error page
mlsmaycon Feb 10, 2026
0cb02bd
fix path handling + extract targets to separate table + guard resourc…
pascal-fischer Feb 10, 2026
eea6120
refactor: add ValidateSession gRPC and streamline test setup
mlsmaycon Feb 10, 2026
7d08a60
fix: capture account/service/user IDs in access logs for auth requests
mlsmaycon Feb 10, 2026
95d672c
fix: capture auth method in access logs for failed authentication
mlsmaycon Feb 10, 2026
f22497d
remove query parameters on refresh
mlsmaycon Feb 10, 2026
b79adb7
add services to permissions list
pascal-fischer Feb 11, 2026
5ae15b3
add hotpath proxy and roundtripper benchmarks
admacleod Feb 11, 2026
cfe6753
hash pin and password
pascal-fischer Feb 11, 2026
6968a32
move to argon2id
pascal-fischer Feb 11, 2026
55b8d89
add rate limiting for callback endpoint
pascal-fischer Feb 11, 2026
fb4cc37
add pagination for access logs
pascal-fischer Feb 11, 2026
bf48044
push filter files
pascal-fischer Feb 11, 2026
f3493ee
add basic metrics for stress testing
admacleod Feb 11, 2026
d069145
add more filters
pascal-fischer Feb 11, 2026
1ffe8de
add general search filter
pascal-fischer Feb 11, 2026
5bcdf36
fix source_ip
pascal-fischer Feb 11, 2026
9dba262
add index to access log entries
pascal-fischer Feb 11, 2026
e020950
concat host and path for search and add a status filter
pascal-fischer Feb 11, 2026
acb53ec
Merge branch 'prototype/reverse-proxy-logs-pagination' into prototype…
pascal-fischer Feb 11, 2026
ebb1f40
add id to request log search
pascal-fischer Feb 11, 2026
08ab1e3
rename reverse proxy to services
pascal-fischer Feb 11, 2026
22a3365
fix rename errors and tests
pascal-fischer Feb 11, 2026
1c7059e
fix some tests
pascal-fischer Feb 11, 2026
e20b969
fix linter issues
pascal-fischer Feb 12, 2026
963e3f5
fix linter issues
pascal-fischer Feb 12, 2026
917035f
fix tests
pascal-fischer Feb 12, 2026
15ef56e
fix typos
pascal-fischer Feb 12, 2026
4183778
fix tests
pascal-fischer Feb 12, 2026
54a73c6
move linter exceptions
pascal-fischer Feb 12, 2026
d689718
Improve logging and error handling
lixmal Feb 12, 2026
5d606d9
Add TTL-based expiry and cleanup for PKCE verifiers to prevent unboun…
lixmal Feb 12, 2026
38db42e
Fix initial sync complete on empty service list
lixmal Feb 12, 2026
3812609
Create unique token per proxy
lixmal Feb 12, 2026
bd47f44
Preload services targets
lixmal Feb 12, 2026
08ae281
Fix network monitor restarting the client in netstack mode
lixmal Feb 12, 2026
1fc25c3
move linter exceptions
pascal-fischer Feb 12, 2026
6796601
Generate a random nonce to ensure each OIDC request gets a unique state
mlsmaycon Feb 12, 2026
5f43449
move linter exceptions
pascal-fischer Feb 12, 2026
5fcfed5
add proxy tests
mlsmaycon Feb 12, 2026
e531fb5
ignore error
pascal-fischer Feb 12, 2026
abaf061
Skip nil client for health
lixmal Feb 12, 2026
a3c0ea3
Add proxy unit test workflow
lixmal Feb 12, 2026
f1a65d7
Add proxy to license boundary check
lixmal Feb 12, 2026
b87aa0b
Address linter issues
lixmal Feb 12, 2026
23abb57
Treated tombstoned conns as new
lixmal Feb 12, 2026
c37ebc6
add more metrics, improve metrics, reduce metrics impact on other pac…
admacleod Feb 12, 2026
6f2f0f9
exclude proxy peers on peers api
pascal-fischer Feb 12, 2026
ee2ae45
add permissions validation to domain manager
pascal-fischer Feb 12, 2026
fcbacc6
clear userID from access logs if not oidc
pascal-fischer Feb 12, 2026
8df1536
Merge branch 'main' into prototype/reverse-proxy
pascal-fischer Feb 12, 2026
e0874d7
Add noopener to window.open in ErrorPage
lixmal Feb 12, 2026
412407a
Add .dockerignore to exclude sensitive files from build context
lixmal Feb 12, 2026
7fdb824
Remove write permissions from /var/lib/netbird in proxy Dockerfile
lixmal Feb 12, 2026
9554934
Validate trusted proxies in OAuth callback getClientIP
lixmal Feb 12, 2026
f709251
Handle TCP port reuse for TIME-WAIT connections
lixmal Feb 12, 2026
6dfc577
fix nil pointer error in roundtripper
admacleod Feb 12, 2026
a3241d8
Fix swallowed response codes
lixmal Feb 12, 2026
e368d29
Fix test
lixmal Feb 12, 2026
fe975fb
Fix missing lang attribute
lixmal Feb 12, 2026
db5e26d
rename domain type
pascal-fischer Feb 12, 2026
41a5509
fix nil pointer error in roundtripper
admacleod Feb 12, 2026
ac995ba
rename url flag to domain and update validation
mlsmaycon Feb 12, 2026
cfdfdec
return error if unable to derive cluster on service creation
pascal-fischer Feb 12, 2026
57d3ee5
optimize the DeriveClusterFromDomain function
mlsmaycon Feb 12, 2026
eea7687
Fix lint and failing tests
lixmal Feb 12, 2026
0bd2271
fix integration tests
mlsmaycon Feb 12, 2026
a1b048f
feat: adding traefik + nb reverse proxy
diegocn Feb 12, 2026
7d19bdf
feat: adding traefik + nb's reverse proxy (#5303)
diegocn Feb 12, 2026
a05dc38
Merge branch 'main' into prototype/reverse-proxy
mlsmaycon Feb 12, 2026
14181c9
fix: remove duplicate import
diegocn Feb 12, 2026
c009055
feat: adds netbird's proxy component to getting-started
diegocn Feb 12, 2026
26d3dd7
feat: adding combined dockerfile for testing phase
diegocn Feb 13, 2026
f103fc4
chore: switch dashboard tag to the temp one
diegocn Feb 13, 2026
0254a38
fix load mgmt config
mlsmaycon Feb 13, 2026
3508144
Added s.GRPCServer() call before the afterInit
mlsmaycon Feb 13, 2026
4efea82
Add token cmd to combined and consolidate logic
lixmal Feb 13, 2026
e4e9998
Ignore print errs
lixmal Feb 13, 2026
c4bfbba
refactor access log filter
pascal-fischer Feb 13, 2026
0a884d8
refactor service manager code and add tests
pascal-fischer Feb 13, 2026
63ad313
[management] Enforce access control on accessible peers (#5301)
bcmmbaga Feb 13, 2026
d690e98
Add combined license + license checks + excldue from client tests
lixmal Feb 13, 2026
fef41f0
refactor AddPeer
pascal-fischer Feb 13, 2026
0331d68
remove unused network map code
pascal-fischer Feb 13, 2026
95ba4dc
Refactor proxy/auth Protect method to reduce cognitive complexity
lixmal Feb 13, 2026
7e062d6
Fix duplicate handler allocation in health.NewServer and add tests
lixmal Feb 13, 2026
cc5800f
Add comments to empty function bodies in acme locker
lixmal Feb 13, 2026
f296956
Refactor roundtrip AddPeer to reduce cognitive complexity and line count
lixmal Feb 13, 2026
a718d6e
Extract printHealthClients from debug printHealth to reduce complexity
lixmal Feb 13, 2026
3971d2f
Consolidate duplicate timeout cases in classifyProxyError
lixmal Feb 13, 2026
04b9de0
Refactor proxy server to reduce complexity in ListenAndServe and hand…
lixmal Feb 13, 2026
6ebcc7e
simplify policy inject logic
pascal-fischer Feb 13, 2026
009de5d
Fix HTML form label accessibility and CSS duplicate selector
lixmal Feb 13, 2026
b463161
Fix TypeScript Sonar issues across proxy/web
lixmal Feb 13, 2026
b962ae2
add proxy to goreleaser build pipeline with PR image tagging
mlsmaycon Feb 13, 2026
d64066c
use a similar multistage approach to copy files
mlsmaycon Feb 13, 2026
004a363
add chmod to tmp folder
mlsmaycon Feb 13, 2026
31728b6
Merge branch 'main' into prototype/reverse-proxy
lixmal Feb 13, 2026
45ba44f
Merge branch 'main' into prototype/reverse-proxy
lixmal Feb 13, 2026
cd7b966
refactor authenticate method
pascal-fischer Feb 13, 2026
0bce808
update codespell
pascal-fischer Feb 13, 2026
204a6d1
Replace COPY . . with explicit directories in proxy Dockerfile
lixmal Feb 13, 2026
6fbf040
Fix lint
lixmal Feb 13, 2026
add0156
remove unused authResults struct
pascal-fischer Feb 13, 2026
00410fb
chore: set server and proxy image tags
diegocn Feb 13, 2026
1b762b1
Add configurable backend transport and in-flight request limiting
lixmal Feb 12, 2026
908dfa0
Force dark mode
heisbrot Feb 13, 2026
0f2630e
Add structured logging for HTTP server errors (#5305)
pappz Feb 13, 2026
6da09f9
add all httpConfig info on combined
mlsmaycon Feb 13, 2026
a1621c8
chore: set server and proxy image tags
diegocn Feb 13, 2026
b68a9a6
getting-started.sh: prompt for NB_PROXY_DOMAIN when built-in traefik …
shuuri-labs Feb 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
.env
.env.*
*.pem
*.key
*.crt
*.p12
10 changes: 5 additions & 5 deletions .github/workflows/check-license-dependencies.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,27 +23,27 @@ jobs:

- name: Check for problematic license dependencies
run: |
echo "Checking for dependencies on management/, signal/, and relay/ packages..."
echo "Checking for dependencies on management/, signal/, relay/, and proxy/ packages..."
echo ""

# Find all directories except the problematic ones and system dirs
FOUND_ISSUES=0
while IFS= read -r dir; do
echo "=== Checking $dir ==="
# Search for problematic imports, excluding test files
RESULTS=$(grep -r "github.com/netbirdio/netbird/\(management\|signal\|relay\)" "$dir" --include="*.go" 2>/dev/null | grep -v "_test.go" | grep -v "test_" | grep -v "/test/" || true)
RESULTS=$(grep -r "github.com/netbirdio/netbird/\(management\|signal\|relay\|proxy\)" "$dir" --include="*.go" 2>/dev/null | grep -v "_test.go" | grep -v "test_" | grep -v "/test/" || true)
if [ -n "$RESULTS" ]; then
echo "❌ Found problematic dependencies:"
echo "$RESULTS"
FOUND_ISSUES=1
else
echo "✓ No problematic dependencies found"
fi
done < <(find . -maxdepth 1 -type d -not -name "." -not -name "management" -not -name "signal" -not -name "relay" -not -name ".git*" | sort)
done < <(find . -maxdepth 1 -type d -not -name "." -not -name "management" -not -name "signal" -not -name "relay" -not -name "proxy" -not -name "combined" -not -name ".git*" | sort)

echo ""
if [ $FOUND_ISSUES -eq 1 ]; then
echo "❌ Found dependencies on management/, signal/, or relay/ packages"
echo "❌ Found dependencies on management/, signal/, relay/, or proxy/ packages"
echo "These packages are licensed under AGPLv3 and must not be imported by BSD-licensed code"
exit 1
else
Expand Down Expand Up @@ -88,7 +88,7 @@ jobs:
IMPORTERS=$(go list -json -deps ./... 2>/dev/null | jq -r "select(.Imports[]? == \"$package\") | .ImportPath")

# Check if any importer is NOT in management/signal/relay
BSD_IMPORTER=$(echo "$IMPORTERS" | grep -v "github.com/netbirdio/netbird/\(management\|signal\|relay\)" | head -1)
BSD_IMPORTER=$(echo "$IMPORTERS" | grep -v "github.com/netbirdio/netbird/\(management\|signal\|relay\|proxy\|combined\)" | head -1)

if [ -n "$BSD_IMPORTER" ]; then
echo "❌ $package ($license) is imported by BSD-licensed code: $BSD_IMPORTER"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/golang-test-darwin.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,5 +43,5 @@ jobs:
run: git --no-pager diff --exit-code

- name: Test
run: NETBIRD_STORE_ENGINE=${{ matrix.store }} CI=true go test -tags=devcert -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 5m -p 1 $(go list ./... | grep -v /management)
run: NETBIRD_STORE_ENGINE=${{ matrix.store }} CI=true go test -tags=devcert -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 5m -p 1 $(go list ./... | grep -v -e /management -e /signal -e /relay -e /proxy -e /combined)

1 change: 0 additions & 1 deletion .github/workflows/golang-test-freebsd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,5 @@ jobs:
time go test -timeout 1m -failfast ./client/iface/...
time go test -timeout 1m -failfast ./route/...
time go test -timeout 1m -failfast ./sharedsock/...
time go test -timeout 1m -failfast ./signal/...
time go test -timeout 1m -failfast ./util/...
time go test -timeout 1m -failfast ./version/...
61 changes: 59 additions & 2 deletions .github/workflows/golang-test-linux.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,16 @@ jobs:
working-directory: relay
run: CGO_ENABLED=1 GOARCH=386 go build -o relay-386 .

- name: Build combined
if: steps.cache.outputs.cache-hit != 'true'
working-directory: combined
run: CGO_ENABLED=1 go build .

- name: Build combined 386
if: steps.cache.outputs.cache-hit != 'true'
working-directory: combined
run: CGO_ENABLED=1 GOARCH=386 go build -o combined-386 .

test:
name: "Client / Unit"
needs: [build-cache]
Expand Down Expand Up @@ -144,7 +154,7 @@ jobs:
run: git --no-pager diff --exit-code

- name: Test
run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} CI=true go test -tags devcert -exec 'sudo' -timeout 10m -p 1 $(go list ./... | grep -v -e /management -e /signal -e /relay)
run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} CI=true go test -tags devcert -exec 'sudo' -timeout 10m -p 1 $(go list ./... | grep -v -e /management -e /signal -e /relay -e /proxy -e /combined)

test_client_on_docker:
name: "Client (Docker) / Unit"
Expand Down Expand Up @@ -204,7 +214,7 @@ jobs:
sh -c ' \
apk update; apk add --no-cache \
ca-certificates iptables ip6tables dbus dbus-dev libpcap-dev build-base; \
go test -buildvcs=false -tags devcert -v -timeout 10m -p 1 $(go list -buildvcs=false ./... | grep -v -e /management -e /signal -e /relay -e /client/ui -e /upload-server)
go test -buildvcs=false -tags devcert -v -timeout 10m -p 1 $(go list -buildvcs=false ./... | grep -v -e /management -e /signal -e /relay -e /proxy -e /combined -e /client/ui -e /upload-server)
'

test_relay:
Expand Down Expand Up @@ -261,6 +271,53 @@ jobs:
-exec 'sudo' \
-timeout 10m -p 1 ./relay/... ./shared/relay/...

test_proxy:
name: "Proxy / Unit"
needs: [build-cache]
strategy:
fail-fast: false
matrix:
arch: [ '386','amd64' ]
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Install Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
cache: false

- name: Install dependencies
run: sudo apt update && sudo apt install -y gcc-multilib g++-multilib libc6-dev-i386

- name: Get Go environment
run: |
echo "cache=$(go env GOCACHE)" >> $GITHUB_ENV
echo "modcache=$(go env GOMODCACHE)" >> $GITHUB_ENV

- name: Cache Go modules
uses: actions/cache/restore@v4
with:
path: |
${{ env.cache }}
${{ env.modcache }}
key: ${{ runner.os }}-gotest-cache-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-gotest-cache-

- name: Install modules
run: go mod tidy

- name: check git status
run: git --no-pager diff --exit-code

- name: Test
run: |
CGO_ENABLED=1 GOARCH=${{ matrix.arch }} \
go test -timeout 10m -p 1 ./proxy/...

test_signal:
name: "Signal / Unit"
needs: [build-cache]
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/golang-test-windows.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ jobs:
- run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOMODCACHE=${{ env.cache }}
- run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOCACHE=${{ env.modcache }}
- run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe mod tidy
- run: echo "files=$(go list ./... | ForEach-Object { $_ } | Where-Object { $_ -notmatch '/management' } | Where-Object { $_ -notmatch '/relay' } | Where-Object { $_ -notmatch '/signal' })" >> $env:GITHUB_ENV
- run: echo "files=$(go list ./... | ForEach-Object { $_ } | Where-Object { $_ -notmatch '/management' } | Where-Object { $_ -notmatch '/relay' } | Where-Object { $_ -notmatch '/signal' } | Where-Object { $_ -notmatch '/proxy' } | Where-Object { $_ -notmatch '/combined' })" >> $env:GITHUB_ENV

- name: test
run: PsExec64 -s -w ${{ github.workspace }} cmd.exe /c "C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe test -tags=devcert -timeout 10m -p 1 ${{ env.files }} > test-out.txt 2>&1"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/golangci-lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ jobs:
- name: codespell
uses: codespell-project/actions-codespell@v2
with:
ignore_words_list: erro,clienta,hastable,iif,groupd,testin,groupe,cros,ans
skip: go.mod,go.sum
ignore_words_list: erro,clienta,hastable,iif,groupd,testin,groupe,cros,ans,deriver
skip: go.mod,go.sum,**/proxy/web/**
golangci:
strategy:
fail-fast: false
Expand Down
16 changes: 15 additions & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ jobs:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Log in to the GitHub container registry
if: github.event_name != 'pull_request'
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
uses: docker/login-action@v3
with:
registry: ghcr.io
Expand All @@ -176,6 +176,7 @@ jobs:
- name: Generate windows syso arm64
run: goversioninfo -arm -64 -icon client/ui/assets/netbird.ico -manifest client/manifest.xml -product-name ${{ env.PRODUCT_NAME }} -copyright "${{ env.COPYRIGHT }}" -ver-major ${{ steps.semver_parser.outputs.major }} -ver-minor ${{ steps.semver_parser.outputs.minor }} -ver-patch ${{ steps.semver_parser.outputs.patch }} -ver-build 0 -file-version ${{ steps.semver_parser.outputs.fullversion }}.0 -product-version ${{ steps.semver_parser.outputs.fullversion }}.0 -o client/resources_windows_arm64.syso
- name: Run GoReleaser
id: goreleaser
uses: goreleaser/goreleaser-action@v4
with:
version: ${{ env.GORELEASER_VER }}
Expand All @@ -185,6 +186,19 @@ jobs:
HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
UPLOAD_DEBIAN_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
UPLOAD_YUM_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
- name: Tag and push PR images (amd64 only)
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
run: |
PR_TAG="pr-${{ github.event.pull_request.number }}"
echo '${{ steps.goreleaser.outputs.artifacts }}' | \
jq -r '.[] | select(.type == "Docker Image") | select(.goarch == "amd64") | .name' | \
grep '^ghcr.io/' | while read -r SRC; do
IMG_NAME="${SRC%%:*}"
DST="${IMG_NAME}:${PR_TAG}"
echo "Tagging ${SRC} -> ${DST}"
docker tag "$SRC" "$DST"
docker push "$DST"
done
- name: upload non tags for debug purposes
uses: actions/upload-artifact@v4
with:
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
.run
*.iml
dist/
!proxy/web/dist/
bin/
.env
conf.json
Expand Down
87 changes: 87 additions & 0 deletions .goreleaser.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,20 @@ builds:
- -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
mod_timestamp: "{{ .CommitTimestamp }}"

- id: netbird-proxy
dir: proxy/cmd/proxy
env: [CGO_ENABLED=0]
binary: netbird-proxy
goos:
- linux
goarch:
- amd64
- arm64
- arm
ldflags:
- -s -w -X main.Version={{.Version}} -X main.Commit={{.Commit}} -X main.BuildDate={{.CommitDate}}
mod_timestamp: "{{ .CommitTimestamp }}"

universal_binaries:
- id: netbird

Expand Down Expand Up @@ -589,6 +603,55 @@ dockers:
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.source=https://github.com/netbirdio/{{.ProjectName}}"
- "--label=maintainer=dev@netbird.io"
- image_templates:
- netbirdio/reverse-proxy:{{ .Version }}-amd64
- ghcr.io/netbirdio/reverse-proxy:{{ .Version }}-amd64
ids:
- netbird-proxy
goarch: amd64
use: buildx
dockerfile: proxy/Dockerfile
build_flag_templates:
- "--platform=linux/amd64"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.source=https://github.com/netbirdio/{{.ProjectName}}"
- "--label=maintainer=dev@netbird.io"
- image_templates:
- netbirdio/reverse-proxy:{{ .Version }}-arm64v8
- ghcr.io/netbirdio/reverse-proxy:{{ .Version }}-arm64v8
ids:
- netbird-proxy
goarch: arm64
use: buildx
dockerfile: proxy/Dockerfile
build_flag_templates:
- "--platform=linux/arm64"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.source=https://github.com/netbirdio/{{.ProjectName}}"
- "--label=maintainer=dev@netbird.io"
- image_templates:
- netbirdio/reverse-proxy:{{ .Version }}-arm
- ghcr.io/netbirdio/reverse-proxy:{{ .Version }}-arm
ids:
- netbird-proxy
goarch: arm
goarm: 6
use: buildx
dockerfile: proxy/Dockerfile
build_flag_templates:
- "--platform=linux/arm"
- "--label=org.opencontainers.image.created={{.Date}}"
- "--label=org.opencontainers.image.title={{.ProjectName}}"
- "--label=org.opencontainers.image.version={{.Version}}"
- "--label=org.opencontainers.image.revision={{.FullCommit}}"
- "--label=org.opencontainers.image.source=https://github.com/netbirdio/{{.ProjectName}}"
- "--label=maintainer=dev@netbird.io"
docker_manifests:
- name_template: netbirdio/netbird:{{ .Version }}
image_templates:
Expand Down Expand Up @@ -769,6 +832,30 @@ docker_manifests:
- ghcr.io/netbirdio/netbird-server:{{ .Version }}-arm
- ghcr.io/netbirdio/netbird-server:{{ .Version }}-amd64

- name_template: netbirdio/reverse-proxy:{{ .Version }}
image_templates:
- netbirdio/reverse-proxy:{{ .Version }}-arm64v8
- netbirdio/reverse-proxy:{{ .Version }}-arm
- netbirdio/reverse-proxy:{{ .Version }}-amd64

