Hey Jim! One of our users just shared this video with us. Somehow we missed it. We had a few users that struggled to set up NetBird behind a proxy and had a few issues with Authentik. This video will be definitely useful for these users and the whole NetBird community. Thank you so much for making amazing content! 🎉
@Jims-Garage4 ай бұрын
@@netbirdio that's great to hear, appreciate the feedback
@GpconnectInfohotspot4 ай бұрын
So we can not create sub-accounts nor separate networks? why do the open source version is so limited? I will be more than happy to paid a license to be able to have more options !
@netbirdio4 ай бұрын
@@GpconnectInfohotspot It is not possible to create sub accounts and separate networks within one org account in the cloud version too. What is your use case for that?
@OM-rnd5 ай бұрын
Hi Jim. Thank you for your channel. It was one of the things why I decided to start my home server journey. It’s absolutely fantastic to have comprehensive information how to setup things. My setup is going great and growing every day. One thing I’m struggling now is how to structure my network regarding I’m being CGNAT. Your videos about NetBird and Headscale helped a lot. Could you consider to make a video for newbies with general overview how to structure setup for those pure things stucked without port forwarding. E.g. you have your docker containers, their networks, network of Proxmox VM, your Opnsense/Pfsense and VPS for self hosting NetBird/Headscale and maybe few more things in docker. How to configure flow of data, do you need to have reverse proxy at home and/or at VPS in this setup, do you need DMZ and so on. Just traffic flow and general structure, considering that all vms and basic networks already set up. It sounds like a lot but such video would be a lifesaver for those who just starting out and don’t understand why one needs certain things.
@willwullems43715 ай бұрын
I discovered this channel about 1.5 months ago. Excellent content and it really helped with improving my homelab. From all homelab channels, it is the best one I have seen so far. Setting up a self hosted VPN was the next step (searched for it an hour ago). Nice to piggyback of your work instead of figuring it out myself.
@Jims-Garage5 ай бұрын
Welcome aboard! Thanks for the kind feedback.
@_ytuser5 ай бұрын
Spot on comment! 👌
@ellieminette64635 ай бұрын
Jim - you have absolutely some of the best tutorials on YT and do a great job. I would agree with one other comment - I do not use Traefik nor do I have your knowledge and expertise. For me, the Traefik integration makes it difficult for me to implement. However, I completely understand that is your setup so that is how you have it setup. Keep up the great work.
@Jims-Garage5 ай бұрын
@@ellieminette6463 very kind, thanks. I get it, it's hard to please everyone. For those who need it they can just run the script, albeit it's likely to replicate much of what you already have. Plus, even if you don't do it this way many of the things the script does are still relevant to my explanation.
@arctiinae4 ай бұрын
FYI - Cloudflare users need to set "Allow gRPC connections to your origin server" to "On" under "Network" for the relevant domain. Without that I get an error on the netbird client: "failed while getting Management Service public key".
@michaelturner-mp6jw2 күн бұрын
Thank you so much for this comment. Hero!
@pandie_me5 ай бұрын
Hah I just the day before implemented Netbird for my own network, and loving it so far. Good video.
@Jims-Garage5 ай бұрын
@@pandie_me awesome, how are you finding it?
@pandie_me5 ай бұрын
@@Jims-Garage I really like it. It helps that the clients feel polished, but between setting up my policies, routes and groups I’m really happy with how it’s working. I’ll be sticking with it for the foreseeable future. 😄
@Jims-Garage5 ай бұрын
@@pandie_me me too. Just wish Android client supported exit nodes...
@pandie_me5 ай бұрын
@@Jims-Garage aha yeah, that’d be a pain. Im on my iPhone rotation this year. Haven’t tested an actual exit node on it yet but the defined routes work a treat.
@vmerinom3 ай бұрын
Thanks for the video, Jim! Regards from Chile
@Jims-Garage3 ай бұрын
You are welcome!
@DigisDen3 ай бұрын
Jim, I'm so glad I watched this video. I have just replaced our works 90 user tailscale that was costing a lot per month per user. I have it set up with a postgres back end and using gsuite for auth, its working brilliantly.
@Jims-Garage3 ай бұрын
That's amazing and equally daunting! Really interested to hear how this works out. What's performance like?
@DigisDen3 ай бұрын
@@Jims-Garage I haven't tested performance yet but I will. Its main role is just to allow access to a couple of applications, for the majority, hosted in Google cloud. For devs and it admin, we 781 Google VMs!
@JamesJosephFinnАй бұрын
Outstanding trainings on this channel. Subbed! Please keep it up!
@Jims-GarageАй бұрын
Awesome, thank you!
@angelahoyt53545 ай бұрын
I just found this channel while searching yt for tutorials. This is my first home server. What setup/tutorials of yours should I start out with. Ive installed dockge and a few containers such as dashy, audiobookshelf, etc. I'm feeling overwhelmed but I like a good puzzle.
@Jims-Garage5 ай бұрын
Hey, welcome to the channel. Most of the early videos are sequential so start with those. Worth setting up a proxy and putting some security in place before you start opening up services to the web (Traefik, CrowdSec, Authentik etc).
@angelahoyt53545 ай бұрын
@@Jims-Garage perfect, I will start there. Thank you for your direction.
@Aesthetic_Shreeram2 күн бұрын
Waiting for a Kubernetes deployment reference, How soon will you create a video for that?
@Sapious112 сағат бұрын
Jim excellent video... I have my own issues using NGNPM but I'll work on a resolution there. Thanks!
@Jims-Garage12 сағат бұрын
@@Sapious1 thanks 👍
@john__johnson5 ай бұрын
Thanks Jim. I'll give it a test against wireguard this weekend.
@PW-726485 ай бұрын
The documentation and app itself looks great but with your presentation was even better. Do you use Tailscale still Jim or you are fully on Netbird now?
@Jims-Garage5 ай бұрын
I'm trialling netbird, so far so good.
@Glatze6035 ай бұрын
Nice but a bit diffucult when deploing in your homelab behind traefik and authentik. I prefer using it on a small vps.
@Jims-Garage5 ай бұрын
Yes, I get that, makes sense in many ways. Good to have both options.
@kiranjadhav41253 ай бұрын
Great video Jim. How do you update (to the latest container image) of this stack in docker?
@Jims-Garage3 ай бұрын
Shut down, delete and redeploy (if you have a volume mapped you won't lose the data). Otherwise you can use docker pull, or something like watchtower which I've recently covered (auto update).
@HunterGeophysicsAustralia5 ай бұрын
18:06, nope, won't log in. I see the pulsating orange vertical lines on black background, then it redirects to Authentik for a second, then back to the orange lines, but then I just get a 404 error and it remains stuck on the black page with orange lines. :/
@Jims-Garage5 ай бұрын
Check your Traefik labels for a typo, I initially had that issue.
@kbsao5Ай бұрын
I'm having the same problem. How did you resolve this?
@HunterGeophysicsAustraliaАй бұрын
@@kbsao5 I eventually gave up on self-hosting anything as I couldn't get this to work with Authentik, and without remote access, it's of little use in my specific circumstances. One day I'll try again but for now, I don't have the time/energy, and there isn't any support available anywhere. Headscale might be an easier option for a self-hosted VPN.
@GundamExia885 ай бұрын
Nice video, just watched your other headscale/tailscale video... hmm... how would you compare twingate and netbird?
@Jims-Garage5 ай бұрын
@@GundamExia88 thanks. I'm yet to look into twingate, it's on the list though.
@virtual-riot5 ай бұрын
One question, why in the exit node configuration it only allows me to choose the UBUNTU machine and not the other one, for example the Windows machine?
@Jims-Garage5 ай бұрын
On the windows machine, add it as an exit node
@kbsao5Ай бұрын
"I see the pulsating orange vertical lines on black background, then it redirects to Authentik for a second, then back to the orange lines, but then I just get a 404 error and it remains stuck on the black page with orange lines." Hello. I'm having a login problem. The error that appears is 404. I've already reviewed all the settings, but I didn't find anything wrong. I'm using Oracle Cloud. Do you have any idea what it could be?
@Jims-GarageАй бұрын
404 is not found. Make sure you have the redirect set correctly, DNS matches and ports are forwarded.
@omerta33934 ай бұрын
Hi Jim, thanks for another awesome video. I did setup netbird, authentik works but dashboard just stuck on loading, I saw several people had that issue too, did you notice same kind of issue yourself?
@Jims-Garage4 ай бұрын
@@omerta3393 thanks, which dashboard?
@dionisierus50554 ай бұрын
I have the same issue. First time I try to open Netbird, it just hangs at the "Peers - NetBird Dashboard" page title and /peers web address.
@Jims-Garage4 ай бұрын
@@dionisierus5055 do you have all of the domains, subdomains setup? Double checked the config for Authentik?
@dionisierus50554 ай бұрын
Thanks Jim. I did double check and it looks OK. Authentik only shows successful logins for the Netbird user and the container logs do not have anything suspicious. There is also a github issue raised that is matching the symptoms but they talk more about cert issues - none in my logs. Will try to build it without traefik and see.
@dionisierus50554 ай бұрын
managed to solve this with a few tweaks but I believe the main one was adding "@docker" at the end of "traefik.http.routers.netbird-management.service=netbird-management" label. I noticed an error in the logs of traefik after I rebooted the container - it could not find the IP
@zhiyigong60564 ай бұрын
Hey, how do you use the exit node funcion to create a self hosted VPN at home, so I can connect to it from anywhere else? I tried setting up one myself but nothing shows up in the exit nodes routes tab on a peer laptop?
@Jims-Garage4 ай бұрын
On the node you want you need to advertise as exit node then add a route as I show in the video.
@TheXalloumi4 ай бұрын
thanks again for your tutorials. i am running the single traefik approach with the -external labels. however i am unable to access netbird UI using my mobile phone (authentication error). it seems that the redirection is not working correctly. i must say, that my current router does not support nat hairpin, so i used unbound to create a corresponding a-record. any hint?
@Jims-Garage4 ай бұрын
@@TheXalloumi anything in the logs? Usually it's a config error
@TheXalloumi4 ай бұрын
@@Jims-Garage . the only errors i have are in traefik.log, : ERR error="service \"netbird-management\" error: unable to find the IP address for the container \"/artifacts-management-1\": the server is ignored" container=management-artifacts-a5c7289b9ce0b02a37a594871dd78df1a9f5f19d409744b2c2bb3fbc44b2a5ba providerName=docker 2024-08-01T19:45:50+03:00 ERR error="service \"api\" error: unable to find the IP address for the container \"/artifacts-management-1\": the server is ignored" container=management-artifacts-a5c7289b9ce0b02a37a594871dd78df1a9f5f19d409744b2c2bb3fbc44b2a5ba providerName=docker any hint?
@ponbckaАй бұрын
what are the advantages over other solutions?
@Jims-GarageАй бұрын
@@ponbcka it's self hosted and very easy to administrate via the included web gui
@WoKo653 ай бұрын
Hi Jim, great channel. If one puts this on a small VPS, and have all other homelab servers/containers at home behind a cgnat / opnsense box, would this work ? I am thinking of a scenario like you presented some time ago for the headscal/tailscale solution. Thanks for your interesting videos !
@Jims-Garage3 ай бұрын
Yes, this is a perfect solution for cirumventing the limitations of CGNAT.
@WoKo653 ай бұрын
Thanks, just to clarify: Traefik only on the VPS, open relevant ports at my local opnsense, and my local lan would be the "proxy" subnet ?
