can't use the standard ports 80 and 443 on my network #1267
Comments
|
Hey @xcstatus are you able to deploy the reverse proxy without the public access in these two ports? If so, there is a way to deploy it, but you will need to manage the SSL certificates. |
|
Thank you for your reply. |
I have the same problem. Did you solve it? If so, can you help me? |
|
Not solved yet, no way to deal with this problem, can only wait for the solution given by the @mlsmaycon |
|
xcstatus ***@***.***>于2023年11月13日 周一13:00写道:
Not solved yet, no way to deal with this problem, can only wait for the
solution given by the @mlsmaycon <https://github.com/mlsmaycon>
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SEJROTICPNK7WHDOCDYEGSOBAVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBXGQ4DANBQG4>
.
You are receiving this because you commented.Message ID:
***@***.***>
If you have a solution please let me know thank you very much
|
|
Hello folks, we have a guide for running NetBird that you can use to configure NetBird to run behind a reverse-proxy like Nginx, Traefik or Caddyserver. See this link for more details. It covers the advanced guide setup, then you need to configure your reverse proxy. For traefik and nginx you have some example templates: For Caddyserver you can use the following example: You need to replace the references to the internal services according to your local environment. e.g., if your management is running on IP 192.168.0.100, replace h2c://management:80 with h2c://192.168.0.100:80 |
|
Besides the docker-compose file, what else do I need to modify?
Maycon Santos ***@***.***>于2023年11月14日 周二16:34写道:
… Hello folks, we have a guide for running NetBird that you can use to
configure NetBird to run behind a reverse-proxy like Nginx, Traefik or
Caddyserver. See this link
<https://docs.netbird.io/selfhosted/selfhosted-guide#advanced-running-net-bird-behind-an-existing-reverse-proxy>
for more details. It covers the advanced guide setup, then you need to
configure your reverse proxy.
For traefik and nginx you have some example templates:
Nginx.conf
<https://github.com/netbirdio/netbird/blob/d1d01a0611771b5604bf5806f385ebb9d70c58df/infrastructure_files/nginx.tmpl.conf>
docker-compose.yml.tmpl.traefik
<https://github.com/netbirdio/netbird/blob/d1d01a0611771b5604bf5806f385ebb9d70c58df/infrastructure_files/docker-compose.yml.tmpl.traefik>
For Caddyserver you can use the following example:
{
debug
servers :80,:443 {
protocols h1 h2c
}
}
:80,mydomain.example.com:443 {
import security_headers
# Signal
reverse_proxy /signalexchange.SignalExchange/* h2c://signal:10000
# Management
reverse_proxy /api/* management:80
reverse_proxy /management.ManagementService/* h2c://management:80
# Dashboard
reverse_proxy /* dashboard:80
}
You need to replace the references to the internal services according to
your local environment. e.g., if your management is running on IP
192.168.0.100, replace h2c://management:80 with h2c://192.168.0.100:80
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SBWGHSG2RDRD22YYG3YEMUINAVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBZG42DSOJXHE>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
It depends on the scenario you are building. Can you share more about it @MrChenhtlss? |
|
Sorry I'm not a professional IT worker
Maycon Santos ***@***.***>于2023年11月14日 周二16:43写道:
… It depends on the scenario you are building. Can you share more about it
@MrChenhtlss <https://github.com/MrChenhtlss>?
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SAQT7QLQIPIIUQVAQLYEMVMPAVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBZG43DGMJYGE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Or I would just use express install. Doc provides an advanced installation
method, but I can't understand it.
T oy ***@***.***>于2023年11月14日 周二16:49写道:
… Sorry I'm not a professional IT worker
Maycon Santos ***@***.***>于2023年11月14日 周二16:43写道:
> It depends on the scenario you are building. Can you share more about it
> @MrChenhtlss <https://github.com/MrChenhtlss>?
>
> —
> Reply to this email directly, view it on GitHub
> <#1267 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/BC6T5SAQT7QLQIPIIUQVAQLYEMVMPAVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBZG43DGMJYGE>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
|
|
@MrChenhtlss Maybe you can share more about your current server setup, like what is running on ports 80 and 443, do you have a proxy like nginx or others? |
|
80,443 running nginx
Maycon Santos ***@***.***>于2023年11月14日 周二16:58写道:
… @MrChenhtlss <https://github.com/MrChenhtlss> Maybe you can share more
about your current server setup, like what is running on ports 80 and 443,
do you have a proxy like nginx or others?
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SH3YIWLPXNGOUOP2L3YEMXC3AVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBZG44DQMZXGI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
I have another server but my service provider disabled my ports 80 and 443
other ports are accessible from the internet
T oy ***@***.***>于2023年11月14日 周二16:59写道:
… 80,443 running nginx
Maycon Santos ***@***.***>于2023年11月14日 周二16:58写道:
> @MrChenhtlss <https://github.com/MrChenhtlss> Maybe you can share more
> about your current server setup, like what is running on ports 80 and 443,
> do you have a proxy like nginx or others?
>
> —
> Reply to this email directly, view it on GitHub
> <#1267 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/BC6T5SH3YIWLPXNGOUOP2L3YEMXC3AVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMBZG44DQMZXGI>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
|
|
Any progress so far? |
|
The deployment script was modified and the deployment was successful over a non-standard port. But you will need to get your own domain certificate. 修改了部署脚本,通过非标准端口部署成功了。 但是需要自己申请域名证书。
|
|
非常感谢,方便给我更详细的操作方法么
xcstatus ***@***.***>于2023年12月18日 周一14:45写道:
… image.png (view on web)
<https://github.com/netbirdio/netbird/assets/40375067/0391245a-a212-4a40-9d59-8721b77c4071>
@MrChenhtlss <https://github.com/MrChenhtlss>
The deployment script was modified and the deployment was successful over
a non-standard port. But you will need to get your own domain certificate.
Change the port number in the script.
Add the domain certificate configuration to the caddy configuration file.
3. Change the redirect Settings in zitdel.
4. Modify the address of the HttpConfig node in the renderManagementJson
method, and add the port.
修改了部署脚本,通过非标准端口部署成功了。 但是需要自己申请域名证书。
1. 修改脚本中的端口号。
2. 在caddy配置文件中增加域名证书配置。
3. 修改zitdel中的重定向设置。
4. 修改renderManagementJson方法中HttpConfig节点下地址,需要增加端口。
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SGW23IFWUIDM72P7WDYJ7RALAVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJZGY2DKNZZGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
晚点我整理下, 现在发现了一个问题 通过pre-shard key 无法在客户端登录 |
|
好的,非常感谢,但是官方似乎有通过nginx的部署方法,但是由于能力有限,无法完全理解官方doc的内容
status ***@***.***>于2023年12月18日 周一15:34写道:
… 晚点我整理下, 现在发现了一个问题 通过pre-shard key 无法在客户端登录
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SFJJZ7LL2J43KD4ZWDYJ7WYZAVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJZGY4TINZTGQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Netbird安装.md |
|
OK,这真的太棒了
xcstatus ***@***.***>于2023年12月18日 周一23:30写道:
… Netbird安装.md
<https://github.com/netbirdio/netbird/files/13705518/Netbird.md>
getting-started-with-zitadel-xc.zip
<https://github.com/netbirdio/netbird/files/13705521/getting-started-with-zitadel-xc.zip>
@MrChenhtlss <https://github.com/MrChenhtlss> 这是我修改后的脚本和修改、安装说明。
@mlsmaycon <https://github.com/mlsmaycon> Problem solved. I closed the
problem. Thank you very much
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SHRY6PUDQQQAMXG44TYKBOSHAVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRQHAZDAMZTGI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
真香! 我迭代下,端口号改成交互输入,域名证书改成自动匹配。 操作步骤:
getting-started-with-zitadel-xc-prompt.sh.zip 目前证书需要手动维护,要是有大佬能改成自动获取及更新证书就更好了。 |
|
👍。我一直想要这样做,但是我不太懂shell语法,所以不敢对脚本做太大的修改。这个对脚本的修改是否有必要提个pr给官方? 但是需要兼容下不需要修改端口号的情况。 |
这个真的非常棒,ssl可以申请腾讯云各大云厂商为期一年的free证书 |
|
证书自动维护可以考虑下caddy的dns质询组件。https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148 |
|
官方的脚本默认就是caddy自动获取证书的,不过你改的手动证书方案更适合我 😋 |
据说“acme.sh” 基于acme可以自动续签SSL证书,但是由于我不是从事IT运维的能提供的参考非常有限,希望您可以参考下是否可行 |
请问是否将8080端口写入到脚本可以支持交互式输入,因为我的8080端口已经被其他进程占用,可以的话那就太棒了!!!! |
好像那个8080没有实际用途,等会给你改一个交互输入修改8080的脚本 |
getting-started-with-zitadel-xc.sh.zip @MrChenhtlss 你试试看。 |
|
|
|
看不出来有什么问题, 怀疑是 crdb这个服务没有启动起来。 |
感谢,我看看这个服务。 |
操作步骤:
按提示输入好端口号(请提前进行域名解释和及安全组端口放行:你自定义的端口号; UDP ports: 3478, 49152-65535) |
|
如果在国内服务器上部署的话 需要注释掉脚本中的 h1 h2,另外 再把所需的docker镜像手动pull一下
jiangslee ***@***.***>于2023年12月25日 周一17:54写道:
… 看不出来有什么问题, 怀疑是 crdb这个服务没有启动起来。
感谢,我看看这个服务。
操作步骤:
1. mkdir certs
2.
