Skip to content

Instantly share code, notes, and snippets.

@raku-cat

raku-cat/netbird.conf

Created February 9, 2026 02:37
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save raku-cat/c7a32c1432669a594abc427f6df71926 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save raku-cat/c7a32c1432669a594abc427f6df71926 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
netbird.conf
server {
server_name netbird.apps.my.site;
listen 80;
listen [::]:80;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
server_name netbird.apps.my.site;
listen 443 ssl http2;
listen [::]:443 ssl http2;
include /etc/nginx/snippets/ssl.conf;
# Required for long-lived gRPC connections
client_header_timeout 1d;
client_body_timeout 1d;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Relay (WebSocket)
location /relay {
proxy_pass http://netbird_relay;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 1d;
}
# Signal WebSocket
location /ws-proxy/signal {
proxy_pass http://netbird_signal_ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 1d;
}
# Signal gRPC
location /signalexchange.SignalExchange/ {
grpc_pass grpc://netbird_signal;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}
# Management API
location /api/ {
proxy_pass http://netbird_management;
proxy_set_header Host $host;
}
# Management WebSocket
location /ws-proxy/management {
proxy_pass http://netbird_management;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 1d;
}
# Management gRPC
location /management.ManagementService/ {
grpc_pass grpc://netbird_management;
grpc_read_timeout 1d;
grpc_send_timeout 1d;
grpc_socket_keepalive on;
}
# Embedded IdP OAuth2
location /oauth2/ {
proxy_pass http://netbird_management;
proxy_set_header Host $host;
}
# Dashboard (catch-all)
location / {
proxy_pass http://netbird_dashboard;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment