SVI/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-03-31 06:34:19 -04:00
Code Issues 3.0k Packages Projects Releases 10 Wiki Activity

Self Hosted quick install with Zitadel - Error 502 - openresty #868

New Issue
Closed
opened 2025-11-20 05:18:55 -05:00 by saavagebueno · 13 comments
saavagebueno commented 2025-11-20 05:18:55 -05:00
Owner
Copy Link

Originally created by @HybridRCG on GitHub (May 10, 2024).

I run the install.
No issues on screen. tells met to go to my domain with this username and password.
I get error 502. Bad Gateway.

Doing a docker PS I see my management server is restarting.

logs for management container as follows. (i replaced my domain name. with example.com

2024-05-10T13:55:18Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://example.com/.well-known/openid-configuration
Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html>

<head></head>

502 Bad Gateway

openresty </html>

This duplicates over and over on every restart of management container.

Tried restarting the server,
Ubuntu 24.04 and tried Ubuntu 22.4.
Updated all updates.
Fixed ip on Ubuntu server running on proxmox.
I use Nginx as on a diffrent container wich portforwards https > 192.168.1.1 , port 443 , with a Lets encrypt SSL through Cloudflare.

Please specify whether you use NetBird Cloud or self-host NetBird's control plane.

NetBird version
Self-hosted : latest

Originally created by @HybridRCG on GitHub (May 10, 2024). I run the install. No issues on screen. tells met to go to my domain with this username and password. I get error 502. Bad Gateway. Doing a docker PS I see my management server is restarting. logs for management container as follows. (i replaced my domain name. with example.com 2024-05-10T13:55:18Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://example.com/.well-known/openid-configuration Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html> <head><title>502 Bad Gateway</title></head> <body> <center><h1>502 Bad Gateway</h1></center> <hr><center>openresty</center> </body> </html> This duplicates over and over on every restart of management container. Tried restarting the server, Ubuntu 24.04 and tried Ubuntu 22.4. Updated all updates. Fixed ip on Ubuntu server running on proxmox. I use Nginx as on a diffrent container wich portforwards https > 192.168.1.1 , port 443 , with a Lets encrypt SSL through Cloudflare. Please specify whether you use NetBird Cloud or self-host NetBird's control plane. **NetBird version** Self-hosted : latest
saavagebueno added the waiting-feedbacktriage-needed labels 2025-11-20 05:18:56 -05:00
saavagebueno commented 2025-11-20 05:18:56 -05:00
Author
Owner
Copy Link

@mlsmaycon commented on GitHub (May 11, 2024):

Hello @HybridRCG can you please share the logs from the management service? you can get them with the following command:

docker compose logs management

@mlsmaycon commented on GitHub (May 11, 2024): Hello @HybridRCG can you please share the logs from the management service? you can get them with the following command: docker compose logs management
saavagebueno commented 2025-11-20 05:18:57 -05:00
Author
Owner
Copy Link

@HybridRCG commented on GitHub (May 11, 2024):

Hi Thanks for the help!

This is some of the log file entries there. They are all identical a few seconds apart.

management-1 | Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html>
management-1 | <head></head>
management-1 |
management-1 |

502 Bad Gateway


management-1 |
openresty
management-1 |
management-1 | </html>
management-1 |
management-1 | 2024-05-11T09:54:53Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://nb.groblers.co.uk/.well-known/openid-configuration
management-1 | Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html>
management-1 | <head></head>
management-1 |
management-1 |

502 Bad Gateway


management-1 |
openresty
management-1 |
management-1 | </html>
management-1 |
management-1 | 2024-05-11T09:55:07Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://nb.groblers.co.uk/.well-known/openid-configuration
management-1 | Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html>
management-1 | <head></head>
management-1 |
management-1 |

502 Bad Gateway


management-1 |
openresty
management-1 |
management-1 | </html>
management-1 |
management-1 | 2024-05-11T09:55:33Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://nb.groblers.co.uk/.well-known/openid-configuration
management-1 | Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html>
management-1 | <head></head>
management-1 |
management-1 |

502 Bad Gateway


management-1 |
openresty
management-1 |
management-1 | </html>
management-1 |

@HybridRCG commented on GitHub (May 11, 2024): Hi Thanks for the help! This is some of the log file entries there. They are all identical a few seconds apart. management-1 | Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html> management-1 | <head><title>502 Bad Gateway</title></head> management-1 | <body> management-1 | <center><h1>502 Bad Gateway</h1></center> management-1 | <hr><center>openresty</center> management-1 | </body> management-1 | </html> management-1 | management-1 | 2024-05-11T09:54:53Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://nb.groblers.co.uk/.well-known/openid-configuration management-1 | Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html> management-1 | <head><title>502 Bad Gateway</title></head> management-1 | <body> management-1 | <center><h1>502 Bad Gateway</h1></center> management-1 | <hr><center>openresty</center> management-1 | </body> management-1 | </html> management-1 | management-1 | 2024-05-11T09:55:07Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://nb.groblers.co.uk/.well-known/openid-configuration management-1 | Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html> management-1 | <head><title>502 Bad Gateway</title></head> management-1 | <body> management-1 | <center><h1>502 Bad Gateway</h1></center> management-1 | <hr><center>openresty</center> management-1 | </body> management-1 | </html> management-1 | management-1 | 2024-05-11T09:55:33Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://nb.groblers.co.uk/.well-known/openid-configuration management-1 | Error: failed reading provided config file: /etc/netbird/management.json: OIDC configuration request returned status 502 with response: <html> management-1 | <head><title>502 Bad Gateway</title></head> management-1 | <body> management-1 | <center><h1>502 Bad Gateway</h1></center> management-1 | <hr><center>openresty</center> management-1 | </body> management-1 | </html> management-1 |
saavagebueno commented 2025-11-20 05:18:57 -05:00
Author
Owner
Copy Link

@mlsmaycon commented on GitHub (May 11, 2024):

It seems like there is an issue with either caddy or zitadel, can you please share all logs?

docker compose logs

@mlsmaycon commented on GitHub (May 11, 2024): It seems like there is an issue with either caddy or zitadel, can you please share all logs? docker compose logs
saavagebueno commented 2025-11-20 05:18:57 -05:00
Author
Owner
Copy Link

@HybridRCG commented on GitHub (May 11, 2024):

logs :