在certs目录放好与域名一致的证书文件,如netbird.my-domain.com.pem,netbird.my-domain.com.key
~/docker-netbird# tree certs
certs
├── netbird.my-domain.com.key
└── netbird.my-domain.com.pem
1. export NETBIRD_DOMAIN=netbird.my-domain.com
2. bash getting-started-with-zitadel-xc.sh
按提示输入好端口号(请提前进行域名解释和及安全组端口放行:你自定义的端口号; UDP ports: 3478, 49152-65535)
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SDZSR4OK4Z2QFPE3R3YLFENNAVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRYHA4TQMBSHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@MrChenhtlss 我也是国内服务器部署,没有注释h1 h2也能跑,关键是需要提前解释好域名、提前放行端口。 |
|
前两天部署的时候 如果不注视掉 h1 h2 会卡在zitadel 无法进行下一步
jiangslee ***@***.***>于2023年12月25日 周一17:58写道:
… @MrChenhtlss <https://github.com/MrChenhtlss> 我也是国内服务器部署,没有注释h1
h2也能跑,关键是需要*提前解释好域名*、*提前放行端口*。
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SGTVQ5CQ6KRGYREQW3YLFE2TAVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRYHA4TSNZUGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
caddy.zip |
这是要自己构建caddy的docker镜像吗? |
|
是的发自我的 iPhone在 2023年12月26日,17:03,jiangslee ***@***.***> 写道:
caddy.zip 可以试试这个,构建caddy-dnspod,支持腾讯云dns质询。可以自动签名。 其余云服务上可以在Dockerfile中替换对应的插件就行
这是要自己构建caddy的docker镜像吗?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you modified the open/close state.Message ID: ***@***.***>
|
|
使用构建的caddy-dnspod镜像可以正常运行。证书也可以自动获取。但是我不太清楚怎么把构建过程编写成脚本,通过脚本指定caddy版本、dns质询插件发自我的 iPhone在 2023年12月26日,17:03,jiangslee ***@***.***> 写道:
caddy.zip 可以试试这个,构建caddy-dnspod,支持腾讯云dns质询。可以自动签名。 其余云服务上可以在Dockerfile中替换对应的插件就行
这是要自己构建caddy的docker镜像吗?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you modified the open/close state.Message ID: ***@***.***>
|
|
不知道为什么我无法打开这个issues
xcstatus ***@***.***>于2023年12月26日 周二17:56写道:
… 使用构建的caddy-dnspod镜像可以正常运行。证书也可以自动获取。但是我不太清楚怎么把构建过程编写成脚本,通过脚本指定caddy版本、dns质询插件发自我的
iPhone在 2023年12月26日,17:03,jiangslee ***@***.***> 写道:
caddy.zip 可以试试这个,构建caddy-dnspod,支持腾讯云dns质询。可以自动签名。
其余云服务上可以在Dockerfile中替换对应的插件就行
这是要自己构建caddy的docker镜像吗?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are
receiving this because you modified the open/close state.Message ID:
***@***.***>
—
Reply to this email directly, view it on GitHub
<#1267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BC6T5SGXJ2ET3D27IZXPASDYLKNN7AVCNFSM6AAAAAA6VQ3QOSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRZGQZDCMZVGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
请问大佬,下载的这个文件和certs放在一个文件夹下边么?还是放里CERTS里边? |
|
docker-netbird |
可以使用cloudflare申请的免费15年证书,上面您提到的自动续签能有个详细操作流程就完美了。 |
这里有配置的方法。 |
这个好棒啊 我也跑起来了 很完美 现在唯一不足的就是 我想改这个默认的100.xx.xx.xx这个网段 可以 自定义吗 大佬 |
|
有办法修改默认的网段嘛 100.91.0.0/24.这个
|
|
@shangkouyou 默认给的好像是100.x.x.x/16网段,一般不会冲突,为什么要改为/24? |
我主要是想改100.xxx.xxx.xxx 想改成自己喜欢的内网网段 |
|
真不建议你改。 |
好的吧 谢谢你 |
佬我还行问哦 你上面的脚本执行后安装的是老的版本 可以升级最新的吗 |
@xcstatus @jiangslee 
|
你能提供详细的部署流程? |
hi all,
I can't use the standard ports 80 and 443 on my network. How do I change the configuration for deployment? Since standard ports are not available, the reverse proxy cannot be deployed either.
The text was updated successfully, but these errors were encountered: