Netbird behind nginx: stream terminated by RST_STREAM #266

New Issue

saavagebueno · 2025-11-20T05:08:48-05:00

saavagebueno commented

2025-11-20 05:08:48 -05:00

Originally created by @ykorzikowski on GitHub (Jan 11, 2023).

Hey there,

I am successfully running netbird since couple of months. Some clients cant speak with each other. I am investigating this issue right now and found, that I have errors regarding the signal-service in my client-logs (all clients, also the working ones):

time="2023-01-11T09:50:08+01:00" level=warning msg="disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR" file="grpc.go:144"
time="2023-01-11T09:50:23+01:00" level=info msg="connected to the Signal Service stream" file="grpc.go:136"
time="2023-01-11T09:51:08+01:00" level=warning msg="disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR" file="grpc.go:144"
time="2023-01-11T09:51:23+01:00" level=info msg="connected to the Signal Service stream" file="grpc.go:136"

server{
    listen *:80;
    listen [::]:80;
    server_name  ganymede.redacted.com;

    location / {
        return 301 https://$server_name$request_uri;
    }
}

# Dashboard

server {
    include security.conf;
    listen *:443 ssl http2;
    listen [::]:443 ssl http2;
    server_name ganymede.redacted.com;
    ssl_certificate /etc/letsencrypt/live/ganymede.redacted.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ganymede.redacted.com/privkey.pem;

    access_log /var/log/nginx/ganymede.redacted.com/netbird.log;
    error_log /var/log/nginx/ganymede.redacted.com/err/netbird.log;

    location / {
        proxy_pass http://10.10.11.199:8080;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Scheme $scheme;
	proxy_set_header        X-Forwarded-Proto https;
        proxy_set_header        X-Forwarded-Host ganymede.redacted.com;
    }
}

# MGMT HTTPS API

server {
    include security.conf;
    listen *:4443 ssl http2;
    listen [::]:4443 ssl http2;
    server_name ganymede.redacted.com;
    ssl_certificate /etc/letsencrypt/live/ganymede.redacted.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ganymede.redacted.com/privkey.pem;

    access_log /var/log/nginx/ganymede.redacted.com/netbird-api.log;
    error_log /var/log/nginx/ganymede.redacted.com/err/netbird-api.log;

    location / {
        proxy_pass http://10.10.11.199:8081;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Scheme $scheme;
	proxy_set_header        X-Forwarded-Proto https;
        proxy_set_header        X-Forwarded-Host ganymede.redacted.com;
    }
}

# MGMT GRPC API

server {
    include security.conf;
    listen *:33073 ssl http2;
    listen [::]:33073 ssl http2;
    server_name ganymede.redacted.com;
    ssl_certificate /etc/letsencrypt/live/ganymede.redacted.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ganymede.redacted.com/privkey.pem;

    access_log /var/log/nginx/ganymede.redacted.com/netbird-grpc.log;
    error_log /var/log/nginx/ganymede.redacted.com/err/netbird-grpc.log;

    location / {
        grpc_pass grpc://10.10.11.199:33074;
        grpc_read_timeout 3600s;
    }
}

# Signal GRPC API

server {
    include security.conf;
    listen *:10000 ssl http2;
    listen [::]:10000 ssl http2;
    server_name ganymede.redacted.com;
    ssl_certificate /etc/letsencrypt/live/ganymede.redacted.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ganymede.redacted.com/privkey.pem;

    access_log /var/log/nginx/ganymede.redacted.com/netbird-signal.log;
    error_log /var/log/nginx/ganymede.redacted.com/err/netbird-signal.log;

    location / {
        grpc_pass grpc://10.10.11.199:10001;
        grpc_read_timeout 3600s;
	grpc_ssl_verify off;
    }
}

Is there a recommendation how to run the netbird service? Like my config or everythin on port 443 like https://github.com/netbirdio/netbird/issues/536 ?

Thank you for any help :)

Originally created by @ykorzikowski on GitHub (Jan 11, 2023). Hey there, I am successfully running netbird since couple of months. Some clients cant speak with each other. I am investigating this issue right now and found, that I have errors regarding the signal-service in my client-logs (all clients, also the working ones): ``` time="2023-01-11T09:50:08+01:00" level=warning msg="disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR" file="grpc.go:144" time="2023-01-11T09:50:23+01:00" level=info msg="connected to the Signal Service stream" file="grpc.go:136" time="2023-01-11T09:51:08+01:00" level=warning msg="disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR" file="grpc.go:144" time="2023-01-11T09:51:23+01:00" level=info msg="connected to the Signal Service stream" file="grpc.go:136" ``` ``` server{ listen *:80; listen [::]:80; server_name ganymede.redacted.com; location / { return 301 https://$server_name$request_uri; } } # Dashboard server { include security.conf; listen *:443 ssl http2; listen [::]:443 ssl http2; server_name ganymede.redacted.com; ssl_certificate /etc/letsencrypt/live/ganymede.redacted.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ganymede.redacted.com/privkey.pem; access_log /var/log/nginx/ganymede.redacted.com/netbird.log; error_log /var/log/nginx/ganymede.redacted.com/err/netbird.log; location / { proxy_pass http://10.10.11.199:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host ganymede.redacted.com; } } # MGMT HTTPS API server { include security.conf; listen *:4443 ssl http2; listen [::]:4443 ssl http2; server_name ganymede.redacted.com; ssl_certificate /etc/letsencrypt/live/ganymede.redacted.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ganymede.redacted.com/privkey.pem; access_log /var/log/nginx/ganymede.redacted.com/netbird-api.log; error_log /var/log/nginx/ganymede.redacted.com/err/netbird-api.log; location / { proxy_pass http://10.10.11.199:8081; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host ganymede.redacted.com; } } # MGMT GRPC API server { include security.conf; listen *:33073 ssl http2; listen [::]:33073 ssl http2; server_name ganymede.redacted.com; ssl_certificate /etc/letsencrypt/live/ganymede.redacted.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ganymede.redacted.com/privkey.pem; access_log /var/log/nginx/ganymede.redacted.com/netbird-grpc.log; error_log /var/log/nginx/ganymede.redacted.com/err/netbird-grpc.log; location / { grpc_pass grpc://10.10.11.199:33074; grpc_read_timeout 3600s; } } # Signal GRPC API server { include security.conf; listen *:10000 ssl http2; listen [::]:10000 ssl http2; server_name ganymede.redacted.com; ssl_certificate /etc/letsencrypt/live/ganymede.redacted.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ganymede.redacted.com/privkey.pem; access_log /var/log/nginx/ganymede.redacted.com/netbird-signal.log; error_log /var/log/nginx/ganymede.redacted.com/err/netbird-signal.log; location / { grpc_pass grpc://10.10.11.199:10001; grpc_read_timeout 3600s; grpc_ssl_verify off; } } ``` Is there a recommendation how to run the netbird service? Like my config or everythin on port 443 like https://github.com/netbirdio/netbird/issues/536 ? Thank you for any help :)

saavagebueno added the bug client management-service labels 2025-11-20 05:08:48 -05:00

saavagebueno commented

2025-11-20 05:08:49 -05:00

@mlsmaycon commented on GitHub (Jun 16, 2023):

This issue is caused by grpc and its native keepalive not being supported by revere-proxy. We are implementing a application keepalive tin #771

@mlsmaycon commented on GitHub (Jun 16, 2023): This issue is caused by grpc and its native keepalive not being supported by revere-proxy. We are implementing a application keepalive tin #771

saavagebueno commented

2025-11-20 05:08:49 -05:00

@ykorzikowski commented on GitHub (Jun 22, 2023):

Just for reference: Found this: https://github.com/camunda-community-hub/zeebe-client-node-js/issues/101

@ykorzikowski commented on GitHub (Jun 22, 2023): Just for reference: Found this: https://github.com/camunda-community-hub/zeebe-client-node-js/issues/101

saavagebueno commented

2025-11-20 05:08:49 -05:00

@mlsmaycon commented on GitHub (Jul 14, 2023):

@ykorzikowski, we notice that running Nginx v1.25.1 solved the issue. Can you test it?

@mlsmaycon commented on GitHub (Jul 14, 2023): @ykorzikowski, we notice that running Nginx v1.25.1 solved the issue. Can you test it?

saavagebueno commented

2025-11-20 05:08:49 -05:00

@ykorzikowski commented on GitHub (Jul 25, 2023):

Hellooo,

I dont know. What helped is setting grpc_read_timeout 3600s; to 1 hour.

I am still using nginx version: nginx/1.18.0 and did not notice this issue since tweaking my config with above parameter.

@ykorzikowski commented on GitHub (Jul 25, 2023): Hellooo, I dont know. What helped is setting `grpc_read_timeout 3600s;` to 1 hour. I am still using `nginx version: nginx/1.18.0` and did not notice this issue since tweaking my config with above parameter.

saavagebueno commented

2025-11-20 05:08:49 -05:00

@devopskupryk commented on GitHub (Sep 27, 2023):

Hello,

I'm trying to deploy the netbird management into my k8s cluster v.1.25.12 with the nginx ingress controller 1.19.10

Have specified the annotations in the netbird management and netbird signal ingresses:

      nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
      nginx.ingress.kubernetes.io/configuration-snippet: |
        allow all;
        grpc_read_timeout 3600s;
        grpc_send_timeout 3600s;
        grpc_socket_keepalive on;

Peers are registered and the netbird client connected but vpn doesn't work:

$ netbird status
Daemon version: 0.22.7
CLI version: 0.22.7
Management: Connected
Signal: Connected
FQDN: test.hidden.tech
NetBird IP: 100.77.11.161/16
Interface type: Kernel
Peers count: 0/5 Connected

sudo tail -n 30 /var/log/netbird/client.log
2023-09-27T12:08:47+03:00 WARN client/server/server.go:226: canceling previous waiting execution
2023-09-27T12:09:34+03:00 INFO client/internal/login.go:130: peer has been successfully registered on Management Service
2023-09-27T12:09:35+03:00 INFO client/internal/wgproxy/proxy_ebpf.go:79: local wg proxy listening on: 3128
2023-09-27T12:09:35+03:00 INFO iface/tun_linux.go:15: create tun interface with kernel WireGuard support: wt0
2023-09-27T12:09:50+03:00 INFO signal/client/grpc.go:157: connected to the Signal Service stream
2023-09-27T12:09:50+03:00 INFO client/internal/connect.go:179: Netbird engine started, my IP is: 100.77.11.161/16
2023-09-27T12:09:50+03:00 INFO management/client/grpc.go:143: connected to the Management Service stream
2023-09-27T12:09:50+03:00 INFO client/internal/dns/systemd_linux.go:135: adding 1 search domains and 0 match domains. Search list: [vpn.stage.heddin.tech] , Match list: []
2023-09-27T12:09:50+03:00 INFO client/internal/acl/manager.go:67: ACL rules processed in: 1.365082ms, total rules count: 2
2023-09-27T12:10:35+03:00 WARN signal/client/grpc.go:170: disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR
2023-09-27T12:10:50+03:00 INFO signal/client/grpc.go:157: connected to the Signal Service stream
2023-09-27T12:11:35+03:00 WARN signal/client/grpc.go:170: disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR
2023-09-27T12:11:48+03:00 INFO signal/client/grpc.go:157: connected to the Signal Service stream
2023-09-27T12:12:01+03:00 INFO client/internal/dns/systemd_linux.go:135: adding 1 search domains and 0 match domains. Search list: [vpn.stage.heddin.tech] , Match list: []
2023-09-27T12:12:01+03:00 INFO client/internal/acl/manager.go:67: ACL rules processed in: 461.906µs, total rules count: 2
2023-09-27T12:12:36+03:00 WARN signal/client/grpc.go:170: disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR
2023-09-27T12:12:40+03:00 WARN signal/client/grpc.go:151: disconnected from the Signal Exchange due to an error: rpc error: code = Unavailable desc = connection error: desc = "error reading from server: read tcp 192.168.1.100:59684->hidden:443: read: connection timed out"
2023-09-27T12:12:41+03:00 WARN management/client/grpc.go:158: disconnected from the Management service but will retry silently. Reason: rpc error: code = Unavailable desc = keepalive ping failed to receive ACK within `timeout`

How should I additionally configure my nginx ingress controller and\or ingress resources to solve this issue?

PS. I can't add additionaly:
grpc_pass grpc://$service_name:$service_port;
because nginx config already has:
grpc_pass grpc://$upstream_balancer;
and I get error when try:

Error: cannot patch "netbird-management" with kind Ingress: admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: 
 nginx: [emerg] "grpc_pass" directive is duplicate in /tmp/nginx/nginx-cfg1131325741:4731
 nginx: configuration file /tmp/nginx/nginx-cfg1131325741 test failed

@devopskupryk commented on GitHub (Sep 27, 2023): Hello, I'm trying to deploy the netbird management into my k8s cluster v.1.25.12 with the nginx ingress controller 1.19.10 Have specified the annotations in the netbird management and netbird signal ingresses: ``` nginx.ingress.kubernetes.io/backend-protocol: "GRPC" nginx.ingress.kubernetes.io/configuration-snippet: | allow all; grpc_read_timeout 3600s; grpc_send_timeout 3600s; grpc_socket_keepalive on; ``` Peers are registered and the netbird client connected but vpn doesn't work: ``` $ netbird status Daemon version: 0.22.7 CLI version: 0.22.7 Management: Connected Signal: Connected FQDN: test.hidden.tech NetBird IP: 100.77.11.161/16 Interface type: Kernel Peers count: 0/5 Connected ``` ``` sudo tail -n 30 /var/log/netbird/client.log 2023-09-27T12:08:47+03:00 WARN client/server/server.go:226: canceling previous waiting execution 2023-09-27T12:09:34+03:00 INFO client/internal/login.go:130: peer has been successfully registered on Management Service 2023-09-27T12:09:35+03:00 INFO client/internal/wgproxy/proxy_ebpf.go:79: local wg proxy listening on: 3128 2023-09-27T12:09:35+03:00 INFO iface/tun_linux.go:15: create tun interface with kernel WireGuard support: wt0 2023-09-27T12:09:50+03:00 INFO signal/client/grpc.go:157: connected to the Signal Service stream 2023-09-27T12:09:50+03:00 INFO client/internal/connect.go:179: Netbird engine started, my IP is: 100.77.11.161/16 2023-09-27T12:09:50+03:00 INFO management/client/grpc.go:143: connected to the Management Service stream 2023-09-27T12:09:50+03:00 INFO client/internal/dns/systemd_linux.go:135: adding 1 search domains and 0 match domains. Search list: [vpn.stage.heddin.tech] , Match list: [] 2023-09-27T12:09:50+03:00 INFO client/internal/acl/manager.go:67: ACL rules processed in: 1.365082ms, total rules count: 2 2023-09-27T12:10:35+03:00 WARN signal/client/grpc.go:170: disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR 2023-09-27T12:10:50+03:00 INFO signal/client/grpc.go:157: connected to the Signal Service stream 2023-09-27T12:11:35+03:00 WARN signal/client/grpc.go:170: disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR 2023-09-27T12:11:48+03:00 INFO signal/client/grpc.go:157: connected to the Signal Service stream 2023-09-27T12:12:01+03:00 INFO client/internal/dns/systemd_linux.go:135: adding 1 search domains and 0 match domains. Search list: [vpn.stage.heddin.tech] , Match list: [] 2023-09-27T12:12:01+03:00 INFO client/internal/acl/manager.go:67: ACL rules processed in: 461.906µs, total rules count: 2 2023-09-27T12:12:36+03:00 WARN signal/client/grpc.go:170: disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR 2023-09-27T12:12:40+03:00 WARN signal/client/grpc.go:151: disconnected from the Signal Exchange due to an error: rpc error: code = Unavailable desc = connection error: desc = "error reading from server: read tcp 192.168.1.100:59684->hidden:443: read: connection timed out" 2023-09-27T12:12:41+03:00 WARN management/client/grpc.go:158: disconnected from the Management service but will retry silently. Reason: rpc error: code = Unavailable desc = keepalive ping failed to receive ACK within `timeout` ``` How should I additionally configure my nginx ingress controller and\or ingress resources to solve this issue? PS. I can't add additionaly: `grpc_pass grpc://$service_name:$service_port;` because nginx config already has: `grpc_pass grpc://$upstream_balancer;` and I get error when try: ``` Error: cannot patch "netbird-management" with kind Ingress: admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: nginx: [emerg] "grpc_pass" directive is duplicate in /tmp/nginx/nginx-cfg1131325741:4731 nginx: configuration file /tmp/nginx/nginx-cfg1131325741 test failed ```

saavagebueno commented

2025-11-20 05:08:49 -05:00

@devopskupryk commented on GitHub (Oct 3, 2023):

Any news?

@devopskupryk commented on GitHub (Oct 3, 2023): Any news?

saavagebueno commented

2025-11-20 05:08:49 -05:00

@ykorzikowski commented on GitHub (Oct 4, 2023):

Can you post some nginx access / error logs? Maybe this is some ingress configuration issue and noting regarding netbird.

@ykorzikowski commented on GitHub (Oct 4, 2023): Can you post some nginx access / error logs? Maybe this is some ingress configuration issue and noting regarding netbird.

saavagebueno commented

2025-11-20 05:08:50 -05:00

@devopskupryk commented on GitHub (Oct 6, 2023):

Nginx ingress controllers' logs don't contain any error:

~ % stern nginx -i netbird
+ nginx-ingress-ingress-nginx-controller-ssvsd › controller
+ nginx-ingress-ingress-nginx-controller-kc929 › controller
+ nginx-ingress-ingress-nginx-controller-znnks › controller
+ nginx-ingress-ingress-nginx-controller-dsphr › controller
+ nginx-ingress-ingress-nginx-controller-qlglz › controller
+ nginx-ingress-ingress-nginx-controller-6jqht › controller
nginx-ingress-ingress-nginx-controller-qlglz controller ip-hidden - - [06/Oct/2023:07:43:22 +0000] "POST /management.ManagementService/GetServerKey HTTP/2.0" 200 61 "-" "grpc-go/1.55.0" 118 0.002 [netbird-netbird-management-80] [] 10.244.3.224:80 91 0.004 200 d93bf7b778f62315eddbce6d13e36540
nginx-ingress-ingress-nginx-controller-qlglz controller ip-hidden - - [06/Oct/2023:07:43:22 +0000] "POST /management.ManagementService/GetPKCEAuthorizationFlow HTTP/2.0" 200 0 "-" "grpc-go/1.55.0" 149 0.002 [netbird-netbird-management-80] [] 10.244.3.224:80 67 0.000 200 55a5a3f501b501a66b96cd41b7a64dec
nginx-ingress-ingress-nginx-controller-qlglz controller ip-hidden - - [06/Oct/2023:07:43:27 +0000] "POST /management.ManagementService/GetServerKey HTTP/2.0" 200 61 "-" "grpc-go/1.55.0" 118 0.002 [netbird-netbird-management-80] [] 10.244.3.224:80 91 0.004 200 2f1504ba52578c47c42aa625646c24b5
nginx-ingress-ingress-nginx-controller-qlglz controller ip-hidden - - [06/Oct/2023:07:43:27 +0000] "POST /management.ManagementService/Login HTTP/2.0" 200 0 "-" "grpc-go/1.55.0" 352 0.002 [netbird-netbird-management-80] [] 10.244.3.224:80 88 0.000 200 3739e538f1cc0de4a30661be8e30c8e8
nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:43:56 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 254 0.012 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.008 200 320af0b7fa14deb408df7a9655d6894e
nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:43:56 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.004 200 c9b0464002cf4a0c99090ae3e4dd965b
nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:43:57 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.000 200 8ce398045d021141db56fe2d7ab0a40b
nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:44:36 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.004 200 89850818ca10896a4cd86d91ca4b0111
nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:44:36 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.000 200 97ec32beb45da1830ee71e7062260acf
nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:44:40 +0000] "POST /signalexchange.SignalExchange/ConnectStream HTTP/2.0" 200 0 "-" "grpc-go/1.55.0" 154 60.000 [netbird-netbird-signal-80] [] 10.244.3.157:80 187 60.000 200 33cd1401fdfed21bbafd556ef35317db
nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:45:06 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.006 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.008 200 5a77a24d9402d063a6a4ecc4a2c99929
nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:45:15 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.007 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.004 200 1d285753adebe4f1647259ea2d60020c
nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:45:15 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.000 200 9fbd16a3312440bcc847bc6f2c93be4e

@devopskupryk commented on GitHub (Oct 6, 2023): Nginx ingress controllers' logs don't contain any error: ``` ~ % stern nginx -i netbird + nginx-ingress-ingress-nginx-controller-ssvsd › controller + nginx-ingress-ingress-nginx-controller-kc929 › controller + nginx-ingress-ingress-nginx-controller-znnks › controller + nginx-ingress-ingress-nginx-controller-dsphr › controller + nginx-ingress-ingress-nginx-controller-qlglz › controller + nginx-ingress-ingress-nginx-controller-6jqht › controller nginx-ingress-ingress-nginx-controller-qlglz controller ip-hidden - - [06/Oct/2023:07:43:22 +0000] "POST /management.ManagementService/GetServerKey HTTP/2.0" 200 61 "-" "grpc-go/1.55.0" 118 0.002 [netbird-netbird-management-80] [] 10.244.3.224:80 91 0.004 200 d93bf7b778f62315eddbce6d13e36540 nginx-ingress-ingress-nginx-controller-qlglz controller ip-hidden - - [06/Oct/2023:07:43:22 +0000] "POST /management.ManagementService/GetPKCEAuthorizationFlow HTTP/2.0" 200 0 "-" "grpc-go/1.55.0" 149 0.002 [netbird-netbird-management-80] [] 10.244.3.224:80 67 0.000 200 55a5a3f501b501a66b96cd41b7a64dec nginx-ingress-ingress-nginx-controller-qlglz controller ip-hidden - - [06/Oct/2023:07:43:27 +0000] "POST /management.ManagementService/GetServerKey HTTP/2.0" 200 61 "-" "grpc-go/1.55.0" 118 0.002 [netbird-netbird-management-80] [] 10.244.3.224:80 91 0.004 200 2f1504ba52578c47c42aa625646c24b5 nginx-ingress-ingress-nginx-controller-qlglz controller ip-hidden - - [06/Oct/2023:07:43:27 +0000] "POST /management.ManagementService/Login HTTP/2.0" 200 0 "-" "grpc-go/1.55.0" 352 0.002 [netbird-netbird-management-80] [] 10.244.3.224:80 88 0.000 200 3739e538f1cc0de4a30661be8e30c8e8 nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:43:56 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 254 0.012 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.008 200 320af0b7fa14deb408df7a9655d6894e nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:43:56 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.004 200 c9b0464002cf4a0c99090ae3e4dd965b nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:43:57 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.000 200 8ce398045d021141db56fe2d7ab0a40b nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:44:36 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.004 200 89850818ca10896a4cd86d91ca4b0111 nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:44:36 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.000 200 97ec32beb45da1830ee71e7062260acf nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:44:40 +0000] "POST /signalexchange.SignalExchange/ConnectStream HTTP/2.0" 200 0 "-" "grpc-go/1.55.0" 154 60.000 [netbird-netbird-signal-80] [] 10.244.3.157:80 187 60.000 200 33cd1401fdfed21bbafd556ef35317db nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:45:06 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.006 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.008 200 5a77a24d9402d063a6a4ecc4a2c99929 nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:45:15 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.007 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.004 200 1d285753adebe4f1647259ea2d60020c nginx-ingress-ingress-nginx-controller-dsphr controller ip-hidden - - [06/Oct/2023:07:45:15 +0000] "POST /signalexchange.SignalExchange/Send HTTP/2.0" 200 5 "-" "grpc-go/1.55.0" 217 0.002 [netbird-netbird-signal-80] [] 10.244.3.157:80 47 0.000 200 9fbd16a3312440bcc847bc6f2c93be4e ```

saavagebueno commented

2025-11-20 05:08:50 -05:00

@devopskupryk commented on GitHub (Oct 11, 2023):

Any news?

@devopskupryk commented on GitHub (Oct 11, 2023): Any news?

saavagebueno commented

2025-11-20 05:08:50 -05:00

@fede843 commented on GitHub (Apr 16, 2025):

I still see this. We are on nginx 1.27.2.
As it is mentioned here, increasing grpc_read_timeout reduce the frequency of this disconnection, but not sure if it might have a negative impact somewhere else. I've seen setting in the forums from 300s to 1d.

@fede843 commented on GitHub (Apr 16, 2025): I still see this. We are on nginx 1.27.2. As it is mentioned here, increasing grpc_read_timeout reduce the frequency of this disconnection, but not sure if it might have a negative impact somewhere else. I've seen setting in the forums from 300s to 1d.

saavagebueno commented

2025-11-20 05:08:50 -05:00

@nazarewk commented on GitHub (Apr 17, 2025):

I still see this. We are on nginx 1.27.2. As it is mentioned here, increasing grpc_read_timeout reduce the frequency of this disconnection, but not sure if it might have a negative impact somewhere else. I've seen setting in the forums from 300s to 1d.

Another user seems to be working around it by setting a 7d timeout at https://github.com/netbirdio/netbird/issues/955#issuecomment-1602405962

@nazarewk commented on GitHub (Apr 17, 2025): > I still see this. We are on nginx 1.27.2. As it is mentioned here, increasing grpc_read_timeout reduce the frequency of this disconnection, but not sure if it might have a negative impact somewhere else. I've seen setting in the forums from 300s to 1d. Another user seems to be working around it by setting a `7d` timeout at https://github.com/netbirdio/netbird/issues/955#issuecomment-1602405962

saavagebueno referenced this issue

2025-11-20 07:12:12 -05:00

[PR #266] [MERGED] Fix goreleaser version to 1.6.3 #2665

Sign in to join this conversation.

Branches Tags

main

feature/affected-peers

dependabot/go_modules/github.com/Azure/go-ntlmssp-0.1.1

debug-logs

ui-refactor

drop-dns-probes

improve-usp-fw

reduce-embed-wg-pool

dns-skip-failover-on-ede

feat/byod-proxy

windows-dns-firewall

fix/relay-healthcheck-non-standard-port

fix/login-persist-url-flags

ssh-config-tmp-cleanup

dependabot/go_modules/github.com/jackc/pgx/v5-5.9.2

fix/login-cmd-root-flags

feat/reseller-openapi-spec

github-issue-resolver

add-steamos-support

fix-darwin-uninstaller

flutter-test

dependabot/npm_and_yarn/proxy/web/postcss-8.5.12

ci/freebsd-pkg-bootstrap

cached-serial-check-on-sync

fix-mgmt-cache-bypass-overlay

revert-easyjson-5938

revert-ice-5820

revert-firewalld-5928

refactor/permissions-manager

wasm-js-func-release

wasm-websocket-dial

revert-dns-5935-systemd-resolved

revert-dns-5935-5945

revert-dns-5945-mgmt-cache

feature/log-most-busy-peers

prototype/ui-wails

vnc-server

coderabbitai/utg/8ae8f20

feature/use-peer-fqdn-on-https

dependabot/go_modules/golang.org/x/image-0.38.0

feature/metrics-push-management-control

release/0.68.3

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3

add-slack-channel

claude/rdp-token-passthrough-eNcqW

transparent-proxy

fix/macos-stale-route-eexist

crowdsec-selfhosted

fix/remove-otel-units

entire/checkpoints/v1

dependabot/go_modules/github.com/go-jose/go-jose/v4-4.1.4

fix/getting-started

feat/static-connectors-combined-server

feature/use-local-keys-embedded

feature/fleetdm

set-env-only-if-not-fork

feature/expose-has-channel

fix/connection-status-race

fix/filter-cgnat-cni-ice-candidates

feature/check-cert-locker-before-acme

test/proxy-fixes

test/proxy-mtu

prototype/ui-tauri

test/proxy-speed

fix-reused-ports

feat/migrate-to-embedded-idp

feature/add-serial-to-proxy-merged

deploy/proxy-serial

test/connection

feature/disable-legacy-port

feature/flag-to-disable-legacy-port

test/perftest

dependabot/go_modules/github.com/pion/dtls/v3-3.0.11

fix/http-redirect

poc-token-command

dn-reverse-proxy

prototype/reverse-proxy-rename

prototype/reverse-proxy-logs-pagination

feature/client-metrics

prototype/reverse-proxy-clusters

debug-dns-route

fix/win-dns-batch

add-extra-route-logs

job-stream-notify-disconnection-eof

deploy/secrets-manager

trigger-proxy-update

bug/update-ios-client-code-build-tags

sync-client-netmap-serial

log/conn-disconn

nmap/compaction-deploy

ci-win-test

feature/disk-encryption-check

wasm-debug

swap-dns-prio

fix/dex-config

feature/migrate-auto-groups-to-table

dependabot/go_modules/github.com/quic-go/quic-go-0.57.0

nmap/compaction

dex-nocgo-stub

feature/exclude-terraform-from-rate-limiting

test-freebsd

retries-refactor

coderabbitai/docstrings/b7e98ac

feat/integrate-zitadel

bug/ios-hanging-reconection

zitadel-idp

feat/network-map-serial

refactor/get-account-no-users

feat/auto-upgrade

feature/report-high-pat-id

feature/temporary-access-for-resource

fix/nmap-fwrules

dont-restart-dns

prototype/ui

update-gomobile

go-dns-for-ice

wasm-ldflags

test-ldflags

wasmbuild-test

feature/networks-s2s

vk/compare-nmaps

dbg/bothmaps

feature/changeset

reorder-dns-shutdown

fix/relay-reconnection-race

fix/nmap-exitnodes

vk/debug/nmap-both

move-licensed-code

feat/better-daemon-connection-lost-message

feat/auto-update-2

test/timings

refactor/getaccount-raw

tests/nmap-getaccount

refactor/nmap

refactor/nmap-limit-buffer

feature/detect-mac-wakeup

feature/extract-modules

quick-setings

feat/sync-limiter

feature/store-cache-impl

fix-install-version

feature/store-metrics

feature/metrics-on-store

feature/use-gorm-cache

loadtest-signal

unsymmetrical-squash

refactor/reducate-signaling

test/update-reduce

feature/store-cache

feature/remote-debug

cli-ws-proxy-backend-addr

feat/mgmt-map-serial

snyk-fix-d9d0081a4c7f9137bdb59d0d50a141a2

snyk-fix-7415cea5a11acd66753540ca2c598c63

job-yml-update

feature/android-allow-selecting-routes

fix/up-sequence

fix/dns-hash-update

snyk-fix-967adae9863f17f108ce8948d9117b8d

log/getaccount-by-peer

signal-suppressor

dns-exit-node

feature/auto-updates

feature/cache-srv-key

merged-fixes

fix/missed-offers-and-debug

debug-and-fixes

poc-wasm-clean-backend-s2s

test/remote-debug

debug-api

dependabot/go_modules/github.com/docker/docker-28.0.0incompatible

fix/remove-gpo-if-empty

fix/test-freebsd

fix/mysql-setup

fix/remove-logout-btn

handle-existing-domain-user

chore/unify-domain-validation

snyk-fix-c5fafc8a50ce1f29046e25a1fc346185

feat/profile-edit-btn

snyk-fix-a54966211e18d4cf67e5a2757cc006d1

log-short-id

feat/logout-ephemeral

log-checks

batch-wg-ops

nb-interface-default

feat/aws-integration

add/race-test

feature/relay-feature-versioning

fix/systemd-service-logs

poc/preprocessed-map

add-account-onboarding