WARN[0000] /home/hybrid/netbird/infrastructure_files/artifacts/docker-compose.yml: version is obsolete
dashboard-1 | + LETSENCRYPT_DOMAIN=nb.groblers.co.uk
dashboard-1 | + LETSENCRYPT_EMAIL=riaangrobler@me.com
dashboard-1 | + NGINX_SSL_PORT=443
dashboard-1 | + '[' nb.groblers.co.uk-x == none-x ']'
dashboard-1 | + certbot -n --nginx --agree-tos --email riaangrobler@me.com -d nb.groblers.co.uk --https-port 443
dashboard-1 | NetBird latest version:
dashboard-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
dashboard-1 | NetBird latest version:
dashboard-1 | Requesting a certificate for nb.groblers.co.uk
dashboard-1 |
dashboard-1 | Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
dashboard-1 | Domain: nb.groblers.co.uk
dashboard-1 | Type: unauthorized
dashboard-1 | Detail: 41.149.60.65: Invalid response from https://nb.groblers.co.uk/.well-known/acme-challenge/bXtOOWgctTOU2-SPDJfxqZpxz4vk32WcuHnek0A5g94: 404
dashboard-1 |
dashboard-1 | Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
dashboard-1 |
dashboard-1 | Some challenges have failed.
signal-1 | 2024-05-11T06:03:10Z INFO signal/cmd/run.go:110: running gRPC backward compatibility server: [::]:10000
signal-1 | 2024-05-11T06:03:10Z INFO signal/cmd/run.go:132: running gRPC server: [::]:80
signal-1 | 2024-05-11T06:03:10Z INFO signal/cmd/run.go:135: signal server version 0.27.4
signal-1 | 2024-05-11T06:03:10Z INFO signal/cmd/run.go:136: started Signal Service
signal-1 | 2024-05-11T06:10:39Z INFO signal/cmd/run.go:110: running gRPC backward compatibility server: [::]:10000
signal-1 | 2024-05-11T06:10:39Z INFO signal/cmd/run.go:132: running gRPC server: [::]:80
signal-1 | 2024-05-11T06:10:39Z INFO signal/cmd/run.go:135: signal server version 0.27.4
signal-1 | 2024-05-11T06:10:39Z INFO signal/cmd/run.go:136: started Signal Service
dashboard-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
dashboard-1 | 2024-05-11 06:03:24,805 WARN received SIGINT indicating exit request
dashboard-1 | 2024-05-11 06:03:24,805 WARN received SIGINT indicating exit request
dashboard-1 | + LETSENCRYPT_DOMAIN=nb.groblers.co.uk
dashboard-1 | + LETSENCRYPT_EMAIL=riaangrobler@me.com
dashboard-1 | + NGINX_SSL_PORT=443
dashboard-1 | + '[' nb.groblers.co.uk-x == none-x ']'
dashboard-1 | + certbot -n --nginx --agree-tos --email riaangrobler@me.com -d nb.groblers.co.uk --https-port 443
dashboard-1 | NetBird latest version:
dashboard-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
dashboard-1 | NetBird latest version:
dashboard-1 | Requesting a certificate for nb.groblers.co.uk
dashboard-1 | 192.168.1.3 - - [11/May/2024:06:10:46 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03D\xC8{\x0By\x10y\xB3\xED\xB1\xB7\xA7\x1F\x05j\xB2R\x8A\x1D[j@\x90;\x03\xA6$\xB9\x92{?U\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:06:10:48 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03?w\xFC\xFE\x9Bv6i" 400 150 "-" "-" "-"
dashboard-1 |
dashboard-1 | Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
dashboard-1 | Domain: nb.groblers.co.uk
dashboard-1 | Type: unauthorized
dashboard-1 | Detail: 41.149.60.65: Invalid response from https://nb.groblers.co.uk/.well-known/acme-challenge/WX7bdhcXbhNji0JqnWAWEntbWirZsuzB0FhfebNp4c8: 404
dashboard-1 |
dashboard-1 | Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
dashboard-1 |
dashboard-1 | Some challenges have failed.
dashboard-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
dashboard-1 | 192.168.1.3 - - [11/May/2024:06:10:53 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xAB\xB4\xC7\xEC\x8E\xC0D]\xBCJ\xD9\x8F\xD3\xAB\xBA<\x0EN>\xF9\x0B\xCC\xCD/+\xD5Y\x13\xC2\x09\x8F\xBB\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:06:11:02 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03e'J\x84\xFB\xEA\xE7\xF4\xA6K\xE7\xF4\x02\x89\xBB;\xD5\x1EE\xD7\x82\x9B;d`G/\xE5\x072\xD9\xB0\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:06:11:11 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03L\xAE\xA0\xE0\x9C\xF8-\x01\x04U\xF9\x88\x87\xAF\x06hI\xF4\x1F\xBB\xE0\x1C\xE3\xB6w\xA19&t\xED\xB2l\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:06:11:18 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xD3\xF2\xA7" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:06:59:54 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xE0@\xE1\x0C\xB1\x03{\x02\x9De\xFB?\xF9{IU}" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:06:59:54 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xA2\xE2J\x9C&\x1C\xCE\xC3%M;\xE9\xBC\xFCkF\xEB.\x89L2#D\x0F\x8C\x1E\xA4\x9C\xF6=\xB6\x9D\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:03 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xB4\x83Y\x97\x95r8V\xE1\x1C\xD7[o4\x1A24u\x0BZr\xA0\xB1E\xE5\x1Eu\xD2\x22\x0EB\x95\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:05 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03#\xEC3\xDD\x9F\x06w,d^X\xCB\xFC\xE6\x09\xE5\xDBT\xC5\xB8\x1A\xFC\x22\x12J9[>utt\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:07 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03B\xBF\xABNJP\xF6\xA4\xEBW\xA5\xA1\xEB\x9C2:F\x90*|'1\x00\x0F\xC2\xEC5&\x97~\xE8!\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:07 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03J\xBD\x03\xE2;\x9E\xC3\xD5\xC6RP\x09\xDA[\x04\xC1m\x15/b\xEA\xABr\x86\x1F\xE2\xE3@\xBE\x17\x0F\x1F\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:49 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xCC\x11&Z\x06\x1D\xEF\xE8\xA3\xDE\x9E\xF8\x1E\xFD\xDClV\x0F:\x9D)?\xED\x1F@R\x96\x9A\xD3!\x8A@\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"

@HybridRCG commented on GitHub (May 11, 2024): logs : WARN[0000] /home/hybrid/netbird/infrastructure_files/artifacts/docker-compose.yml: `version` is obsolete dashboard-1 | + LETSENCRYPT_DOMAIN=nb.groblers.co.uk dashboard-1 | + LETSENCRYPT_EMAIL=riaangrobler@me.com dashboard-1 | + NGINX_SSL_PORT=443 dashboard-1 | + '[' nb.groblers.co.uk-x == none-x ']' dashboard-1 | + certbot -n --nginx --agree-tos --email riaangrobler@me.com -d nb.groblers.co.uk --https-port 443 dashboard-1 | NetBird latest version: dashboard-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log dashboard-1 | NetBird latest version: dashboard-1 | Requesting a certificate for nb.groblers.co.uk dashboard-1 | dashboard-1 | Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: dashboard-1 | Domain: nb.groblers.co.uk dashboard-1 | Type: unauthorized dashboard-1 | Detail: 41.149.60.65: Invalid response from https://nb.groblers.co.uk/.well-known/acme-challenge/bXtOOWgctTOU2-SPDJfxqZpxz4vk32WcuHnek0A5g94: 404 dashboard-1 | dashboard-1 | Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet. dashboard-1 | dashboard-1 | Some challenges have failed. signal-1 | 2024-05-11T06:03:10Z INFO signal/cmd/run.go:110: running gRPC backward compatibility server: [::]:10000 signal-1 | 2024-05-11T06:03:10Z INFO signal/cmd/run.go:132: running gRPC server: [::]:80 signal-1 | 2024-05-11T06:03:10Z INFO signal/cmd/run.go:135: signal server version 0.27.4 signal-1 | 2024-05-11T06:03:10Z INFO signal/cmd/run.go:136: started Signal Service signal-1 | 2024-05-11T06:10:39Z INFO signal/cmd/run.go:110: running gRPC backward compatibility server: [::]:10000 signal-1 | 2024-05-11T06:10:39Z INFO signal/cmd/run.go:132: running gRPC server: [::]:80 signal-1 | 2024-05-11T06:10:39Z INFO signal/cmd/run.go:135: signal server version 0.27.4 signal-1 | 2024-05-11T06:10:39Z INFO signal/cmd/run.go:136: started Signal Service dashboard-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. dashboard-1 | 2024-05-11 06:03:24,805 WARN received SIGINT indicating exit request dashboard-1 | 2024-05-11 06:03:24,805 WARN received SIGINT indicating exit request dashboard-1 | + LETSENCRYPT_DOMAIN=nb.groblers.co.uk dashboard-1 | + LETSENCRYPT_EMAIL=riaangrobler@me.com dashboard-1 | + NGINX_SSL_PORT=443 dashboard-1 | + '[' nb.groblers.co.uk-x == none-x ']' dashboard-1 | + certbot -n --nginx --agree-tos --email riaangrobler@me.com -d nb.groblers.co.uk --https-port 443 dashboard-1 | NetBird latest version: dashboard-1 | Saving debug log to /var/log/letsencrypt/letsencrypt.log dashboard-1 | NetBird latest version: dashboard-1 | Requesting a certificate for nb.groblers.co.uk dashboard-1 | 192.168.1.3 - - [11/May/2024:06:10:46 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03D\xC8{\x0By\x10y\xB3\xED\xB1\xB7\xA7\x1F\x05j\xB2R\x8A\x1D[j@\x90;\x03\xA6$\xB9\x92{?U\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:06:10:48 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03?w\xFC\xFE\x9Bv6i" 400 150 "-" "-" "-" dashboard-1 | dashboard-1 | Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems: dashboard-1 | Domain: nb.groblers.co.uk dashboard-1 | Type: unauthorized dashboard-1 | Detail: 41.149.60.65: Invalid response from https://nb.groblers.co.uk/.well-known/acme-challenge/WX7bdhcXbhNji0JqnWAWEntbWirZsuzB0FhfebNp4c8: 404 dashboard-1 | dashboard-1 | Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet. dashboard-1 | dashboard-1 | Some challenges have failed. dashboard-1 | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. dashboard-1 | 192.168.1.3 - - [11/May/2024:06:10:53 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xAB\xB4\xC7\xEC\x8E\xC0D]\xBCJ\xD9\x8F\xD3\xAB\xBA<\x0EN>\xF9\x0B\xCC\xCD/+\xD5Y\x13\xC2\x09\x8F\xBB\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:06:11:02 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03e'J\x84\xFB\xEA\xE7\xF4\xA6K\xE7\xF4\x02\x89\xBB;\xD5\x1EE\xD7\x82\x9B;d`G/\xE5\x072\xD9\xB0\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:06:11:11 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03L\xAE\xA0\xE0\x9C\xF8-\x01\x04U\xF9\x88\x87\xAF\x06hI\xF4\x1F\xBB\xE0\x1C\xE3\xB6w\xA19&t\xED\xB2l\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:06:11:18 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xD3\xF2\xA7" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:06:59:54 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xE0@_\xE1\x0C\xB1\x03{\x02\x9De\xFB?\xF9{IU}" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:06:59:54 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xA2\xE2J\x9C&\x1C\xCE\xC3%M;\xE9\xBC\xFCkF\xEB.\x89L2#D\x0F\x8C\x1E\xA4\x9C\xF6=\xB6\x9D\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:03 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xB4\x83Y\x97\x95r8V\xE1\x1C\xD7[o4\x1A24u\x0BZr\xA0\xB1E\xE5\x1Eu\xD2\x22\x0EB\x95\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:05 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03#\xEC3\xDD\x9F\x06w,d^X\xCB\xFC\xE6\x09_\xE5\xDBT\xC5\xB8\x1A\xFC\x22\x12J9[>utt\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:07 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03B\xBF\xABNJP\xF6\xA4\xEBW\xA5\xA1\xEB\x9C2:F\x90*|'1\x00\x0F\xC2\xEC5&\x97~\xE8!\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:07 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03J\xBD\x03\xE2;\x9E\xC3\xD5\xC6RP\x09\xDA[\x04\xC1m\x15/b\xEA\xABr\x86\x1F\xE2\xE3@\xBE\x17\x0F\x1F\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-" dashboard-1 | 192.168.1.3 - - [11/May/2024:07:00:49 +0000] "\x16\x03\x01\x00\xB7\x01\x00\x00\xB3\x03\x03\xCC\x11&Z\x06\x1D\xEF\xE8\xA3\xDE\x9E\xF8\x1E\xFD\xDClV\x0F:\x9D)?\xED\x1F@R\x96\x9A\xD3!\x8A@\x00\x008\xC0,\xC00\x00\x9F\xCC\xA9\xCC\xA8\xCC\xAA\xC0+\xC0/\x00\x9E\xC0$\xC0(\x00k\xC0#\xC0'\x00g\xC0" 400 150 "-" "-" "-"
saavagebueno commented 2025-11-20 05:18:57 -05:00
Author
Owner
Copy Link

