NetBird简介
NetBird 是一个建立在WireGuard之上的开源网络管理平台,它允许计算机、设备和服务器通过快速加密隧道直接连接,无需配置或中央V*N服务器。它使专用网络变得安全,并创建了一个专用网络,在没有手动配置和专家的情况下应用安全实践。NetBird网络普遍适用于云、本地、边缘和容器环境,省去了打开端口、复杂防火墙规则和V*N网关的麻烦。
NetBird 没有集中式V*N 服务器,您的计算机、设备、机器和服务器直接通过快速加密隧道相互连接。NetBird只需点击几下即可连接在任何地方运行的机器。使用NetBird部署安全的点对点V*N只需不到5分钟。
NetBird 架构
NetBird 服务端有 Management,Signal,Stun,Turn 四个后端组件外加一个前端。
传统V*N与NetBird对比:
NetBird 部署使用
部署要求
Linux 云主机 具有公网IP 不低于 1CPU 和 2GB 内存;
对公网开启如下端口;
TCP:80 443
UDP:3478 49152-65535- A Linux VM with at least 1CPU and 2GB of memory.
- The VM should be publicly accessible on TCP ports 80 and 443 and UDP ports: 3478, 49152-65535.
- Public domain name pointing to the VM.
安装
Linux
sudo tee /etc/yum.repos.d/netbird.repo <<EOF
[netbird]
name=netbird
baseurl=https://pkgs.netbird.io/yum/
enabled=1
gpgcheck=0
gpgkey=https://pkgs.netbird.io/yum/repodata/repomd.xml.key
repo_gpgcheck=1
EOF# for CLI only
sudo yum install netbird
# for GUI package
sudo yum install libappindicator-gtk3 libappindicator netbird-ui脚本一键安装
curl -OLs https://raw.githubusercontent.com/physk/netbird-installer/main/install.sh && sudo bash install.sh --quiet --install-ui --setup-key=77C9F991-DC68-46FA-B06C-E02FC102697F
install.sh内容如下
#!/bin/bash
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
APP_MAIN_NAME="netbird"
APP_UI_NAME="netbird-ui"
REPO_USER="netbirdio"
REPO_MAIN="netbird"
# Set Default Variables
INSTALL_APP=true
INSTALL_UI=false
INSTALL_DOCKER_BASED=false
INSTALL_SERVICE=true
PRECONFIGURE=true
DISPLAY_PROMPTS=true
SETUP_KEY=""
MANAGEMENT_URL="https://api.wiretrustee.com:33073"
BASE_URL="https://github.com/${REPO_USER}/${REPO_MAIN}/releases/download"
DOCKER_NAME="netbird"
DOCKER_HOSTNAME=$(hostname)
ALREADY_INSTALLED=false
if command -v netbird >/dev/null; then
ALREADY_INSTALLED=true
fi
# Color Variables
green='\e[32m'
# blue='\e[34m'
red="\e[31m"
clear='\e[0m'
yellow='\e[33m'
getLatestRelease() {
curl --silent \
"https://api.github.com/repos/${REPO_USER}/${REPO_MAIN}/releases/latest" \
| grep tag_name \
| sed -E 's/.*"([^"]+)".*/\1/' | sed 's/v//g'
}
showHelp () {
echo "$0 - Install Netbird"
echo " "
echo "$0 [options]"
echo " "
echo "options:"
echo " -h, --help show brief help"
echo " -ia, --install-app Install Netbird Binary"
echo " -iui, --install-ui Install Netbird UI Binary"
echo " -iv, --install-version Target Install version (defaults to latest, ${VERSION})"
echo " -d, --docker Install Netbird in Docker"
echo " -ns, --no-service Don't install service"
echo " -np, --no-preconfigure Don't Preconfigure Client"
echo " -b, --base-url Base URL For downloads (For Air-Gapped Systems)"
echo " -m, --management-url Management URL (Defaults to Netbird SaaS)"
echo " -sk, --setup-key Setup Key"
echo " -q, --quiet Don't present any prompts"
echo "Docker Options:"
echo " -dn, --docker-name Set docker container name"
echo " -dh, --docker-hostname Set docker hostname"
}
VERSION=$(getLatestRelease)
# Pretty Box Functions
function prettyBoxCurrent () {
echo -e "[ ${yellow}CURRENT${clear} ] ${1}"
}
function prettyBoxComplete () {
echo -e "[ ${green}COMPLETE${clear} ] ${1}"
}
function prettyBoxFailed () {
echo -e "[ ${red}FAILED${clear} ] ${1}"
# shellcheck disable=SC2086
if [ -z ${2} ]; then
# shellcheck disable=SC2086
exit ${2}
fi
}
function prettyError () {
echo -e "${red}${1}${clear}"
}
# detect the platform
OS="$(uname)"
case $OS in
Linux)
OS='linux'
;;
Darwin)
OS='darwin'
;;
*)
echo 'OS not supported'
exit 2
;;
esac
OS_type="$(uname -m)"
case "$OS_type" in
x86_64|amd64)
OS_type='amd64'
;;
i?86|x86)
OS_type='386'
;;
aarch64|arm64)
OS_type='arm64'
;;
*)
echo "OS type ${OS_type} not supported"
exit 2
;;
esac
# Test Perams
while test $# -gt 0; do
case "$1" in
-h|--help)
showHelp
exit 0
;;
-ia|--install-app)
INSTALL_APP=true
shift
;;
-iui|--install-ui)
INSTALL_UI=true
shift
;;
-d|--docker)
INSTALL_DOCKER_BASED=true
if [ ! -x "$(command -v docker)" ]; then
prettyError "Docker not installed"
exit 1
fi
shift
;;
-dn)
shift
DOCKER_NAME=${1}
shift
;;
--docker-name*)
# shellcheck disable=SC2001
DOCKER_NAME=$(echo "${1}" | sed -e 's/^[^=]*=//g')
shift
;;
-dh)
shift
DOCKER_HOSTNAME=${1}
shift
;;
--docker-hostname*)
# shellcheck disable=SC2001
DOCKER_HOSTNAME=$(echo "${1}" | sed -e 's/^[^=]*=//g')
shift
;;
-np|--no-preconfigure)
PRECONFIGURE=false
shift
;;
-m)
shift
MANAGEMENT_URL=${1}
shift
;;
--management-url*)
# shellcheck disable=SC2001
MANAGEMENT_URL=$(echo "${1}" | sed -e 's/^[^=]*=//g')
shift
;;
-b)
shift
BASE_URL=${1}
shift
;;
--base-url*)
# shellcheck disable=SC2001
BASE_URL=$(echo "${1}" | sed -e 's/^[^=]*=//g')
shift
;;
-iv)
shift
if [ ! "${1}" == "latest" ]; then
VERSION=${1}
fi
shift
;;
--install-version*)
# shellcheck disable=SC2001
VTMP=$(echo "${1}" | sed -e 's/^[^=]*=//g')
if [ ! "${VTMP}" == "latest" ]; then
VERSION=${VTMP}
fi
VTMP=
shift
;;
-sk)
shift
SETUP_KEY=${1}
shift
;;
--setup-key*)
# shellcheck disable=SC2001
SETUP_KEY=$(echo "${1}" | sed -e 's/^[^=]*=//g')
shift
;;
-ns|--no-service)
INSTALL_SERVICE=false
shift
;;
-q|--quiet)
DISPLAY_PROMPTS=false
shift
;;
*)
break
;;
esac
done
function showInstallSummary () {
echo -e "------------------------------------------------"
echo -e "| Install Summary"
echo -e "------------------------------------------------"
echo -e "| Target Operating System: ${green}${OS}${clear}"
echo -e "| Target Arch: ${green}${OS_type}${clear}"
echo -e "| Target Version: ${green}v${VERSION}${clear}"
if ${INSTALL_APP}; then
echo -e "| Install Netbird Binary: ${green}Yes${clear}"
else
echo -e "| Install Netbird Binary: ${red}No${clear}"
fi
if ${INSTALL_UI}; then
echo -e "| Install UI Binary: ${green}Yes${clear}"
else
echo -e "| Install UI Binary: ${red}No${clear}"
fi
if ${INSTALL_DOCKER_BASED}; then
echo -e "| Install Netbird in Docker: ${green}Yes${clear}"
else
echo -e "| Install Netbird in Docker: ${red}No${clear}"
fi
if ${PRECONFIGURE}; then
echo -e "| Pre-Configure Client: ${green}Yes${clear}"
else
echo -e "| Pre-Configure Client: ${red}No${clear}"
fi
echo -e "| Base URL: ${green}${BASE_URL}${clear}"
echo -e "| Management URL: ${green}${MANAGEMENT_URL}${clear}"
echo -e "| Setup Key: ${green}${SETUP_KEY}${clear}"
echo -e "|"
if ${ALREADY_INSTALLED}; then
echo -e "| Native Binary Installed ${green}Yes${clear}"
else
echo -e "| Native Binary Installed ${red}No${clear}"
fi
echo -e "------------------------------------------------"
}
function checkContinueInstall () {
if ${DISPLAY_PROMPTS}; then
echo
read -r -p "Are you sure you want to continue? [Y/n]: " CONTINUE_INSTALL
if [[ ! ${CONTINUE_INSTALL} =~ ^[Yy]$ ]]; then
echo "Cool, See you soon!"
exit 0
fi
fi
}
function installNativeDownloadBinarys () {
# Download Binary tar files
if ${INSTALL_APP}; then
prettyBoxCurrent "Downloading ${APP_MAIN_NAME}"
if curl -OLfsS "${APP_URL}"; then
prettyBoxComplete "Downloaded ${APP_MAIN_NAME}"
else
prettyBoxFailed "Failed to download ${APP_MAIN_NAME}" 1
fi
fi
if ${INSTALL_UI}; then
prettyBoxCurrent "Downloading ${APP_UI_NAME}"
if curl -OLfsS "${UI_URL}"; then
prettyBoxComplete "Downloaded ${APP_UI_NAME}"
else
prettyBoxFailed "Failed to download ${APP_UI_NAME}" 1
fi
fi
}
function installNativeExtractBinarys () {
# Extract Binary tar files
if ${INSTALL_APP}; then
prettyBoxCurrent "Extracting ${APP_MAIN_NAME}"
if tar xf "${APP_FILENAME}.tar.gz"; then
prettyBoxComplete "Extracted ${APP_MAIN_NAME}"
else
prettyBoxFailed "Failed to extract ${APP_MAIN_NAME}" 1
fi
fi
if ${INSTALL_UI}; then
prettyBoxCurrent "Extracting ${APP_UI_NAME}"
if tar xf "${UI_FILENAME}.tar.gz"; then
prettyBoxComplete "Extracted ${APP_UI_NAME}"
else
prettyBoxFailed "Failed to extract ${APP_UI_NAME}" 1
fi
fi
}
function installNativePlaceBinarys () {
if ${INSTALL_APP}; then
case "${OS}" in
'linux')
# Copy File
prettyBoxCurrent "Copying ${APP_MAIN_NAME} to /usr/bin/${APP_MAIN_NAME}.new"
if cp "${APP_MAIN_NAME}" "/usr/bin/${APP_MAIN_NAME}.new"; then
prettyBoxComplete "Binary copied succesfully"
else
prettyBoxFailed "Failed to copy Binary" 1
fi
# Set Binary Mode
prettyBoxCurrent "Setting /usr/bin/${APP_MAIN_NAME}.new to 0755"
if chmod 775 "/usr/bin/${APP_MAIN_NAME}.new"; then
prettyBoxComplete "Binary modes set succesfully"
else
prettyBoxFailed "Failed to set Binary file modes" 1
fi
# Set owner and group
prettyBoxCurrent "Setting /usr/bin/${APP_MAIN_NAME}.new owner and group to root"
if chown root:root "/usr/bin/${APP_MAIN_NAME}.new"; then
prettyBoxComplete "Binary owner and group set succesfully"
else
prettyBoxFailed "Failed to set Binary File owner and group" 1
fi
# Overwrite /usr/bin/netbird
prettyBoxCurrent "Overwriting /usr/bin/${APP_MAIN_NAME} with /usr/bin/${APP_MAIN_NAME}.new"
if mv "/usr/bin/${APP_MAIN_NAME}.new" "/usr/bin/${APP_MAIN_NAME}"; then
prettyBoxComplete "Binary Overwritten succesfully"
else
prettyBoxFailed "Failed to overwrite /usr/bin/${APP_MAIN_NAME}" 1
fi
;;
'darwin')
# Make sure /usr/local/bin exists
if [ ! -d /usr/local/bin ]; then
prettyBoxCurrent "Create /usr/local/bin"
# shellcheck disable=SC2174
if mkdir -m 0555 -p /usr/local/bin; then
prettyBoxComplete "/usr/local/bin Created Successfully"
else
prettyBoxFailed "Failed to create /usr/local/bin" 1
fi
fi
# Copy Binary
prettyBoxCurrent "Copying ${APP_MAIN_NAME} to /usr/local/bin/${APP_MAIN_NAME}.new"
if cp "${APP_MAIN_NAME}" "/usr/local/bin/${APP_MAIN_NAME}.new"; then
prettyBoxComplete "Binary copied succesfully"
else
prettyBoxFailed "Failed to copy Binary" 1
fi
# Set Binary Mode
prettyBoxCurrent "Setting /usr/local/bin/${APP_MAIN_NAME}.new to a=x"
if chmod a=x "/usr/local/bin/${APP_MAIN_NAME}.new"; then
prettyBoxComplete "Binary File modes set succesfully"
else
prettyBoxFailed "Failed to set Binary File modes" 1
fi
# Overwrite /usr/bin/netbird
prettyBoxCurrent "Overwriting /usr/local/bin/${APP_MAIN_NAME} with /usr/local/bin/${APP_MAIN_NAME}.new"
if mv "/usr/local/bin/${APP_MAIN_NAME}.new" "/usr/local/bin/${APP_MAIN_NAME}"; then
prettyBoxComplete "Binary Overwritten succesfully"
else
prettyBoxFailed "Failed to overwrite /usr/bin/${APP_MAIN_NAME}" 1
fi
;;
esac
fi
if ${INSTALL_UI}; then
case "${OS}" in
'linux')
# Copy Binary
prettyBoxCurrent "Copying ${APP_UI_NAME} to /usr/bin/${APP_UI_NAME}.new"
if cp "${APP_UI_NAME}" "/usr/bin/${APP_UI_NAME}.new"; then
prettyBoxComplete "Binary copied succesfully"
else
prettyBoxFailed "Failed to copy Binary" 1
fi
# Set Binary Mode
prettyBoxCurrent "Setting /usr/bin/${APP_UI_NAME}.new to 0755"
if chmod 775 "/usr/bin/${APP_UI_NAME}.new"; then
prettyBoxComplete "Binary file modes set succesfully"
else
prettyBoxFailed "Failed to set Binary file modes" 1
fi
# Set owner and group
prettyBoxCurrent "Setting /usr/bin/${APP_UI_NAME}.new owner and group to root"
if chown root:root "/usr/bin/${APP_UI_NAME}.new"; then
prettyBoxComplete "Binary file owner and group set succesfully"
else
prettyBoxFailed "Failed to set Binary file owner and group" 1
fi
# Overwrite /usr/bin/netbird-ui
prettyBoxCurrent "Overwriting /usr/bin/${APP_UI_NAME} with /usr/bin/${APP_UI_NAME}.new"
if mv "/usr/bin/${APP_UI_NAME}.new" "/usr/bin/${APP_UI_NAME}"; then
prettyBoxComplete "Binary Overwritten succesfully"
else
prettyBoxFailed "Failed to overwrite /usr/bin/${APP_UI_NAME}" 1
fi
;;
'darwin')
# Make sure /usr/local/bin exists
if [ ! -d /usr/local/bin ]; then
prettyBoxCurrent "Create /usr/local/bin"
# shellcheck disable=SC2174
if mkdir -m 0555 -p /usr/local/bin; then
prettyBoxComplete "/usr/local/bin Created Successfully"
else
prettyBoxFailed "Failed to create /usr/local/bin" 1
fi
fi
# Copy Binary
prettyBoxCurrent "Copying ${APP_UI_NAME} to /usr/local/bin/${APP_UI_NAME}.new"
if cp "${APP_UI_NAME}" "/usr/local/bin/${APP_UI_NAME}.new"; then
