Great content Brian! Thanks. For better security, you should enable 2FA for Authentik and then add a provider (proxy provider) and application for nginx proxy manager itself, so that the access is protected with 2FA of Authentik, too 🙂
@Glatze6036 ай бұрын
It seems, that npm can not be configured for authentik... Has anybody an idea, how to get 2FA for npm?
@AwesomeOpenSource6 ай бұрын
100%. Just didn't show it yet. But, I'd point folks to @Cooptonian as his Authentik videos are gold!
@AwesomeOpenSource6 ай бұрын
I think if you set NPM to Basic Auth (if possible), then you can use Authentik to login through that (again, just saw an @Cooptonian video that showed something like this).
@netbirdio6 ай бұрын
Absolutely love it! Thank you for this video :)
@netbirdio6 ай бұрын
The part where Brian configures NetBird with Authentik is just brilliant. It is very detailed and highlights the caveats people might have (e.g., the hosts file point). We will link it to our docs 👍
@AwesomeOpenSource6 ай бұрын
Glad you guys like it, and thank you so very much for such an awesome open source project!
@docmalitt6 ай бұрын
Dear AOS, this is really at the moment (trust me, been following bunch of well known and quite wholesome homelab enthusiasts) one of the most effective list of resources and tools for IT power-users who want to start something like a business on a budget, very small budget, but are not sure they want to leave everyday job. Also for unemployed (what ever the reason might be) to maybe earn some income. Even for those who aren't in a pinch for money (hard to find, but who knows...) to keep up with the ever changing and evolving tech. I mean, lately, every few months something crazy good comes out. Netbird with free 5/100 tier is amazing for practice as well as small home bizz. Anyways, I am packing 3 laptops and a Pi and right afer installing Netbird time to figure out Authentik - and here comes ... your video. Thx a bunch
@AwesomeOpenSource6 ай бұрын
Absolutely my pleasure!
@adzieau6 ай бұрын
Thanks for the great video Brian, It took me a few hours to get through this one. I followed a long the whole way. I had a few difficulties as I used a local provider for my servers and the settings were a bit different. Got there in the end. Looking forward to the next one greatly and starting to integrate some of the solutions into my own business I am just starting.
@AwesomeOpenSource6 ай бұрын
Super glad you were able to work though it. Excited that you are coming along with me.
@waynestatic29126 ай бұрын
Great video and explanation as always! Just a little tip about the authentik setup: you dont need to specify the version of image to pull in both .env and compose file, you just need to match the variable name which is different in this case. When the variable is the same docker will matches the version specified in .env file and use the other one in compose as fallback.
@AwesomeOpenSource6 ай бұрын
Yeah, I don't recall at this point if I messed up that tag, or if that's how it was copied from therm, but you're 100% right.
@pixelaccount38826 ай бұрын
Priceless content
@AwesomeOpenSource6 ай бұрын
Thank you so much!
@clementinoytb6 ай бұрын
Thank you so much for this tutorial! You have no idea how much I have been looking forward to this! Thank you, you really a great at giving instructions, these videos are valuable ressources!
@AwesomeOpenSource6 ай бұрын
Glad you like it my friend!
@rdmerck5 ай бұрын
You make great content Brian, thanks for your hard work! Excited to see the next video
@AwesomeOpenSource5 ай бұрын
I appreciate that!
@muhammedcrow31235 ай бұрын
Great content, Brain. I'm longtime fan of the show, and right now I'm trying to create a similar thing as an MSP in my home country. and this series was a great resource for me. I wanted to ask though what if you're trying to create something like what Microsoft did with Azure and Intune for both device and user management but with OSS. where you use one account to access everything, and all service play nicely with each other. thanks for all the efforts you're going through to put this knowledge out for the world
@AwesomeOpenSource5 ай бұрын
I think SSO is definitely possible. The services playing nicely, is a different story. We are essentially pulling a bunch of different software together. I don't use Microsoft or Intune, but it's one thing to pull a bunch of things together, it's different to own all of it.
@premdon0096 ай бұрын
Great has been waiting for this video. Thanks for the video ❤
@AwesomeOpenSource6 ай бұрын
You are so welcome!
@gacjezv6 ай бұрын
Hey Brian, Great series. Can you add the notes when you have a minute? I have been wrestling with this exact install. Question: I didn't see the Netbird FQDN being routed via the NPM Proxy. Is that correct? I have all these on the same network, so I was going to route my FQDN via my proxy to the Netbird IP Address internally and then use Authentik to secure it.
@AwesomeOpenSource6 ай бұрын
I'm adding them now, might take a bit to get it all in, but I'll be referencing my original video notes as well. I updated those links in the description already. Just need to finish the show notes specific to this video.