- name_template: netbirdio/reverse-proxy:latest
image_templates:
- netbirdio/reverse-proxy:{{ .Version }}-arm64v8
- netbirdio/reverse-proxy:{{ .Version }}-arm
- netbirdio/reverse-proxy:{{ .Version }}-amd64

- name_template: ghcr.io/netbirdio/reverse-proxy:{{ .Version }}
image_templates:
- ghcr.io/netbirdio/reverse-proxy:{{ .Version }}-arm64v8
- ghcr.io/netbirdio/reverse-proxy:{{ .Version }}-arm
- ghcr.io/netbirdio/reverse-proxy:{{ .Version }}-amd64

- name_template: ghcr.io/netbirdio/reverse-proxy:latest
image_templates:
- ghcr.io/netbirdio/reverse-proxy:{{ .Version }}-arm64v8
- ghcr.io/netbirdio/reverse-proxy:{{ .Version }}-arm
- ghcr.io/netbirdio/reverse-proxy:{{ .Version }}-amd64

brews:
- ids:
- default
Expand Down
2 changes: 1 addition & 1 deletion LICENSE
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
This BSD‑3‑Clause license applies to all parts of the repository except for the directories management/, signal/ and relay/.
This BSD‑3‑Clause license applies to all parts of the repository except for the directories management/, signal/, relay/ and combined/.
Those directories are licensed under the GNU Affero General Public License version 3.0 (AGPLv3). See the respective LICENSE files inside each directory.

BSD 3-Clause License
Expand Down
22 changes: 12 additions & 10 deletions client/embed/embed.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,14 @@ var (
ErrConfigNotInitialized = errors.New("config not initialized")
)

// PeerConnStatus is a peer's connection status.
type PeerConnStatus = peer.ConnStatus

const (
// PeerStatusConnected indicates the peer is in connected state.
PeerStatusConnected = peer.StatusConnected
)

// Client manages a netbird embedded client instance.
type Client struct {
deviceName string
Expand Down Expand Up @@ -162,6 +170,7 @@ func New(opts Options) (*Client, error) {
setupKey: opts.SetupKey,
jwtToken: opts.JWTToken,
config: config,
recorder: peer.NewRecorder(config.ManagementURL.String()),
}, nil
}

Expand All @@ -183,6 +192,7 @@ func (c *Client) Start(startCtx context.Context) error {

// nolint:staticcheck
ctx = context.WithValue(ctx, system.DeviceNameCtxKey, c.deviceName)

authClient, err := auth.NewAuth(ctx, c.config.PrivateKey, c.config.ManagementURL, c.config)
if err != nil {
return fmt.Errorf("create auth client: %w", err)
Expand All @@ -192,10 +202,7 @@ func (c *Client) Start(startCtx context.Context) error {
if err, _ := authClient.Login(ctx, c.setupKey, c.jwtToken); err != nil {
return fmt.Errorf("login: %w", err)
}

recorder := peer.NewRecorder(c.config.ManagementURL.String())
c.recorder = recorder
client := internal.NewConnectClient(ctx, c.config, recorder, false)
client := internal.NewConnectClient(ctx, c.config, c.recorder, false)
client.SetSyncResponsePersistence(true)

// either startup error (permanent backoff err) or nil err (successful engine up)
Expand Down Expand Up @@ -348,22 +355,17 @@ func (c *Client) NewHTTPClient() *http.Client {
// Status returns the current status of the client.
func (c *Client) Status() (peer.FullStatus, error) {
c.mu.Lock()
recorder := c.recorder
connect := c.connect
c.mu.Unlock()

if recorder == nil {
return peer.FullStatus{}, errors.New("client not started")
}

if connect != nil {
engine := connect.Engine()
if engine != nil {
_ = engine.RunHealthProbes(false)
}
}

return recorder.GetFullStatus(), nil
return c.recorder.GetFullStatus(), nil
}

// GetLatestSyncResponse returns the latest sync response from the management server.
Expand Down
Loading
Loading