prettyBoxComplete "Binary copied succesfully"
else
prettyBoxFailed "Failed to copy Binary" 1
fi
# Set Binary Mode
prettyBoxCurrent "Setting /usr/local/bin/${APP_UI_NAME}.new to a=x"
if chmod a=x "/usr/local/bin/${APP_UI_NAME}.new"; then
prettyBoxComplete "Binary file modes set succesfully"
else
prettyBoxFailed "Failed to set Binary file modes" 1
fi
# Overwrite /usr/bin/netbird
prettyBoxCurrent "Overwriting /usr/local/bin/${APP_UI_NAME} with /usr/local/bin/${APP_MAIN_NAME}.new"
if mv "/usr/local/bin/${APP_UI_NAME}.new" "/usr/local/bin/${APP_UI_NAME}"; then
prettyBoxComplete "Binary Overwritten succesfully"
else
prettyBoxFailed "Failed to overwrite /usr/bin/${APP_UI_NAME}" 1
fi
;;
esac
fi
}
function installNativeService () {
if ${INSTALL_APP}; then
if ${INSTALL_SERVICE}; then
case ${OS} in
'linux')
NETBIRD_BIN=/usr/bin/netbird
;;
'darwin')
NETBIRD_BIN=/usr/local/bin/netbird
;;
esac
if ${ALREADY_INSTALLED}; then
# Stop Service
prettyBoxCurrent "Stopping Service"
if ${NETBIRD_BIN} service stop >/dev/null; then
prettyBoxComplete "Service Successfully Stopped"
else
prettyBoxFailed "Failed to stop Service" 1
fi
# Uninstall Service
prettyBoxCurrent "Uninstalling Service"
if ${NETBIRD_BIN} service uninstall >/dev/null; then
prettyBoxComplete "Service Successfully Uninstalled"
else
prettyBoxFailed "Failed to uninstall service" 1
fi
fi
# Install Service
prettyBoxCurrent "Installing Service"
if ${NETBIRD_BIN} service install >/dev/null; then
prettyBoxComplete "Service Successfully Installed"
else
prettyBoxFailed "Failed to install service"
echo
prettyError "*****************************************************"
prettyError "* IF ABOVE SAYS \"INIT ALREADY EXISTS\" OR SOMETHING SIMMILAR"
prettyError "* RUN sudo ${NETBIRD_BIN} service uninstall"
prettyError "*****************************************************"
exit 1
fi
# Start Service
prettyBoxCurrent "Starting Service"
if ${NETBIRD_BIN} service start >/dev/null; then
prettyBoxComplete "Service Successfully Started"
else
prettyBoxFailed "Failed to start service"
exit 1
fi
fi
fi
}
function installNativePreconfigure () {
if ${PRECONFIGURE}; then
case ${OS} in
'linux')
NETBIRD_BIN=/usr/bin/netbird
;;
'darwin')
NETBIRD_BIN=/usr/local/bin/netbird
;;
esac
CONFIGURE_ARGS="up"
if [ ! "${MANAGEMENT_URL}" == "https://api.wiretrustee.com:33073" ]; then
CONFIGURE_ARGS+=" --management-url ${MANAGEMENT_URL}"
fi
if [ ! "${SETUP_KEY}" == "" ]; then
CONFIGURE_ARGS+=" --setup-key ${SETUP_KEY}"
fi
fi
# shellcheck disable=SC2086
${NETBIRD_BIN} ${CONFIGURE_ARGS}
}
function installNative () {
# Create Tempory Directory
tmp_dir=$(mktemp -d 2>/dev/null || mktemp -d -t 'netbird-install.XXXXXXXXXX')
cd "$tmp_dir" || exit 1
APP_FILENAME="${APP_MAIN_NAME}_${VERSION}_${OS}_${OS_type}"
UI_FILENAME="${APP_UI_NAME}-${OS}_${VERSION}_${OS}_${OS_type}"
# Generate App Binary URLS
APP_URL="${BASE_URL}/v${VERSION}/${APP_FILENAME}.tar.gz"
UI_URL="${BASE_URL}/v${VERSION}/${UI_FILENAME}.tar.gz"
installNativeDownloadBinarys
installNativeExtractBinarys
installNativePlaceBinarys
installNativeService
installNativePreconfigure
}
function installDocker () {
if ${INSTALL_DOCKER_BASED}; then
if [ "${SETUP_KEY}" == "" ]; then
prettyError "You MUST enter a Setup Key for a docker install"
exit 1
fi
prettyBoxCurrent "Pulling Container"
if docker pull "netbirdio/netbird:${VERSION}"; then
prettyBoxComplete "Pull Complete"
else
prettyBoxFailed "Failed to pull container" 1
fi
DOCKER_COMMAND="docker run --rm --cap-add=NET_ADMIN -d"
DOCKER_COMMAND+=" --name ${DOCKER_NAME}"
DOCKER_COMMAND+=" --hostname ${DOCKER_HOSTNAME}"
DOCKER_COMMAND+=" -e NB_SETUP_KEY=${SETUP_KEY}"
DOCKER_COMMAND+=" -e NB_MANAGEMENT_URL=${MANAGEMENT_URL}"
DOCKER_COMMAND+=" -v netbird-client:/etc/netbird"
DOCKER_COMMAND+=" netbirdio/netbird:${VERSION}"
prettyBoxCurrent "Starting Container"
if ${DOCKER_COMMAND}; then
prettyBoxComplete "Successfully Started"
else
prettyBoxFailed "Failed to start container" 1
fi
fi
}
showInstallSummary
checkContinueInstall
if ${INSTALL_DOCKER_BASED}; then
installDocker
else
installNative
fimacOS
curl -fsSL https://pkgs.netbird.io/install.sh | sh# for CLI only
brew install netbirdio/tap/netbird
# for GUI package
brew install --cask netbirdio/tap/netbird-uiinstall.sh内容如下
# This code is based on the netbird-installer contribution by physk on GitHub.
# Source: https://github.com/physk/netbird-installer
set -e
CONFIG_FOLDER="/etc/netbird"
CONFIG_FILE="$CONFIG_FOLDER/install.conf"
OWNER="netbirdio"
REPO="netbird"
CLI_APP="netbird"
UI_APP="netbird-ui"
# Set default variable
OS_NAME=""
OS_TYPE=""
ARCH="$(uname -m)"
PACKAGE_MANAGER="bin"
INSTALL_DIR=""
SUDO=""
if command -v sudo > /dev/null && [ "$(id -u)" -ne 0 ]; then
SUDO="sudo"
fi
if [ -z ${NETBIRD_RELEASE+x} ]; then
NETBIRD_RELEASE=latest
fi
get_release() {
local RELEASE=$1
if [ "$RELEASE" = "latest" ]; then
local TAG="latest"
else
local TAG="tags/${RELEASE}"
fi
if [ -n "$GITHUB_TOKEN" ]; then
curl -H "Authorization: token ${GITHUB_TOKEN}" -s "https://api.github.com/repos/${OWNER}/${REPO}/releases/${TAG}" \
| grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'
else
curl -s "https://api.github.com/repos/${OWNER}/${REPO}/releases/${TAG}" \
| grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'
fi
}
download_release_binary() {
VERSION=$(get_release "$NETBIRD_RELEASE")
BASE_URL="https://github.com/${OWNER}/${REPO}/releases/download"
BINARY_BASE_NAME="${VERSION#v}_${OS_TYPE}_${ARCH}.tar.gz"
# for Darwin, download the signed NetBird-UI
if [ "$OS_TYPE" = "darwin" ] && [ "$1" = "$UI_APP" ]; then
BINARY_BASE_NAME="${VERSION#v}_${OS_TYPE}_${ARCH}_signed.zip"
fi
if [ "$1" = "$UI_APP" ]; then
BINARY_NAME="$1-${OS_TYPE}_${BINARY_BASE_NAME}"
if [ "$OS_TYPE" = "darwin" ]; then
BINARY_NAME="$1_${BINARY_BASE_NAME}"
fi
else
BINARY_NAME="$1_${BINARY_BASE_NAME}"
fi
DOWNLOAD_URL="${BASE_URL}/${VERSION}/${BINARY_NAME}"
echo "Installing $1 from $DOWNLOAD_URL"
if [ -n "$GITHUB_TOKEN" ]; then
cd /tmp && curl -H "Authorization: token ${GITHUB_TOKEN}" -LO "$DOWNLOAD_URL"
else
cd /tmp && curl -LO "$DOWNLOAD_URL"
fi
if [ "$OS_TYPE" = "darwin" ] && [ "$1" = "$UI_APP" ]; then
INSTALL_DIR="/Applications/NetBird UI.app"
if test -d "$INSTALL_DIR" ; then
echo "removing $INSTALL_DIR"
rm -rfv "$INSTALL_DIR"
fi
# Unzip the app and move to INSTALL_DIR
unzip -q -o "$BINARY_NAME"
mv "netbird_ui_${OS_TYPE}_${ARCH}/" "$INSTALL_DIR/"
else
${SUDO} mkdir -p "$INSTALL_DIR"
tar -xzvf "$BINARY_NAME"
${SUDO} mv "${1%_"${BINARY_BASE_NAME}"}" "$INSTALL_DIR/"
fi
}
add_apt_repo() {
${SUDO} apt-get update
${SUDO} apt-get install ca-certificates curl gnupg -y
# Remove old keys and repo source files
${SUDO} rm -f \
/etc/apt/sources.list.d/netbird.list \
/etc/apt/sources.list.d/wiretrustee.list \
/etc/apt/trusted.gpg.d/wiretrustee.gpg \
/usr/share/keyrings/netbird-archive-keyring.gpg \
/usr/share/keyrings/wiretrustee-archive-keyring.gpg
curl -sSL https://pkgs.netbird.io/debian/public.key \
| ${SUDO} gpg --dearmor -o /usr/share/keyrings/netbird-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main' \
| ${SUDO} tee /etc/apt/sources.list.d/netbird.list
${SUDO} apt-get update
}
add_rpm_repo() {
cat <<-EOF | ${SUDO} tee /etc/yum.repos.d/netbird.repo
[NetBird]
name=NetBird
baseurl=https://pkgs.netbird.io/yum/
enabled=1
gpgcheck=0
gpgkey=https://pkgs.netbird.io/yum/repodata/repomd.xml.key
repo_gpgcheck=1
EOF
}
add_aur_repo() {
INSTALL_PKGS="git base-devel go"
REMOVE_PKGS=""
# Check if dependencies are installed
for PKG in $INSTALL_PKGS; do
if ! pacman -Q "$PKG" > /dev/null 2>&1; then
# Install missing package(s)
${SUDO} pacman -S "$PKG" --noconfirm
# Add installed package for clean up later
REMOVE_PKGS="$REMOVE_PKGS $PKG"
fi
done
# Build package from AUR
cd /tmp && git clone https://aur.archlinux.org/netbird.git
cd netbird && makepkg -sri --noconfirm
if ! $SKIP_UI_APP; then
cd /tmp && git clone https://aur.archlinux.org/netbird-ui.git
cd netbird-ui && makepkg -sri --noconfirm
fi
# Clean up the installed packages
${SUDO} pacman -Rs "$REMOVE_PKGS" --noconfirm
}
install_native_binaries() {
# Checks for supported architecture
case "$ARCH" in
x86_64|amd64)
ARCH="amd64"
;;
i?86|x86)
ARCH="386"
;;
aarch64|arm64)
ARCH="arm64"
;;
*)
echo "Architecture ${ARCH} not supported"
exit 2
;;
esac
# download and copy binaries to INSTALL_DIR
download_release_binary "$CLI_APP"
if ! $SKIP_UI_APP; then
download_release_binary "$UI_APP"
fi
}
check_use_bin_variable() {
if [ "${USE_BIN_INSTALL}-x" = "true-x" ]; then
echo "The installation will be performed using binary files"
return 0
fi
return 1
}
install_netbird() {
if [ -x "$(command -v netbird)" ]; then
status_output=$(netbird status)
if echo "$status_output" | grep -q 'Management: Connected' && echo "$status_output" | grep -q 'Signal: Connected'; then
echo "NetBird service is running, please stop it before proceeding"
exit 1
fi
if [ -n "$status_output" ]; then
echo "NetBird seems to be installed already, please remove it before proceeding"
exit 1
fi
fi
# Run the installation, if a desktop environment is not detected
# only the CLI will be installed
case "$PACKAGE_MANAGER" in
apt)
add_apt_repo
${SUDO} apt-get install netbird -y
if ! $SKIP_UI_APP; then
${SUDO} apt-get install netbird-ui -y
fi
;;
yum)
add_rpm_repo
${SUDO} yum -y install netbird
if ! $SKIP_UI_APP; then
${SUDO} yum -y install netbird-ui
fi
;;
dnf)
add_rpm_repo
${SUDO} dnf -y install dnf-plugin-config-manager
${SUDO} dnf config-manager --add-repo /etc/yum.repos.d/netbird.repo
${SUDO} dnf -y install netbird
if ! $SKIP_UI_APP; then
${SUDO} dnf -y install netbird-ui
fi
;;
pacman)
${SUDO} pacman -Syy
add_aur_repo
;;
brew)
# Remove Wiretrustee if it had been installed using Homebrew before
if brew ls --versions wiretrustee >/dev/null 2>&1; then
echo "Removing existing wiretrustee client"
# Stop and uninstall daemon service:
wiretrustee service stop
wiretrustee service uninstall
# Unlik the app
brew unlink wiretrustee
fi
brew install netbirdio/tap/netbird
if ! $SKIP_UI_APP; then
brew install --cask netbirdio/tap/netbird-ui
fi
;;
*)
if [ "$OS_NAME" = "nixos" ];then
echo "Please add NetBird to your NixOS configuration.nix directly:"
echo ""
echo "services.netbird.enable = true;"
if ! $SKIP_UI_APP; then
echo "environment.systemPackages = [ pkgs.netbird-ui ];"
fi
echo "Build and apply new configuration:"
echo ""
echo "${SUDO} nixos-rebuild switch"
exit 0
fi
install_native_binaries
;;
esac
# Add package manager to config
${SUDO} mkdir -p "$CONFIG_FOLDER"
echo "package_manager=$PACKAGE_MANAGER" | ${SUDO} tee "$CONFIG_FILE" > /dev/null
# Load and start netbird service
if ! ${SUDO} netbird service install 2>&1; then
echo "NetBird service has already been loaded"
fi
if ! ${SUDO} netbird service start 2>&1; then
echo "NetBird service has already been started"
fi
echo "Installation has been finished. To connect, you need to run NetBird by executing the following command:"
echo ""
echo "netbird up"
}
version_greater_equal() {
printf '%s\n%s\n' "$2" "$1" | sort -V -C
}
is_bin_package_manager() {
if ${SUDO} test -f "$1" && ${SUDO} grep -q "package_manager=bin" "$1" ; then
return 0
else
return 1
fi
}
stop_running_netbird_ui() {
NB_UI_PROC=$(ps -ef | grep "[n]etbird-ui" | awk '{print $2}')
if [ -n "$NB_UI_PROC" ]; then
echo "NetBird UI is running with PID $NB_UI_PROC. Stopping it..."
kill -9 "$NB_UI_PROC"
fi
}
update_netbird() {
if is_bin_package_manager "$CONFIG_FILE"; then
latest_release=$(get_release "latest")
latest_version=${latest_release#v}
installed_version=$(netbird version)
if [ "$latest_version" = "$installed_version" ]; then
echo "Installed NetBird version ($installed_version) is up-to-date"
exit 0
fi
if version_greater_equal "$latest_version" "$installed_version"; then
echo "NetBird new version ($latest_version) available. Updating..."
