Accessing NetBird Private Instance via Network Load Balancer in a Public Subnet #1314

Open
opened 2025-11-20 05:28:08 -05:00 by saavagebueno · 0 comments
Owner

Originally created by @REY1405 on GitHub (Oct 7, 2024).

When I set up the NetBird server in a private subnet and an NLB in a public subnet with the domain netbird-public-lb.dev.linuxforall.in, I executed the following command:

"export NETBIRD_DOMAIN=netbird-public-lb.dev.linuxforall.in; curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started-with-zitadel.sh | bash"

This command installs NetBird and uses Let's Encrypt to generate HTTPS certificates and "netbird-public-lb.dev.linuxforall.in" domain is pointing to NLB DNS. After that, when zitadel trying to access let's encrypt it throws

Waiting for Zitadel's PAT to be created . . . . done
Reading Zitadel PAT
Waiting for Zitadel to become ready . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host netbird-public-lb.dev.linuxforall.in:443 was resolved.

  • IPv6: (none)
  • IPv4: 175.41.182.25, 47.128.190.47
  • Trying 175.41.182.25:443...
  • Connected to netbird-public-lb.dev.linuxforall.in (175.41.182.25) port 443
  • ALPN: curl offers h2,http/1.1
    } [5 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
    } [512 bytes data]
  • CAfile: /etc/ssl/certs/ca-certificates.crt
  • CApath: /etc/ssl/certs
    { [5 bytes data]
  • OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number
    0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
  • Closing connection
    curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number

Is it possible to use a Network Load Balancer in a Public Subnet to access NetBird private instances? 🌐🔒

Originally created by @REY1405 on GitHub (Oct 7, 2024). When I set up the NetBird server in a private subnet and an NLB in a public subnet with the domain netbird-public-lb.dev.linuxforall.in, I executed the following command: "export NETBIRD_DOMAIN=netbird-public-lb.dev.linuxforall.in; curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started-with-zitadel.sh | bash" This command installs NetBird and uses Let's Encrypt to generate HTTPS certificates and "netbird-public-lb.dev.linuxforall.in" domain is pointing to NLB DNS. After that, when zitadel trying to access let's encrypt it throws Waiting for Zitadel's PAT to be created . . . . done Reading Zitadel PAT Waiting for Zitadel to become ready . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host netbird-public-lb.dev.linuxforall.in:443 was resolved. * IPv6: (none) * IPv4: 175.41.182.25, 47.128.190.47 * Trying 175.41.182.25:443... * Connected to netbird-public-lb.dev.linuxforall.in (175.41.182.25) port 443 * ALPN: curl offers h2,http/1.1 } [5 bytes data] * TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs { [5 bytes data] * OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 * Closing connection curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number **Is it possible to use a Network Load Balancer in a Public Subnet to access NetBird private instances?** 🌐🔒
saavagebueno added the feature-request label 2025-11-20 05:28:08 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1314