@ryanarnold22934 ай бұрын
Thanks Jim! Have you tried this on Kubernetes yet?
@Jims-Garage4 ай бұрын
@@ryanarnold2293 yes, I've spun it up but haven't started to use it yet.
@ryanarnold22934 ай бұрын
@@Jims-Garage Any caveats compared to the Docker setup? I want to try this on my k3s cluster with Traefik
@pksrbx2922 ай бұрын
Can someone here help me i did everything like the video, and i tried on my phone outside from my home network and it connects but none of my computers inside my network connect. the problem seems to be with port 33080 the relay one i dont have a redirect anywere so why does it work from the outside and from inside it doesnt work?
@Jims-Garage2 ай бұрын
I believe the Netbird app was updated right after I published the video changing things with the relay. I'll have to do an update...
@magnusnelenius6492 ай бұрын
@@Jims-Garage Is the update still in the plan?
@brinkoo72 ай бұрын
I am curious if anyone has done a performance comparison between this and headscale? I put about 200 nodes on a single headscale tailnet using an AWS EC2 m5.xlarge (4 VCPUs) and the CPU started cooking, I was able to mitigate this a bit, but i have never really tried NetBird
@Jims-Garage2 ай бұрын
@@brinkoo7 wow, that's a big scale. I would love to know if someone has done a similar comparison.
@djsmeguk5 ай бұрын
The current lack of BSD support makes it difficult to integrate with OPNsense and other similar firewalls.. Edit: they _do_ have BSD, pfsense and opnsense on their roadmap, but it doesn't seem like it's very active. They seem to have some initial support for BSD, but it looks like you're building it from source, which isn't super helpful.
@Jims-Garage5 ай бұрын
I agree, same with Android mobile and exit nodes. They're a small team but they've achieved a lot so far. Fingers crossed they deliver, would be ace to have it in OPNSense.
@djsmeguk5 ай бұрын
@@Jims-Garage yeah, it's definitely a product to watch and good luck to them
@Jims-Garage5 ай бұрын
@@djsmeguk 💯
@chrisa.17405 ай бұрын
This limitation is exactly why I passed over Netbird when first seeing their product about a year ago. I'm hopeful they will eventually have OPNsense support, though!
@GeekendZone5 ай бұрын
My question was: Do you need to open ports like WireGuard?
@Jims-Garage5 ай бұрын
Yes
@netbirdio4 ай бұрын
For the control layer (management). For the clients you won't need to open ports.
@Michael-v3v2u2 ай бұрын
Do your domain need to be pointed at the web for this to work?
@Jims-Garage2 ай бұрын
@@Michael-v3v2u yes (albeit if you're behind cgnat you can put a node in the cloud and route through that to internal).
@GuilhermeMarquesMachado3 ай бұрын
Trying to understand why my coturn server is not working
@magnusnelenius6492 ай бұрын
I have struggled a lot with the coturn server as well. I get this repeated log error: "bind: Address already in use Cannot bind local socket to addr: Address already in use 2: (1): WARNING: Trying to bind fd 348 to : errno=98 2: (1): WARNING: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:3478 2: (1): INFO: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:3478, again..." Everything else is workning and I can follow along with all the instructions in the video. It is also possible to ping the different peers as log as the are in the same LAN but as soon as I turn off WiFi in my android phone, I can no longer ping the other peers 😞 and vice versa. Any suggestions where to look/troubleshoot is most appreciated.
@ramomammah5 ай бұрын
Hi Jim, do you need a static IP to run this as a self hosted VPN instance?
@Jims-Garage5 ай бұрын
@@ramomammah no, you can use DDNS (like I do) to ensure your domain record remains accurate.
@ramomammah4 ай бұрын
@@Jims-Garage Thanks! Do you use cloudflare for example to point the DDNS address to your machine hosting netbird?
