Installing netbird on a Oracle Cloud VPS (Ubuntu) #584

Open
opened 2025-11-20 05:14:10 -05:00 by saavagebueno · 4 comments
Owner

Originally created by @mrmoose0 on GitHub (Jan 16, 2024).

Describe the problem
I installed self-hosting netbird on OCI using Authentik self-hosted. Authentication works well and installation too but on the dashboard there is the message: "Network Error". Is visible only Peers menù.

image

How can I solve the problem?

Here is docker logs

artifacts-signal-1 | 2024-01-16T16:26:55Z INFO signal/cmd/run.go:107: running gRPC backward compatibility server: [::]:10000
artifacts-signal-1 | 2024-01-16T16:26:55Z INFO signal/cmd/run.go:129: running gRPC server: [::]:80
artifacts-signal-1 | 2024-01-16T16:26:55Z INFO signal/cmd/run.go:132: started Signal Service
artifacts-coturn-1 | 0: (1): INFO: System cpu num is 2
artifacts-coturn-1 | 0: (1): INFO: log file opened: /var/tmp/turn_1_2024-01-16.log
artifacts-coturn-1 | 0: (1): INFO: System enable num is 2
artifacts-coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst'
artifacts-coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst'
artifacts-coturn-1 | 0: (1): INFO: Max number of open files/sockets allowed for this process: 1048576
artifacts-coturn-1 | 0: (1): INFO: Due to the open files/sockets limitation, max supported number of TURN Sessions possible is: 524000 (approximately)
artifacts-coturn-1 | 0: (1): INFO:
artifacts-coturn-1 |
artifacts-coturn-1 | ==== Show him the instruments, Practical Frost: ====
artifacts-coturn-1 |
artifacts-coturn-1 | 0: (1): INFO: OpenSSL compile-time version: OpenSSL 3.0.11 19 Sep 2023 (0x300000b0)
artifacts-coturn-1 | 0: (1): INFO: TLS 1.3 supported
artifacts-coturn-1 | 0: (1): INFO: DTLS 1.2 supported
artifacts-coturn-1 | 0: (1): INFO: TURN/STUN ALPN supported
artifacts-coturn-1 | 0: (1): INFO: Third-party authorization (oAuth) supported
artifacts-coturn-1 | 0: (1): INFO: GCM (AEAD) supported
artifacts-coturn-1 | 0: (1): INFO: SQLite supported, default database location is /var/lib/coturn/turndb
artifacts-coturn-1 | 0: (1): INFO: Redis supported
artifacts-coturn-1 | 0: (1): INFO: PostgreSQL supported
artifacts-coturn-1 | 0: (1): INFO: MySQL supported
artifacts-coturn-1 | 0: (1): INFO: MongoDB supported
artifacts-coturn-1 | 0: (1): INFO: Default Net Engine version: 3 (UDP thread per CPU core)
artifacts-coturn-1 | 0: (1): INFO: Domain name: netbird.example.com
artifacts-coturn-1 | 0: (1): INFO: Default realm: wiretrustee.com
artifacts-coturn-1 | 0: (1): WARNING: cannot find certificate file: /etc/coturn/certs/cert.pem (1)
artifacts-coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
artifacts-coturn-1 | 0: (1): WARNING: cannot find private key file: /etc/coturn/private/privkey.pem (1)
artifacts-coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
artifacts-coturn-1 | 0: (1): INFO: Certificate file found: /etc/coturn/certs/cert.pem
artifacts-coturn-1 | 0: (1): INFO: Private key file found: /etc/coturn/private/privkey.pem
artifacts-coturn-1 | 0: (1): WARNING: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
artifacts-coturn-1 | 0: (1): INFO: ===========Discovering listener addresses: =========
artifacts-coturn-1 | 0: (1): INFO: Listener address to use: 127.0.0.1
artifacts-coturn-1 | 0: (1): INFO: Listener address to use: 192.168.50.32
artifacts-coturn-1 | 0: (1): INFO: Listener address to use: 172.17.0.1
artifacts-coturn-1 | 0: (1): INFO: Listener address to use: 172.23.0.1
artifacts-coturn-1 | 0: (1): INFO: Listener address to use: ::1
artifacts-coturn-1 | 0: (1): INFO: =====================================================
artifacts-coturn-1 | 0: (1): INFO: Total: 3 'real' addresses discovered
artifacts-coturn-1 | 0: (1): INFO: =====================================================
artifacts-coturn-1 | 0: (1): WARNING: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
artifacts-coturn-1 | 0: (1): INFO: ===========Discovering relay addresses: =============
artifacts-coturn-1 | 0: (1): INFO: Relay address to use: 192.168.50.32
artifacts-coturn-1 | 0: (1): INFO: Relay address to use: 172.17.0.1
artifacts-coturn-1 | 0: (1): INFO: Relay address to use: 172.23.0.1
artifacts-coturn-1 | 0: (1): INFO: Relay address to use: ::1
artifacts-coturn-1 | 0: (1): INFO: =====================================================
artifacts-coturn-1 | 0: (1): INFO: Total: 4 relay addresses discovered
artifacts-coturn-1 | 0: (1): INFO: =====================================================
artifacts-coturn-1 | 0: (1): INFO: pid file created: /var/tmp/turnserver.pid
artifacts-coturn-1 | 0: (1): INFO: IO method: epoll (with changelist)
artifacts-coturn-1 | 0: (1): WARNING: STUN CHANGE_REQUEST not supported: only one IP address is provided
artifacts-coturn-1 | 0: (1): INFO: Wait for relay ports initialization...
artifacts-coturn-1 | 0: (1): INFO: relay 192.168.50.32 initialization...
artifacts-management-1 | 2024-01-16T16:26:57Z INFO management/cmd/management.go:407: loading OIDC configuration from the provided IDP configuration endpoint https://authentik.example.com/application/o/netbird/.well-known/openid-configuration
artifacts-coturn-1 | 0: (1): INFO: relay 192.168.50.32 initialization done
artifacts-coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization...
artifacts-dashboard-1 | + LETSENCRYPT_DOMAIN=netbird.example.com
artifacts-dashboard-1 | + LETSENCRYPT_EMAIL=user@example.com
artifacts-dashboard-1 | + NGINX_SSL_PORT=443
artifacts-dashboard-1 | + '[' netbird.example.com-x == none-x ']'
artifacts-dashboard-1 | NetBird latest version:
artifacts-dashboard-1 | + certbot -n --nginx --agree-tos --email user@example.com -d netbird.example.com --https-port 443
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:412: loaded OIDC configuration from the provided IDP configuration endpoint: https://authentik.example.com/application/o/netbird/.well-known/openid-configuration
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:414: overriding HttpConfig.AuthIssuer with a new value https://authentik.example.com/application/o/netbird/, previously configured value: https://authentik.example.com/application/o/netbird/
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:418: overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://authentik.example.com/application/o/netbird/jwks/, previously configured value: https://authentik.example.com/application/o/netbird/jwks/
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:423: overriding DeviceAuthorizationFlow.TokenEndpoint with a new value: https://authentik.example.com/application/o/token/, previously configured value: https://authentik.example.com/application/o/token/
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:426: overriding DeviceAuthorizationFlow.DeviceAuthEndpoint with a new value: https://authentik.example.com/application/o/device/, previously configured value: https://authentik.example.com/application/o/device/
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:434: overriding DeviceAuthorizationFlow.ProviderConfig.Domain with a new value: authentik.example.com, previously configured value: authentik.example.com
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:444: overriding PKCEAuthorizationFlow.TokenEndpoint with a new value: https://authentik.example.com/application/o/token/, previously configured value: https://authentik.example.com/application/o/token/
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:447: overriding PKCEAuthorizationFlow.AuthorizationEndpoint with a new value: https://authentik.example.com/application/o/authorize/, previously configured value: https://authentik.example.com/application/o/authorize/
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/server/store.go:74: using JSON file store engine
artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/server/account.go:828: single account mode enabled, accounts number 0
artifacts-dashboard-1 | NetBird latest version:
artifacts-coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization done
artifacts-coturn-1 | 0: (1): INFO: relay 172.23.0.1 initialization...
artifacts-management-1 | 2024-01-16T16:27:01Z INFO management/server/account.go:1009: 1 entries received from IdP management
artifacts-management-1 | 2024-01-16T16:27:01Z INFO management/server/account.go:1038: warmed up IDP cache with 0 entries
artifacts-management-1 | 2024-01-16T16:27:02Z INFO management/cmd/management.go:249: running gRPC backward compatibility server: [::]:33073
artifacts-management-1 | 2024-01-16T16:27:02Z INFO management/cmd/management.go:281: running HTTP server and gRPC server on the same port: [::]:443
artifacts-dashboard-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
artifacts-coturn-1 | 0: (1): INFO: relay 172.23.0.1 initialization done
artifacts-coturn-1 | 0: (1): INFO: relay ::1 initialization...
artifacts-dashboard-1 | Certificate not yet due for renewal
artifacts-dashboard-1 | Deploying certificate
artifacts-dashboard-1 | Successfully deployed certificate for netbird.example.com to /etc/nginx/http.d/default.conf
artifacts-coturn-1 | 0: (1): INFO: relay ::1 initialization done
artifacts-coturn-1 | 0: (1): INFO: Relay ports initialization done
artifacts-coturn-1 | 0: (1): INFO: Total General servers: 2
artifacts-coturn-1 | 10: (9): DEBUG: turn server id=0 created
artifacts-coturn-1 | 10: (10): DEBUG: turn server id=1 created
artifacts-coturn-1 | 10: (1): INFO: Total auth threads: 3
artifacts-coturn-1 | 10: (1): INFO: prometheus collector disabled, not started
artifacts-dashboard-1 | Congratulations! You have successfully enabled HTTPS on https://netbird.example.com
artifacts-dashboard-1 |
artifacts-dashboard-1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
artifacts-dashboard-1 | If you like Certbot, please consider supporting our work by:
artifacts-dashboard-1 | * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
artifacts-dashboard-1 | * Donating to EFF: https://eff.org/donate-le
artifacts-dashboard-1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
artifacts-dashboard-1 | + cat
artifacts-dashboard-1 | + supervisorctl start cron
artifacts-dashboard-1 | crond: crond (busybox 1.33.1) started, log level 8
artifacts-dashboard-1 | cron: started

Originally created by @mrmoose0 on GitHub (Jan 16, 2024). **Describe the problem** I installed self-hosting netbird on OCI using Authentik self-hosted. Authentication works well and installation too but on the dashboard there is the message: "Network Error". Is visible only Peers menù. ![image](https://github.com/netbirdio/netbird/assets/117366017/935c4b28-5c7f-4166-b5db-137f46bb2bf1) How can I solve the problem? Here is docker logs artifacts-signal-1 | 2024-01-16T16:26:55Z INFO signal/cmd/run.go:107: running gRPC backward compatibility server: [::]:10000 artifacts-signal-1 | 2024-01-16T16:26:55Z INFO signal/cmd/run.go:129: running gRPC server: [::]:80 artifacts-signal-1 | 2024-01-16T16:26:55Z INFO signal/cmd/run.go:132: started Signal Service artifacts-coturn-1 | 0: (1): INFO: System cpu num is 2 artifacts-coturn-1 | 0: (1): INFO: log file opened: /var/tmp/turn_1_2024-01-16.log artifacts-coturn-1 | 0: (1): INFO: System enable num is 2 artifacts-coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst' artifacts-coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst' artifacts-coturn-1 | 0: (1): INFO: Max number of open files/sockets allowed for this process: 1048576 artifacts-coturn-1 | 0: (1): INFO: Due to the open files/sockets limitation, max supported number of TURN Sessions possible is: 524000 (approximately) artifacts-coturn-1 | 0: (1): INFO: artifacts-coturn-1 | artifacts-coturn-1 | ==== Show him the instruments, Practical Frost: ==== artifacts-coturn-1 | artifacts-coturn-1 | 0: (1): INFO: OpenSSL compile-time version: OpenSSL 3.0.11 19 Sep 2023 (0x300000b0) artifacts-coturn-1 | 0: (1): INFO: TLS 1.3 supported artifacts-coturn-1 | 0: (1): INFO: DTLS 1.2 supported artifacts-coturn-1 | 0: (1): INFO: TURN/STUN ALPN supported artifacts-coturn-1 | 0: (1): INFO: Third-party authorization (oAuth) supported artifacts-coturn-1 | 0: (1): INFO: GCM (AEAD) supported artifacts-coturn-1 | 0: (1): INFO: SQLite supported, default database location is /var/lib/coturn/turndb artifacts-coturn-1 | 0: (1): INFO: Redis supported artifacts-coturn-1 | 0: (1): INFO: PostgreSQL supported artifacts-coturn-1 | 0: (1): INFO: MySQL supported artifacts-coturn-1 | 0: (1): INFO: MongoDB supported artifacts-coturn-1 | 0: (1): INFO: Default Net Engine version: 3 (UDP thread per CPU core) artifacts-coturn-1 | 0: (1): INFO: Domain name: netbird.example.com artifacts-coturn-1 | 0: (1): INFO: Default realm: wiretrustee.com artifacts-coturn-1 | 0: (1): WARNING: cannot find certificate file: /etc/coturn/certs/cert.pem (1) artifacts-coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly artifacts-coturn-1 | 0: (1): WARNING: cannot find private key file: /etc/coturn/private/privkey.pem (1) artifacts-coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because private key file is not set properly artifacts-coturn-1 | 0: (1): INFO: Certificate file found: /etc/coturn/certs/cert.pem artifacts-coturn-1 | 0: (1): INFO: Private key file found: /etc/coturn/private/privkey.pem artifacts-coturn-1 | 0: (1): WARNING: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED artifacts-coturn-1 | 0: (1): INFO: ===========Discovering listener addresses: ========= artifacts-coturn-1 | 0: (1): INFO: Listener address to use: 127.0.0.1 artifacts-coturn-1 | 0: (1): INFO: Listener address to use: 192.168.50.32 artifacts-coturn-1 | 0: (1): INFO: Listener address to use: 172.17.0.1 artifacts-coturn-1 | 0: (1): INFO: Listener address to use: 172.23.0.1 artifacts-coturn-1 | 0: (1): INFO: Listener address to use: ::1 artifacts-coturn-1 | 0: (1): INFO: ===================================================== artifacts-coturn-1 | 0: (1): INFO: Total: 3 'real' addresses discovered artifacts-coturn-1 | 0: (1): INFO: ===================================================== artifacts-coturn-1 | 0: (1): WARNING: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED artifacts-coturn-1 | 0: (1): INFO: ===========Discovering relay addresses: ============= artifacts-coturn-1 | 0: (1): INFO: Relay address to use: 192.168.50.32 artifacts-coturn-1 | 0: (1): INFO: Relay address to use: 172.17.0.1 artifacts-coturn-1 | 0: (1): INFO: Relay address to use: 172.23.0.1 artifacts-coturn-1 | 0: (1): INFO: Relay address to use: ::1 artifacts-coturn-1 | 0: (1): INFO: ===================================================== artifacts-coturn-1 | 0: (1): INFO: Total: 4 relay addresses discovered artifacts-coturn-1 | 0: (1): INFO: ===================================================== artifacts-coturn-1 | 0: (1): INFO: pid file created: /var/tmp/turnserver.pid artifacts-coturn-1 | 0: (1): INFO: IO method: epoll (with changelist) artifacts-coturn-1 | 0: (1): WARNING: STUN CHANGE_REQUEST not supported: only one IP address is provided artifacts-coturn-1 | 0: (1): INFO: Wait for relay ports initialization... artifacts-coturn-1 | 0: (1): INFO: relay 192.168.50.32 initialization... artifacts-management-1 | 2024-01-16T16:26:57Z INFO management/cmd/management.go:407: loading OIDC configuration from the provided IDP configuration endpoint https://authentik.example.com/application/o/netbird/.well-known/openid-configuration artifacts-coturn-1 | 0: (1): INFO: relay 192.168.50.32 initialization done artifacts-coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization... artifacts-dashboard-1 | + LETSENCRYPT_DOMAIN=netbird.example.com artifacts-dashboard-1 | + LETSENCRYPT_EMAIL=user@example.com artifacts-dashboard-1 | + NGINX_SSL_PORT=443 artifacts-dashboard-1 | + '[' netbird.example.com-x == none-x ']' artifacts-dashboard-1 | NetBird latest version: artifacts-dashboard-1 | + certbot -n --nginx --agree-tos --email user@example.com -d netbird.example.com --https-port 443 artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:412: loaded OIDC configuration from the provided IDP configuration endpoint: https://authentik.example.com/application/o/netbird/.well-known/openid-configuration artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:414: overriding HttpConfig.AuthIssuer with a new value https://authentik.example.com/application/o/netbird/, previously configured value: https://authentik.example.com/application/o/netbird/ artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:418: overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://authentik.example.com/application/o/netbird/jwks/, previously configured value: https://authentik.example.com/application/o/netbird/jwks/ artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:423: overriding DeviceAuthorizationFlow.TokenEndpoint with a new value: https://authentik.example.com/application/o/token/, previously configured value: https://authentik.example.com/application/o/token/ artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:426: overriding DeviceAuthorizationFlow.DeviceAuthEndpoint with a new value: https://authentik.example.com/application/o/device/, previously configured value: https://authentik.example.com/application/o/device/ artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:434: overriding DeviceAuthorizationFlow.ProviderConfig.Domain with a new value: authentik.example.com, previously configured value: authentik.example.com artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:444: overriding PKCEAuthorizationFlow.TokenEndpoint with a new value: https://authentik.example.com/application/o/token/, previously configured value: https://authentik.example.com/application/o/token/ artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/cmd/management.go:447: overriding PKCEAuthorizationFlow.AuthorizationEndpoint with a new value: https://authentik.example.com/application/o/authorize/, previously configured value: https://authentik.example.com/application/o/authorize/ artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081 artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/server/store.go:74: using JSON file store engine artifacts-management-1 | 2024-01-16T16:26:59Z INFO management/server/account.go:828: single account mode enabled, accounts number 0 artifacts-dashboard-1 | NetBird latest version: artifacts-coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization done artifacts-coturn-1 | 0: (1): INFO: relay 172.23.0.1 initialization... artifacts-management-1 | 2024-01-16T16:27:01Z INFO management/server/account.go:1009: 1 entries received from IdP management artifacts-management-1 | 2024-01-16T16:27:01Z INFO management/server/account.go:1038: warmed up IDP cache with 0 entries artifacts-management-1 | 2024-01-16T16:27:02Z INFO management/cmd/management.go:249: running gRPC backward compatibility server: [::]:33073 artifacts-management-1 | 2024-01-16T16:27:02Z INFO management/cmd/management.go:281: running HTTP server and gRPC server on the same port: [::]:443 artifacts-dashboard-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log artifacts-coturn-1 | 0: (1): INFO: relay 172.23.0.1 initialization done artifacts-coturn-1 | 0: (1): INFO: relay ::1 initialization... artifacts-dashboard-1 | Certificate not yet due for renewal artifacts-dashboard-1 | Deploying certificate artifacts-dashboard-1 | Successfully deployed certificate for netbird.example.com to /etc/nginx/http.d/default.conf artifacts-coturn-1 | 0: (1): INFO: relay ::1 initialization done artifacts-coturn-1 | 0: (1): INFO: Relay ports initialization done artifacts-coturn-1 | 0: (1): INFO: Total General servers: 2 artifacts-coturn-1 | 10: (9): DEBUG: turn server id=0 created artifacts-coturn-1 | 10: (10): DEBUG: turn server id=1 created artifacts-coturn-1 | 10: (1): INFO: Total auth threads: 3 artifacts-coturn-1 | 10: (1): INFO: prometheus collector disabled, not started artifacts-dashboard-1 | Congratulations! You have successfully enabled HTTPS on https://netbird.example.com artifacts-dashboard-1 | artifacts-dashboard-1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - artifacts-dashboard-1 | If you like Certbot, please consider supporting our work by: artifacts-dashboard-1 | * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate artifacts-dashboard-1 | * Donating to EFF: https://eff.org/donate-le artifacts-dashboard-1 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - artifacts-dashboard-1 | + cat artifacts-dashboard-1 | + supervisorctl start cron artifacts-dashboard-1 | crond: crond (busybox 1.33.1) started, log level 8 artifacts-dashboard-1 | cron: started
saavagebueno added the idpconfig-issueself-hosting labels 2025-11-20 05:14:10 -05:00
Author
Owner

