docs: add "Private Proxy Without Public Inbound Ports" use case

[SunsetDrifter]

Adds a Reverse Proxy use-case page documenting how to run a Bring Your Own Proxy (BYOP) instance in private mode with no public inbound ports.

Why

The proxy's built-in ACME challenges (tls-alpn-01, http-01) both require a publicly reachable inbound port, which conflicts with a fully private deployment. The supported alternative was not documented as a use case.

What

Documents the pattern: disable the proxy's ACME, issue the wildcard certificate externally over the DNS-01 challenge, and serve it as a static certificate that the proxy hot-reloads on renewal. Inbound web ports stay closed; issuance proves domain ownership via a DNS TXT record.

Changes

• New page: manage/reverse-proxy/use-cases/private-no-inbound.mdx — "Private Proxy Without Public Inbound Ports"
• New Use Cases nav group under Reverse Proxy
• Cross-links from the Bring Your Own Proxy page (port-443 prerequisite + TLS configuration table) and the Reverse Proxy overview (static certificate mode)

Summary by CodeRabbit

• Documentation
  • Added a new use-case guide for deploying a reverse proxy with no public inbound ports using DNS-01 certificates in static mode.
  • Enhanced navigation and existing documentation with references and clarifications for private proxy deployments.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 70b9236c-6796-4920-870e-0fbde7c4e795

📥 Commits

Reviewing files that changed from the base of the PR and between fb4c110 and 00d1937.

📒 Files selected for processing (4)

• src/components/NavigationDocs.jsx
• src/pages/manage/reverse-proxy/bring-your-own-proxy.mdx
• src/pages/manage/reverse-proxy/index.mdx
• src/pages/manage/reverse-proxy/use-cases/private-no-inbound.mdx

---

📝 Walkthrough

Walkthrough

Adds a new MDX documentation page for running a BYOP reverse proxy with no public inbound ports using DNS-01 certificate issuance and static certificate mode. Existing reverse proxy index and BYOP pages gain cross-reference sentences and table rows linking to the new page. The sidebar navigation gains a nested Use Cases group with the new entry.

Changes

Private No-Inbound Proxy Documentation

Layer / File(s)	Summary
New private-no-inbound use-case page src/pages/manage/reverse-proxy/use-cases/private-no-inbound.mdx	New page covering the full scenario: BYOP reachable only via NetBird tunnel, DNS-01 motivation, proxy env-var configuration for static certs, wildcard certificate issuance with lego, renewal with hot-reload, curl verification over the tunnel, and related links.
Cross-references in existing reverse proxy docs src/pages/manage/reverse-proxy/index.mdx, src/pages/manage/reverse-proxy/bring-your-own-proxy.mdx	Static-mode section in the index gains a sentence and link; BYOP page gains a warning note and a TLS configuration table row, all pointing to the new use-case page.
Sidebar navigation entry src/components/NavigationDocs.jsx	Adds a nested Use Cases group containing a single No Public Inbound link under the Reverse Proxy section in docsNavigation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• netbirdio/docs#767: Both PRs modify bring-your-own-proxy.mdx and index.mdx with closely related private service capability guidance and links in the same reverse proxy documentation section.
• netbirdio/docs#786: Both PRs edit NavigationDocs.jsx's docsNavigation structure — this PR adds a nested Use Cases group under Reverse Proxy, while the referenced PR updated grouped navigation item expand/collapse behavior that the new group depends on.

Suggested reviewers

• mlsmaycon

Poem

🐇 Hopping through tunnels, no ports in sight,
DNS-01 certs keep the proxy alight.
Static mode hums, no inbound to fear,
lego fetches certs, the path is now clear.
Hot-reload magic — no dropped connections here! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately summarizes the main addition: a new documentation page for running a private Bring Your Own Proxy without public inbound ports, which is the primary change across all four modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cc/dns01-byop

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

src/components/NavigationDocs.jsx

Oops! Something went wrong! :(

ESLint: 9.39.4

TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'configs' -> object with constructor 'Object'
| property 'flat' -> object with constructor 'Object'
| ...
| property 'plugins' -> object with constructor 'Object'
--- property 'react' closes the circle
Referenced from:
at JSON.stringify ()
at file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/shared/config-validator.js:308:45
at Array.map ()
at ConfigValidator.formatErrors (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/shared/config-validator.js:299:23)
at ConfigValidator.validateConfigSchema (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/shared/config-validator.js:330:84)
at ConfigArrayFactory._normalizeConfigData (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:676:19)
at ConfigArrayFactory._loadConfigData (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:641:21)
at ConfigArrayFactory._loadExtendedShareableConfig (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:946:21)
at ConfigArrayFactory._loadExtends (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:814:25)
at ConfigArrayFactory._normalizeObjectConfigDataBody (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:752:25)

src/pages/manage/reverse-proxy/bring-your-own-proxy.mdx

Oops! Something went wrong! :(

ESLint: 9.39.4

TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'configs' -> object with constructor 'Object'
| property 'flat' -> object with constructor 'Object'
| ...
| property 'plugins' -> object with constructor 'Object'
--- property 'react' closes the circle
Referenced from:
at JSON.stringify ()
at file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/shared/config-validator.js:308:45
at Array.map ()
at ConfigValidator.formatErrors (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/shared/config-validator.js:299:23)
at ConfigValidator.validateConfigSchema (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/shared/config-validator.js:330:84)
at ConfigArrayFactory._normalizeConfigData (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:676:19)
at ConfigArrayFactory._loadConfigData (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:641:21)
at ConfigArrayFactory._loadExtendedShareableConfig (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:946:21)
at ConfigArrayFactory._loadExtends (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:814:25)
at ConfigArrayFactory._normalizeObjectConfigDataBody (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:752:25)

src/pages/manage/reverse-proxy/index.mdx

Oops! Something went wrong! :(

ESLint: 9.39.4

TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'configs' -> object with constructor 'Object'
| property 'flat' -> object with constructor 'Object'
| ...
| property 'plugins' -> object with constructor 'Object'
--- property 'react' closes the circle
Referenced from:
at JSON.stringify ()
at file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/shared/config-validator.js:308:45
at Array.map ()
at ConfigValidator.formatErrors (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/shared/config-validator.js:299:23)
at ConfigValidator.validateConfigSchema (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/shared/config-validator.js:330:84)
at ConfigArrayFactory._normalizeConfigData (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:676:19)
at ConfigArrayFactory._loadConfigData (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:641:21)
at ConfigArrayFactory._loadExtendedShareableConfig (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:946:21)
at ConfigArrayFactory._loadExtends (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:814:25)
at ConfigArrayFactory._normalizeObjectConfigDataBody (file:///node_modules/.pnpm/@eslint+eslintrc@3.3.5/node_modules/@eslint/eslintrc/lib/config-array-factory.js:752:25)

• 1 others

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}