@Jims-Garage4 ай бұрын
@@ramomammah yes. Add the record in Cloudflare or any supported domain registrar and then configure DDNS to keep it up to date (there are specific docker containers for it and can also be done with firewalls that support it)
@JohnWeland5 ай бұрын
Is there a use case for a stack deployed VPN like this vs setting up a VPN on my router (I have Unifi, so I think I have a few options)
@Jims-Garage5 ай бұрын
They're completely different types of VPNs, one is point to point (Unifi) and the other is a mesh. It depends what you want. Both should be equally performant.
@magnusnelenius6492 ай бұрын
I have struggled a lot with the coturn container. I get this repeated log error: "bind: Address already in use Cannot bind local socket to addr: Address already in use 2: (1): WARNING: Trying to bind fd 348 to : errno=98 2: (1): WARNING: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:3478 2: (1): INFO: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:3478, again..." Everything else is workning and I can follow along with all the instructions in the video. It is also possible to ping the different peers as long as they are in the same LAN but as soon as I turn off WiFi in my android phone, I can no longer ping the other peers 😞 and vice versa. I also loose the connection to the netbird admin page as soon as I connect the Netbird client on my Windows maskin. Can this also be part of the newely released client problem or is this something else?
@DanQuinn-mg2wu2 ай бұрын
Hi James. Once again thanks for another great video. I’d very much like to hear your thoughts on restricting external access to something like this with the addition of hardware attestation. Would you have any thoughts on combining something like a yubbikey with an internal Certificate authority, proxy and Authentik for self hosted VPN access? Your thoughts critical or otherwise would be valued but either way thanks again for another great video they are appreciated
@june0120064 ай бұрын
Have you used the Android client with it? I'm connected, but can't reach any other clients, or be reached.
@alanjrobertsonАй бұрын
I tried it for a couple of weeks then gave up - management interface etc all fine and could connect clients, but they couldn't ping each other unless on the same LAN, which was kinda the point! Seemed to be mainly issues around the coturn server not working properly but I gave up in the end.
@magnusnelenius64927 күн бұрын
I got the same result, really unfortunate when seeing how well it can work. I have tried both with and without forwarded ports in the Firewall, no difference. It was not mentioned in the video if it is necessary or not when using it behind Traefik.
@ashoktvm4 ай бұрын
Is there limit for number of users. Or is it paid for more users?
@Jims-Garage4 ай бұрын
@@ashoktvm there's no limit on users that I'm aware of
@geemobile60375 ай бұрын
Has anyone done a speed test of WireGuard vs NetBird? I’m asking as I’ve used both but with different implementations, self hosted vs cloud. And I did notice a speed difference. But I’d like to know the difference with both self hosted.
@Jims-Garage5 ай бұрын
I will look to do some, there's a few on Reddit.
@jomijohn70682 ай бұрын
how to setup this using nginx proxy manager
@Jims-Garage2 ай бұрын
@@jomijohn7068 I'm not sure. I don't recommend using NPM, it's security track record is poor.
@DanielSouzaMiranda5 ай бұрын
Hi there.. one more awesome tutorial!
@Jims-Garage5 ай бұрын
Glad you liked it! Thanks.
@EDIIIZ5 ай бұрын
Netbird is nice but their mobile clients are still rough, but in 1-2 years its gonna be wild. 😁
@Jims-Garage5 ай бұрын
@@EDIIIZ yeah, seems to be some truth in that
@user-qh5zz7dy1h5 ай бұрын
Thanks Jim! Zitadel or Authentik which you like more? //edited :)
@Jims-Garage5 ай бұрын
@@user-qh5zz7dy1h I like them both, but I prefer Authentik for a homelab as it has the proxy option for all the homelab apps that don't support oauth2.