@andreaslink66826 ай бұрын
Very well done, Brian. Thank you a lot, this is good to reproduce, but I miss in general the IPv6 consideration a little bit in parallel to IPv4. I would assume Digital Ocean also provides IPv6 addresses in parallel, don't they? I think, it should not be skipped as many parts in the internet go IPv6 today and also to be future prepared, I would appreciate if you consider IPv6 in parallel within your setups as some things might be slightly different. So please move on as you are doing and thank you!
@AwesomeOpenSource6 ай бұрын
DO allows you to enable IPv6, but not on by default as I recall. I haven't mastered IPv6 yet for sure, but maybe that's an opportunity for me to get @scottibyte and @ibracorp involved in my series...they can school me on it a bit.
@farzadmf6 ай бұрын
Thank you for the video. The links section seems to be missing for the show notes
@AwesomeOpenSource6 ай бұрын
Working on the show notes now. I'll have them by the end of day (if all goes better than yesterday anyway).
@farzadmf6 ай бұрын
Thank you for the update; hopefully everything goes well for you
@izunagi90643 ай бұрын
so I been playing around with this and thought about a theory. if you have a server/s laying around and don't want to expose your IP could you do a proxy server on DO then set-up the auth and nb on your home lab? Apply NB agents on all the servers so that they can talk to them like your own private cloud. then the only server on DO is the proxy so you can have a public address.
@AwesomeOpenSource3 ай бұрын
100%. You can set this up in a ton of different ways, I'm just showing one way to give the basics. But, absolutely set it up how you feel it best works.
@izunagi90643 ай бұрын
Thinking about it more there may be some ssl problem with netbird and auth so probably best that they be in a cloud host area with the proxy but once netbird is up you could host other servers locally with netbird agents.
@shawonshovon2266 ай бұрын
Hello there! Could you please create a video that talks about open-source email validation system ? Bulk Email Verification Recher mail, AfterShip /email-verifier, truemail
@AwesomeOpenSource6 ай бұрын
Let me see what I can dig up.
24 күн бұрын
Hey really great your video!! This is the best and helpful video guiding this kind of setup that I watched until now! Just one thing that bring me here but unfortunatelly is not covered in your video. My main doubt on how to is set up netbird behind Nginx Proxy Manager. In case I am doing the self-host in on-prem with only one link with fixed public IP, so all of this services need to be behind NPM... Until now I got the NPM and Authentik working smoothly, only Netbird is letting me off. Do you know how to do that way? Thanks
@AwesomeOpenSource24 күн бұрын
You have to forward all of the ports they specify that aren't related to the web administration pages.
23 күн бұрын
@@AwesomeOpenSource Sure! All the ports they mentioned is directly forwarded to the server, and por 80 and 443 is set to NPM. I got the Authentik login page, but after successful login doesnt load management/dashboard page of netbird... But I am about to redo it from scratch following your video and see if it works. Thanks
@0ctatr0n4 ай бұрын
Can you setup the Authentik and Netbird with purchasing two VPS instances? It'd also be nice to be able to use the VPS's for other things like email or website etc.. We're not all made of money
@AwesomeOpenSource4 ай бұрын
You can. You just need to adjust the ports they run on and adjust the proxy settings for them. It's a bit easier to do it the way I have, but I completely understand.
@onlyhexonotop43136 ай бұрын
Hey bro Please make one video on zammad ticketing System installation
@AwesomeOpenSource6 ай бұрын
It's on my list for this series.
@AwesomeOpenSource6 ай бұрын
It's on my list for this series my friend.
@simongajdosik51056 ай бұрын
Amazing guide! Thank you. Do you have a shownotes available?
@AwesomeOpenSource6 ай бұрын
Working on the shownotes now. I got tied up yesterday with a multitude of unexpected issues, and am just now getting to add them.
@simongajdosik51056 ай бұрын
Thank you and I really appreciate your hard work! I just followed everything in the video and all is working as indented. Only issue I have is connecting do Win Server via RDP through Netbird network.. Maybe you have some information about it?@@AwesomeOpenSource
@AwesomeOpenSource6 ай бұрын
Well, I'm not sure. Can you reach it via RDP through LAN?
@FineWine-v4.06 ай бұрын
I was wondering if there was an open source tool to basically post ideas (like a PasteBin+Forumn combo of sorts) It would be like an Adventure Guild quest board that you see in Fantasy Animes, putting bounties on tasks Except here you could post ideas or a "wanted" list on what FOSS tools/apps are needed in this world to further help the cause of FOSS This is just me thinking out aloud
@AwesomeOpenSource6 ай бұрын
I think you could use something like Lemmy for this ut there are some borads I've com across in the past that are more specifically for voting on certaint hings. I'll see what I can find.