@lixmal commented on GitHub (Jan 18, 2024):

Hi @mrmoose0,

it seems like the management server is not accessible from your browser.
Can you please run a curl https://yourdomain/api/users -v on the CLI and post the output here?

@lixmal commented on GitHub (Jan 18, 2024): Hi @mrmoose0, it seems like the management server is not accessible from your browser. Can you please run a `curl https://yourdomain/api/users -v` on the CLI and post the output here?
Author
Owner

@mrmoose0 commented on GitHub (Jan 24, 2024):

Hi @mrmoose0,

it seems like the management server is not accessible from your browser. Can you please run a curl https://yourdomain/api/users -v on the CLI and post the output here?

  • Trying 0.0.0.0:443...
  • Connected to netbird.example.com (0.0.0.0) port 443
  • schannel: disabled automatic use of client certificate
  • ALPN: curl offers http/1.1
  • ALPN: server accepted http/1.1
  • using HTTP/1.1

GET /api/users HTTP/1.1
Host: netbird.example.com
User-Agent: curl/8.4.0
Accept: /

< HTTP/1.1 200 OK
< Server: nginx
< Date: Wed, 24 Jan 2024 13:04:25 GMT
< Content-Type: text/html
< Content-Length: 602
< Last-Modified: Thu, 04 Jan 2024 17:52:14 GMT
< Connection: keep-alive
< Vary: Accept-Encoding
< ETag: "6596f04e-25a"
< Accept-Ranges: bytes
<
<!doctype html><html lang="en"><head><script defer="defer" src="/static/js/main.436624eb.js"></script></head>

</html>* Connection #0 to host netbird.example.com left intact

@mrmoose0 commented on GitHub (Jan 24, 2024): > Hi @mrmoose0, > > it seems like the management server is not accessible from your browser. Can you please run a `curl https://yourdomain/api/users -v` on the CLI and post the output here? * Trying 0.0.0.0:443... * Connected to netbird.example.com (0.0.0.0) port 443 * schannel: disabled automatic use of client certificate * ALPN: curl offers http/1.1 * ALPN: server accepted http/1.1 * using HTTP/1.1 > GET /api/users HTTP/1.1 > Host: netbird.example.com > User-Agent: curl/8.4.0 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Wed, 24 Jan 2024 13:04:25 GMT < Content-Type: text/html < Content-Length: 602 < Last-Modified: Thu, 04 Jan 2024 17:52:14 GMT < Connection: keep-alive < Vary: Accept-Encoding < ETag: "6596f04e-25a" < Accept-Ranges: bytes < <!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="robots" content="noindex"><meta name="description" content="NetBird Management Dashboard"/><link rel="manifest" href="/manifest.json"/><title>NetBird</title><script defer="defer" src="/static/js/main.436624eb.js"></script><link href="/static/css/main.940e3c70.css" rel="stylesheet"></head><body><noscript>NetBird Management Dashboard.</noscript><div id="root"></div></body></html>* Connection #0 to host netbird.example.com left intact
Author
Owner

@lixmal commented on GitHub (Jan 25, 2024):

The output indicates that your requests end up on the dashboard and not the API.

It seems the reverse proxy is not configured correctly.
https://docs.netbird.io/selfhosted/selfhosted-guide#configuration-for-your-reverse-proxy

Could you share your docker-compose.yml as well?

@lixmal commented on GitHub (Jan 25, 2024): The output indicates that your requests end up on the dashboard and not the API. It seems the reverse proxy is not configured correctly. https://docs.netbird.io/selfhosted/selfhosted-guide#configuration-for-your-reverse-proxy Could you share your `docker-compose.yml` as well?
Author
Owner

@mrmoose0 commented on GitHub (Jan 25, 2024):

I don't use reverse proxy, only Authentik as authenticator configured as described. The same configuration works well using self-hosting site. Only OCI give me this problem.

Here the docker-compose file

version: "3"
services:
#UI dashboard
dashboard:
image: wiretrustee/dashboard:latest
restart: unless-stopped
ports:
- 80:80
- 443:443
environment:
# Endpoints
- NETBIRD_MGMT_API_ENDPOINT=https://netbird.example.com:33073
- NETBIRD_MGMT_GRPC_API_ENDPOINT=https://netbird.example.com:33073
# OIDC
- AUTH_AUDIENCE=54hf549kfPAg8lC3edcZ0F6m9hrMVbfisFkOr
- AUTH_CLIENT_ID=54hf549kfPAg8lC3edcZ0F6m9hrMVbfisFkOr
- AUTH_CLIENT_SECRET=
- AUTH_AUTHORITY=https://authentik.example.com/application/o/netbird/
- USE_AUTH0=false
- AUTH_SUPPORTED_SCOPES=openid profile email offline_access api
- AUTH_REDIRECT_URI=
- AUTH_SILENT_REDIRECT_URI=
- NETBIRD_TOKEN_SOURCE=accessToken
# SSL
- NGINX_SSL_PORT=443
# Letsencrypt
- LETSENCRYPT_DOMAIN=netbird.example.com
- LETSENCRYPT_EMAIL=user@example.com
volumes:
- netbird-letsencrypt:/etc/letsencrypt/
networks:
- netbird

Signal

signal:
image: netbirdio/signal:latest
restart: unless-stopped
volumes:
- netbird-signal:/var/lib/netbird
ports:
- 10000:80