echo ""
echo "Initiating NetBird update. This will stop the netbird service and restart it after the update"
${SUDO} netbird service stop || true
${SUDO} netbird service uninstall || true
stop_running_netbird_ui
install_native_binaries
${SUDO} netbird service install
${SUDO} netbird service start
fi
else
echo "NetBird installation was done using a package manager. Please use your system's package manager to update"
fi
}
# Checks if SKIP_UI_APP env is set
if [ -z "$SKIP_UI_APP" ]; then
SKIP_UI_APP=false
else
if $SKIP_UI_APP; then
echo "SKIP_UI_APP has been set to true in the environment"
echo "NetBird UI installation will be omitted based on your preference"
fi
fi
# Identify OS name and default package manager
if type uname >/dev/null 2>&1; then
case "$(uname)" in
Linux)
OS_NAME="$(. /etc/os-release && echo "$ID")"
OS_TYPE="linux"
INSTALL_DIR="/usr/bin"
# Allow netbird UI installation for x64 arch only
if [ "$ARCH" != "amd64" ] && [ "$ARCH" != "arm64" ] \
&& [ "$ARCH" != "x86_64" ];then
SKIP_UI_APP=true
echo "NetBird UI installation will be omitted as $ARCH is not a compatible architecture"
fi
# Allow netbird UI installation for linux running desktop environment
if [ -z "$XDG_CURRENT_DESKTOP" ];then
SKIP_UI_APP=true
echo "NetBird UI installation will be omitted as Linux does not run desktop environment"
fi
# Check the availability of a compatible package manager
if check_use_bin_variable; then
PACKAGE_MANAGER="bin"
elif [ -x "$(command -v apt)" ]; then
PACKAGE_MANAGER="apt"
echo "The installation will be performed using apt package manager"
elif [ -x "$(command -v dnf)" ]; then
PACKAGE_MANAGER="dnf"
echo "The installation will be performed using dnf package manager"
elif [ -x "$(command -v yum)" ]; then
PACKAGE_MANAGER="yum"
echo "The installation will be performed using yum package manager"
elif [ -x "$(command -v pacman)" ]; then
PACKAGE_MANAGER="pacman"
echo "The installation will be performed using pacman package manager"
fi
;;
Darwin)
OS_NAME="macos"
OS_TYPE="darwin"
INSTALL_DIR="/usr/local/bin"
# Check the availability of a compatible package manager
if check_use_bin_variable; then
PACKAGE_MANAGER="bin"
elif [ -x "$(command -v brew)" ]; then
PACKAGE_MANAGER="brew"
echo "The installation will be performed using brew package manager"
fi
;;
esac
fi
UPDATE_FLAG=$1
if [ "${UPDATE_NETBIRD}-x" = "true-x" ]; then
UPDATE_FLAG="--update"
fi
case "$UPDATE_FLAG" in
--update)
update_netbird
;;
*)
install_netbird
esac详细的安装说明:https://docs.netbird.io/how-to/installation
使用
,时长00:27
刷新就可以看新增的设备了
参考:https://docs.netbird.io/how-to/add-machines-to-your-network
更多的功能介绍与具体操作可以访问官网或者 https://github.com/netbirdio/netbird 查看详细的说明。
前置条件
基础设施
Linux 云主机 具有公网IP 不低于 1CPU 和 2GB 内存;
对公网开启如下端口;
TCP:80 443
UDP:3478 49152-65535指向云主机公网IP的域名,国内需要备案;
软件要求
主机需要安装 docker、docker-compose,安装参考 Docker installation guide需要安装 jq 在大多数发行版中通常在官方存储库中可用,并且可以使用 sudo apt install jq 或 sudo yum install jq 来进行安装
需要安装 jq 在大多数发行版中通常在官方存储库中可用,并且可以使用 sudo apt install curl 或 sudo yum install curl 来进行安装
部署 NetBird
下载部署脚本
下载部署脚本
curl -sSLO https://github.com/netbirdio/netbird/releases/latest/download/getting-started-with-zitadel.sh改部署脚本
需要将部署脚本生成 caddy 配置文件 caddyfile 的代码中 486行 的 protocols h1 h2c 通过注释的方法关闭该参数。
修改前内容如下
……
renderCaddyfile() {
cat <<EOF
{
debug
servers :80,:443 {
protocols h1 h2c
}
}
(security_headers) {
header * {
# enable HSTS
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#strict-transport-security-hsts
# NOTE: Read carefully how this header works before using it.
# If the HSTS header is misconfigured or if there is a problem with
# the SSL/TLS certificate being used, legitimate users might be unable
# to access the website. For example, if the HSTS header is set to a
# very long duration and the SSL/TLS certificate expires or is revoked,
# legitimate users might be unable to access the website until
# the HSTS header duration has expired.
# The recommended value for the max-age is 2 year (63072000 seconds).
# But we are using 1 hour (3600 seconds) for testing purposes
# and ensure that the website is working properly before setting
# to two years.
Strict-Transport-Security "max-age=3600; includeSubDomains; preload"
# disable clients from sniffing the media type
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-content-type-options
X-Content-Type-Options "nosniff"
# clickjacking protection
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-frame-options
X-Frame-Options "DENY"
# xss protection
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection
X-XSS-Protection "1; mode=block"
# Remove -Server header, which is an information leak
# Remove Caddy from Headers
-Server
# keep referrer data off of HTTP connections
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#referrer-policy
Referrer-Policy strict-origin-when-cross-origin
}
}
:80${CADDY_SECURE_DOMAIN} {
import security_headers
# Signal
reverse_proxy /signalexchange.SignalExchange/* h2c://signal:10000
# Management
reverse_proxy /api/* management:80
reverse_proxy /management.ManagementService/* h2c://management:80
# Zitadel
reverse_proxy /zitadel.admin.v1.AdminService/* h2c://zitadel:8080
reverse_proxy /admin/v1/* h2c://zitadel:8080
reverse_proxy /zitadel.auth.v1.AuthService/* h2c://zitadel:8080
reverse_proxy /auth/v1/* h2c://zitadel:8080
reverse_proxy /zitadel.management.v1.ManagementService/* h2c://zitadel:8080
reverse_proxy /management/v1/* h2c://zitadel:8080
reverse_proxy /zitadel.system.v1.SystemService/* h2c://zitadel:8080
reverse_proxy /system/v1/* h2c://zitadel:8080
reverse_proxy /assets/v1/* h2c://zitadel:8080
reverse_proxy /ui/* h2c://zitadel:8080
reverse_proxy /oidc/v1/* h2c://zitadel:8080
reverse_proxy /saml/v2/* h2c://zitadel:8080
reverse_proxy /oauth/v2/* h2c://zitadel:8080
reverse_proxy /.well-known/openid-configuration h2c://zitadel:8080
reverse_proxy /openapi/* h2c://zitadel:8080
reverse_proxy /debug/* h2c://zitadel:8080
# Dashboard
reverse_proxy /* dashboard:80
}
EOF
}
……修改后内容如下
……
renderCaddyfile() {
cat <<EOF
{
debug
servers :80,:443 {
# protocols h1 h2c
}
}
(security_headers) {
header * {
# enable HSTS
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#strict-transport-security-hsts