bind-ipv6

fix/merge-main

logs/peerlogs-addpeer

feature/net-297-network-migration

feature/support-skip-auto-apply-exit-node-routes

set-cmd

set-command-with-cursor

feature/limit-update-channel

stop-using-locking-share

feature/poc-lazy-detection

feature/net-248-removal-of-sync-mutex-locks

test/multiple-peer-logging

preresolve

add-ns-punnycode-support

apply-routes-early

windows-search-domains

fix/connecting-route-filter

feature/management/rest-client/impersonate

debug-local-records

resource-fields-snake-case

test/grpc-rate-limit

traffic-correlation-policy

feature/rest-client-options

feat/events-metrics

feature/buf-cli

test/add-ratelimiter

test/remove-write-lock-on-add-peer

fix/add-peer-semaphore

feature/users-roles-endpoint

mlsmaycon-patch-1

debug-user-role

chore/primary-key-on-networks

feature/update-account-peers-buffer-startup

remove-ubuntu2004-runners

refactor/permissions-no-pat-allowed

ref/logrus-factory

use-conntrack-zone

deploy/permissions-account

feature/lazy-connection-idle

ref/improve-test-cov

restore-pr-3440

test/increase-grpc-timeouts

feat/buffer-account-peers-update

test/networkmapgeneration-changes

feature/base-manager

feature/flow-receiver

chore/benchmark-with-large-runner

refactor/handshake-initiator

client/ui-update-systray-icons

userspace-router

wgwatcher-test

output-if-key-already-exists

fix/relay-reconnection

feature/port-forwarding-client-codecleaning

detached2

test/callbacks-nil-iceconninfo

refactor/optimize-peer-expiration

enable-udp-port-for-docker-template

fix/relay-update

feature/apply-posture-netmap

fix/group-update-existing-resource

conntrack-stats

upgrade-okta-sdk

multi-price

test/conn-stat

set-min-parallel-tests-for-management

dns-interceptor

debug-dns

router-dns

add-static-system-info

debug-0.29.4

debug-0.33.0

account-refactoring

relay/2800_quic

route-get-account-refactoring

test/seed-random-routes

feature/get-account-refactoring

test/reconnect-race-condition

refactor/get-account-usage

feature/add-session-id-to-update-channel

improve-ipv4conn

fix/async-pion-event-handling

debug

add-offload

feature/validate-group-association-debug

fix/limit-conn-for-sqlite

test/engine-iface

test/transaction-for-jwt-sync

fix/engine-stop-in-foreground

feature/add-mysql-support

test-migration

refactor/header-size-values

relay/eliminate-gob

test/signal-dispatcher-with-relay

relay/debug

validate-icon

feature/ipv6-support

use-pre-expanded-peers-map

feature/use-signal-dispatcher

validate/peer-status

add-read-write-times

fix/sync-peer-race

feature/relay-status

netmap

evaluate/network-map-hash

fix/lower-dns-resolve-interval-on-fail

feature/relay

fix/go-mod-version

upgrade-nftables

synology-userspace-mode

fix/use-ip-for-default-routes-on-darwin

fix/proxy_close

enable-release-workflow-on-pr

deploy/peer-performance

feature/permanent-turn

feature/permanent-turn-proxy

deploy/posture-check-sqlite

feature/optimize_sqlite_save

debug-ios-behavior

fix/delete-route-only-after-adding

tshoot/windows-logger

remove-new-routing

refactor/eliminate-repo-dependency

add-arm-to-ci

refactor-demo-account-object

test/abc2

test/abc

send-ssh-rosenpass-config-meta

refactor-demo

ensure-schedule-never-runs-non-positive

feature/peer-validator-groupmgm

feature/peer-validator-fix

fix/include-active-dashboard-users

fix/handle-canceling-schedule

fix/geo-download

debug-google-workspace

yury/resolve-ip-to-location

feature/extend-sysinfo

sqlite-async-peer-status

yury/add-postgresql-store

fix/route

test-build

posture-checks-poc

debug-keycloak-idp

poc/netstack

for-pascal-tmp

peer-logout-management

manual-peer-logout

detached

chore/refactor-management

test/dns-bind

fix/enforce-acl-for-containers

yury/use-sync-map-in-updatechannel

fix/events-key-handling

filter-cache-on-load-account

fix/user-expiration

handle-user-context-cancellation

nb-client-k8s-statefulset

fake-addr

fix/iptables_in_docker

ebpf-debug

update-getting-started-flow-use-postgres

fix/peer_list_notification

feature/device-authentication-with-client-secret

feature/keep_alive

feat-groups-from-jwt

separate_proxy_from_wgconfig

fix/wg_conn

wg_conn_fix

wg_bind_parallel_processing

fix-rollback-get-acls

proxy_cfg_cleanup

performance-improvement-rego

update-lock-log-level

feat-client-side-acl

refactor/move_grpcserver_logic_to_account_manager

feature/event-storage

feature/update-idp-redeeming-invite

feature/api-peer-info

return-groupminimum-setupkey

feature/interface-bind

documentation_enhancement

fix-peer-registration

ssh

users_cache

pass-client-caller

client_caller_type

revert-283-feat-fix-windows-installer

periodic-peer-updates

ebpf

braginini/wasm

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/netbird#266