# port and command for Let's Encrypt validation

- 443:443

command: ["--letsencrypt-domain", "netbird.example.com", "--log-file", "console"]

networks:
  - netbird

Management

management:
image: netbirdio/management:latest
restart: unless-stopped
depends_on:
- dashboard
volumes:
- netbird-mgmt:/var/lib/netbird
- netbird-letsencrypt:/etc/letsencrypt:ro
- ./management.json:/etc/netbird/management.json
ports:
- 33073:443 #API port

# command for Let's Encrypt validation without dashboard container

command: ["--letsencrypt-domain", "netbird.example.com", "--log-file", "console"]

command: [
  "--port", "443",
  "--log-file", "console",
  "--disable-anonymous-metrics=false",
  "--single-account-mode-domain=netbird.example.com",
  "--dns-domain=cloud72.netb"
  ]
networks:
  - netbird

Coturn

coturn:
image: coturn/coturn:latest
restart: unless-stopped
domainname: netbird.example.com
volumes:
- ./turnserver.conf:/etc/turnserver.conf:ro
# - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
# - ./cert.pem:/etc/coturn/certs/cert.pem:ro
network_mode: host
command:
- -c /etc/turnserver.conf
volumes:
netbird-mgmt:
netbird-signal:
netbird-letsencrypt:
networks:
netbird:
external: true

@mrmoose0 commented on GitHub (Jan 25, 2024): I don't use reverse proxy, only Authentik as authenticator configured as described. The same configuration works well using self-hosting site. Only OCI give me this problem. Here the docker-compose file > version: "3" > services: > #UI dashboard > dashboard: > image: wiretrustee/dashboard:latest > restart: unless-stopped > ports: > - 80:80 > - 443:443 > environment: > # Endpoints > - NETBIRD_MGMT_API_ENDPOINT=https://netbird.example.com:33073 > - NETBIRD_MGMT_GRPC_API_ENDPOINT=https://netbird.example.com:33073 > # OIDC > - AUTH_AUDIENCE=54hf549kfPAg8lC3edcZ0F6m9hrMVbfisFkOr > - AUTH_CLIENT_ID=54hf549kfPAg8lC3edcZ0F6m9hrMVbfisFkOr > - AUTH_CLIENT_SECRET= > - AUTH_AUTHORITY=https://authentik.example.com/application/o/netbird/ > - USE_AUTH0=false > - AUTH_SUPPORTED_SCOPES=openid profile email offline_access api > - AUTH_REDIRECT_URI= > - AUTH_SILENT_REDIRECT_URI= > - NETBIRD_TOKEN_SOURCE=accessToken > # SSL > - NGINX_SSL_PORT=443 > # Letsencrypt > - LETSENCRYPT_DOMAIN=netbird.example.com > - LETSENCRYPT_EMAIL=user@example.com > volumes: > - netbird-letsencrypt:/etc/letsencrypt/ > networks: > - netbird > # Signal > signal: > image: netbirdio/signal:latest > restart: unless-stopped > volumes: > - netbird-signal:/var/lib/netbird > ports: > - 10000:80 > # # port and command for Let's Encrypt validation > # - 443:443 > # command: ["--letsencrypt-domain", "netbird.example.com", "--log-file", "console"] > networks: > - netbird > # Management > management: > image: netbirdio/management:latest > restart: unless-stopped > depends_on: > - dashboard > volumes: > - netbird-mgmt:/var/lib/netbird > - netbird-letsencrypt:/etc/letsencrypt:ro > - ./management.json:/etc/netbird/management.json > ports: > - 33073:443 #API port > # # command for Let's Encrypt validation without dashboard container > # command: ["--letsencrypt-domain", "netbird.example.com", "--log-file", "console"] > command: [ > "--port", "443", > "--log-file", "console", > "--disable-anonymous-metrics=false", > "--single-account-mode-domain=netbird.example.com", > "--dns-domain=cloud72.netb" > ] > networks: > - netbird > # Coturn > coturn: > image: coturn/coturn:latest > restart: unless-stopped > domainname: netbird.example.com > volumes: > - ./turnserver.conf:/etc/turnserver.conf:ro > # - ./privkey.pem:/etc/coturn/private/privkey.pem:ro > # - ./cert.pem:/etc/coturn/certs/cert.pem:ro > network_mode: host > command: > - -c /etc/turnserver.conf > volumes: > netbird-mgmt: > netbird-signal: > netbird-letsencrypt: > networks: > netbird: > external: true
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#584