@user-qh5zz7dy1h5 ай бұрын
@@Jims-Garage damn, you're faster than I edit my comments haha, thanks! That helped me a lot to decide :)
@Shaq2k5 ай бұрын
A video on how to set up authentik proxy would be nice. For apps that don't have oauth
@Jims-Garage5 ай бұрын
@@Shaq2k think I did that for my first Authentik video
@toddselby4435 ай бұрын
Thanks for the great video.
@avidflyer175 ай бұрын
Hello Jim ! Nice video ! On my end, I like Twingate. Why would you choose this instead of Twingate ? ;) See ya !
@Jims-Garage5 ай бұрын
@@avidflyer17 thanks. No idea 😂 I'm yet to investigate. I'll put on the list!
@comosaycomosah5 ай бұрын
Currently trying to setup netbird on oracle hub and spoke network and connect to home network.....its not easy lol would be absolutely baller if you had a tutorial of this sometime 💀
@MikeDeVincentis5 ай бұрын
Do you have a video on how to use vscode?
@Jims-Garage5 ай бұрын
Yes
@Metzlmane5 ай бұрын
Why did you use Authentik instead of zitadel? Just curious since I redo my whole setup. Which one do you prefer?
@Jims-Garage5 ай бұрын
As I mention in the video I use Authentik as it does everything Zitadel does plus it has the option of a proxy for apps that don't support OAuth
@sergefedorow84305 ай бұрын
Great! Thanks!
@Jims-Garage5 ай бұрын
You're welcome!
@malzbier13395 ай бұрын
As always 👍🏻
@Jims-Garage5 ай бұрын
Thanks again!
@PazzaPlays5 ай бұрын
Thank you :D
@Jims-Garage5 ай бұрын
No problem!
@pksrbx2925 ай бұрын
here we go =D Lets see if with your help i can set this up thanks for the excelent content
@Jims-Garage5 ай бұрын
You're most welcome. To start with you can copy and paste my configs. Once it works I'd start subbing out values e.g., keys etc (you'll need to change domain name regardless).
@pksrbx2925 ай бұрын
@@Jims-Garage the problem is that im using NGXPM and i can't make it work =(
@Snoekverslaafde5 ай бұрын
No simpler docker way without all the treafik etc? This is for many people a way to complicated way. No offence.
@Jims-Garage5 ай бұрын
@@Snoekverslaafde check the video at the start, there's a single click script that does everything for you.
@jonathandoe74905 ай бұрын
Was meaning to ask on the headscale video and forgot, but would it be possible to include docker compose files that do not have all the traefik stuff. I think alot of people including myself use NPM and it would be easier to follow along with a file like that, not just this video but there have been others. Up to you only ask you to consider this.@@Jims-Garage
@Snoekverslaafde5 ай бұрын
@@Jims-Garage Not working if you on lets say a Synology
@Jims-Garage5 ай бұрын
@@Snoekverslaafde what error do you receive?
@Snoekverslaafde5 ай бұрын
@@Jims-Garage I can only install it as a docker stack. And that is Netbird only. All other things you show in the video dont work. And after it runs i cant acces lan from outside.
@demanuDJ5 ай бұрын
Sorry but netbird is $hit... It have so much issues that this is not production ready and not something I want to use in any scenario. Still Tailscale wins, Netbird s*cks. Tailscale also has amazing support, Netbird is just a toy for kids with no support, any support.
@WordupGАй бұрын
They encourage people to join their slack channel for support…but the invite has been expired for some time. They have a Reddit page…but posting is not permitted, and no new posts in almost a year. There are no organized places to even ask peers for support! So frustrating when some of the docs are vague or too advanced for newbies.
@M.s3rv5 ай бұрын
Nice, been waiting for this. Have you heard about defguard?
@Jims-Garage5 ай бұрын
Only in discord, it's on the list
@Glatze6035 ай бұрын
defguard looks interesting, too!
@Xpider-dev4 ай бұрын
Jim please help. How to use netbird. Like im making a dockerswarm connect the workers. And deploy apps in the worker access them from managers ip?