@chrisjchalifoux3 ай бұрын
thank you for the video it is helping me i am juest starting out with netbird selfhost👍👍
@AwesomeOpenSource3 ай бұрын
Glad I could help!
@mmejia044 ай бұрын
Great video...but I am kind of stuck. I use HAProxy (pfSense package), Authentik and I would like to setup NetBird. I am missing how to setup Netbird behind the HAProxy... any ideas?
@AwesomeOpenSource4 ай бұрын
You'll have to forward the web admin ports to your server, and also all of the ranges of ports it needs to that server. Not sure how well it will work. Not used HAProxy, so just not familiar with its setup.
@cr0wmaticАй бұрын
@@AwesomeOpenSource Is this why we didn't set up Netbird behind the Nginx Reverse Proxy? I was wondering that as I went through this yesterday.
@0ctatr0n4 ай бұрын
Did this setup allow a client to connect? I've setup the same thing using Caddy because I read the Nginx Proxy Manager doesn't support gRPC and as a result doesn't allow me to connect clients with whining about expecting an gRPC connection and getting a html/text 1.1 connection. I even ran the script version to find out how it sets up the CaddyFile to make gRPC work, still not working. Let me know when you do the episode showing it connecting to the clients
@AwesomeOpenSource4 ай бұрын
I can connect, but yes, you may have gRPC issues. It is something they use in Netbird for sure.
@JosephJohnson-sq4bu2 ай бұрын
any one else trying this finish, then when browsing to the nb site, met with error: Application error: a client-side exception has occurred (see the browser console for more information).
@AwesomeOpenSource2 ай бұрын
I haven't experienced that. If you can say what's in the console, it may help identify the issue.
@riaangrobler34475 ай бұрын
Hi , great videos... but im stuck. :( Getting this error when starting the netbird Docker... >> Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/kernel/domainname: permission denied: unknown
@AwesomeOpenSource4 ай бұрын
Seems like it's hitting a permission error. Is your user in the docker group? If so, make sure not to bring up docker with sudo, you shouldn't need it. It's talking about the domain specifically, so maybe there's some issue with the domain name you've setup. Make sure it's typed in correctly.
@riaangrobler34474 ай бұрын
@@AwesomeOpenSource I gave up... could not get this to work. switched from nginx to caddy.. and then the quick start from Netbird worked. I guess the biggest problem was/is to get NGINX to work. The above error is when you use a container and not a VM...
@toddselby4436 ай бұрын
So would pika backup, that you showed in your last video, be a good backup solution for these servers?
@AwesomeOpenSource6 ай бұрын
I would recommend something like Borg Backup with BorgWarehouse, as these service don't have a desktop environment, which is needed for PikaBackup to work. The other option that I'll be looking at is URBackup, which is also a nice solution.
@toddselby4436 ай бұрын
@@AwesomeOpenSource Thanks for the information!
@TheRBDIGroupАй бұрын
any ideas or instructions on authentik/netbird working behind a reverse proxy? Setting this up on a self hosted server with VMs. Nginx, Authentik and Netbird each on its own VM. Got the first two up and running, and netbird installed but issues with netbird able to open to FQDN using nginx and when I conntect with internal IP it fails to communicate with authentik. the FQDN is an issue with the SSL cert being part of netbird and not offered by nginx. Ideas or thoughts would be appreciated.
@TheRBDIGroupАй бұрын
I finally got it working. basically had to disable the install of the let's encrypt in the setup file. but now it authenticates with Authentik and is stuck on /peers with the animated loading.
@AwesomeOpenSource21 күн бұрын
That may be a GRPC issue. Make sure that you have gRPC traffic allowed through your proxy.
@redetermine6 ай бұрын
My man i would advice you to not show the IPs in a yt video. Some script kiddie might decide do ddos your stuff.
@medinarick36 ай бұрын
He just kills the machines when he's done
@redetermine6 ай бұрын
@@medinarick3I doubt it, since the IPs at 1:57 didnt have anything to do with this video.
@metal-beard6 ай бұрын
yea, I hope it's just for demo because all the services are still available on HTTP.
@PopularWebz6 ай бұрын
Who cares? There's a reason we call these "Public IPs" The IPv4 space isn't very large. All public IPv4 addresses are scanned every day for open ports. No point pretending they are hidden.
@davidlakes50876 ай бұрын
Once he’s registered a domain name and pointed DNS records to his IP addresses, those IPs are published for the whole world to see. That’s just how DNS works. Security through obscurity is no security at all.
@toddselby4435 ай бұрын
Along with starting a MSP, you should offer documentation services.
@AwesomeOpenSource5 ай бұрын
100%
@toddselby4435 ай бұрын
@@AwesomeOpenSource You have the best show notes on KZbin.