# NOTE: Read carefully how this header works before using it.
# If the HSTS header is misconfigured or if there is a problem with
# the SSL/TLS certificate being used, legitimate users might be unable
# to access the website. For example, if the HSTS header is set to a
# very long duration and the SSL/TLS certificate expires or is revoked,
# legitimate users might be unable to access the website until
# the HSTS header duration has expired.
# The recommended value for the max-age is 2 year (63072000 seconds).
# But we are using 1 hour (3600 seconds) for testing purposes
# and ensure that the website is working properly before setting
# to two years.
Strict-Transport-Security "max-age=3600; includeSubDomains; preload"
# disable clients from sniffing the media type
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-content-type-options
X-Content-Type-Options "nosniff"
# clickjacking protection
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-frame-options
X-Frame-Options "DENY"
# xss protection
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection
X-XSS-Protection "1; mode=block"
# Remove -Server header, which is an information leak
# Remove Caddy from Headers
-Server
# keep referrer data off of HTTP connections
# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#referrer-policy
Referrer-Policy strict-origin-when-cross-origin
}
}
:80${CADDY_SECURE_DOMAIN} {
import security_headers
# Signal
reverse_proxy /signalexchange.SignalExchange/* h2c://signal:10000
# Management
reverse_proxy /api/* management:80
reverse_proxy /management.ManagementService/* h2c://management:80
# Zitadel
reverse_proxy /zitadel.admin.v1.AdminService/* h2c://zitadel:8080
reverse_proxy /admin/v1/* h2c://zitadel:8080
reverse_proxy /zitadel.auth.v1.AuthService/* h2c://zitadel:8080
reverse_proxy /auth/v1/* h2c://zitadel:8080
reverse_proxy /zitadel.management.v1.ManagementService/* h2c://zitadel:8080
reverse_proxy /management/v1/* h2c://zitadel:8080
reverse_proxy /zitadel.system.v1.SystemService/* h2c://zitadel:8080
reverse_proxy /system/v1/* h2c://zitadel:8080
reverse_proxy /assets/v1/* h2c://zitadel:8080
reverse_proxy /ui/* h2c://zitadel:8080
reverse_proxy /oidc/v1/* h2c://zitadel:8080
reverse_proxy /saml/v2/* h2c://zitadel:8080
reverse_proxy /oauth/v2/* h2c://zitadel:8080
reverse_proxy /.well-known/openid-configuration h2c://zitadel:8080
reverse_proxy /openapi/* h2c://zitadel:8080
reverse_proxy /debug/* h2c://zitadel:8080
# Dashboard
reverse_proxy /* dashboard:80
}
EOF
}
……注:修改部署脚本的原因会在后面解释
运行部署脚本
将 netbird 使用的域名传入环境变量
export NETBIRD_DOMAIN=netbird.example.com运行脚本
bash getting-started-with-zitadel.sh运行后输出如下
Rendering initial files...
Initializing Zitadel's CockroachDB
[+] Building 0.0s (0/0) docker:default
[+] Running 7/7
✔ Network netbird_netbird Created 0.1s
✔ Volume "netbird_netbird_crdb_data" Created 0.0s
✔ Volume "netbird_netbird_crdb_certs" Created 0.0s
✔ Volume "netbird_netbird_caddy_data" Created 0.0s
✔ Volume "netbird_netbird_management" Created 0.0s
✔ Volume "netbird_netbird_zitadel_certs" Created 0.0s
✔ Container netbird-crdb-1 Started 0.1s
Waiting cockroachDB to become ready . done
Starting Zidatel IDP for user management
[+] Building 0.0s (0/0) docker:default
[+] Running 3/3
✔ Container netbird-caddy-1 Started 0.1s
✔ Container netbird-crdb-1 Healthy 0.0s
✔ Container netbird-zitadel-1 Started 0.1s
Initializing Zitadel with NetBird's applications
Waiting for Zitadel's PAT to be created . . . done
Reading Zitadel PAT
Waiting for Zitadel to become ready . . . . . . . . . . . . . . . . . . done
Creating new zitadel project
Creating new Zitadel SPA Dashboard application
Creating new Zitadel SPA Cli application
Rendering NetBird files...
Starting NetBird services
[+] Building 0.0s (0/0) docker:default
[+] Running 7/7
✔ Container netbird-dashboard-1 Started 0.3s
✔ Container netbird-management-1 Started 0.2s
✔ Container netbird-signal-1 Started 0.3s
✔ Container netbird-coturn-1 Started 0.3s
✔ Container netbird-crdb-1 Healthy 0.0s
✔ Container netbird-caddy-1 Running 0.0s
✔ Container netbird-zitadel-1 Running 0.0s
Done!
You can access the NetBird dashboard at https://netbird.example.com:443
Login with the following credentials:
Username: [email protected]
Password: (●'◡'●)注:在部署中使用的是真实域名,已经用 netbird.example.com 替代,密码为生成后的随机字符串,使用(●'◡'●)替代。
配置 NetBird
现在即可使用域名访问 netbird 了,我的域名还在备案中,后面会单独开一篇文档介绍,平台配置参考 ac_laoe 大佬的视频即可。 作者:嘿嘿嘿!?? https://www.bilibili.com/read/cv27338555/ 出处:bilibili
标签:NAME,网络管理,APP,echo,开源,UI,fi,netbird,NetBird From: https://blog.51cto.com/u_64214/8601140