@mrcxs commented on GitHub (May 11, 2024):

您好,您能分享管理服务的日志吗?您可以使用以下命令获取它们:

docker compose 日志管理

I'm also having issues with 502 when I'm building.

management-1 | 2024-05-11T14:14:17Z INFO management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081 management-1 | 2024-05-11T14:14:17Z INFO management/server/store.go:95: using SQLite store engine management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/cmd/management.go:161: update config with activity store key

@mrcxs commented on GitHub (May 11, 2024): > 您好,您能分享管理服务的日志吗?您可以使用以下命令获取它们: > > docker compose 日志管理 I'm also having issues with 502 when I'm building. `management-1 | 2024-05-11T14:14:17Z INFO management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081 management-1 | 2024-05-11T14:14:17Z INFO management/server/store.go:95: using SQLite store engine management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/cmd/management.go:161: update config with activity store key `
saavagebueno commented 2025-11-20 05:18:57 -05:00
Author
Owner
Copy Link

@HybridRCG commented on GitHub (May 13, 2024):

您好,您能分享管理服务的日志吗?您可以使用以下命令获取它们:
docker compose 日志管理

I'm also having issues with 502 when I'm building.

management-1 | 2024-05-11T14:14:17Z INFO management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081 management-1 | 2024-05-11T14:14:17Z INFO management/server/store.go:95: using SQLite store engine management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/cmd/management.go:161: update config with activity store key

Not sure why you would hijack a thread if the symptoms of your problem is not the same as mine?
Apart from the 502 the errors are totally diffrent. :)

@HybridRCG commented on GitHub (May 13, 2024): > > 您好,您能分享管理服务的日志吗?您可以使用以下命令获取它们: > > docker compose 日志管理 > > I'm also having issues with 502 when I'm building. > > `management-1 | 2024-05-11T14:14:17Z INFO management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081 management-1 | 2024-05-11T14:14:17Z INFO management/server/store.go:95: using SQLite store engine management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/cmd/management.go:161: update config with activity store key ` Not sure why you would hijack a thread if the symptoms of your problem is not the same as mine? Apart from the 502 the errors are totally diffrent. :)
saavagebueno commented 2025-11-20 05:18:57 -05:00
Author
Owner
Copy Link

@mrcxs commented on GitHub (May 13, 2024):

您好,您能分享管理服务的日志吗?您可以使用以下命令获取它们:
docker compose 日志管理

I'm also having issues with 502 when I'm building.
management-1 | 2024-05-11T14:14:17Z INFO management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081 management-1 | 2024-05-11T14:14:17Z INFO management/server/store.go:95: using SQLite store engine management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/cmd/management.go:161: update config with activity store key

Not sure why you would hijack a thread if the symptoms of your problem is not the same as mine? Apart from the 502 the errors are totally diffrent. :)

Nothing to do, he fixed it himself, and the next day he was able to access normally.

@mrcxs commented on GitHub (May 13, 2024): > > > 您好,您能分享管理服务的日志吗?您可以使用以下命令获取它们: > > > docker compose 日志管理 > > > > > > I'm also having issues with 502 when I'm building. > > `management-1 | 2024-05-11T14:14:17Z INFO management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081 management-1 | 2024-05-11T14:14:17Z INFO management/server/store.go:95: using SQLite store engine management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/server/migration/migration.go:114: Table for peer.Peer does not exist, no migration needed management-1 | 2024-05-11T14:14:17Z INFO management/cmd/management.go:161: update config with activity store key ` > > Not sure why you would hijack a thread if the symptoms of your problem is not the same as mine? Apart from the 502 the errors are totally diffrent. :) Nothing to do, he fixed it himself, and the next day he was able to access normally.
saavagebueno commented 2025-11-20 05:18:57 -05:00
Author
Owner
Copy Link

@HybridRCG commented on GitHub (May 13, 2024):

Ah ok.
Any insight ne my problem? :)

Just as a side note... If i use the self hosting quick option... Zitadel does not install if my nginx is pointing to https://ip:443 , Zitadel only installs if Nginx is pointing to http://IP:80.

I get this after the install with nginx on : http:IP/80..
You can access the NetBird dashboard at https://nb.groblers.co.uk

I can obviously not go to http , so trying to go provided adress gives me 502 gateway error.

@HybridRCG commented on GitHub (May 13, 2024): Ah ok. Any insight ne my problem? :) Just as a side note... If i use the self hosting quick option... Zitadel does not install if my nginx is pointing to https://ip:443 , Zitadel only installs if Nginx is pointing to http://IP:80. I get this after the install with nginx on : http:IP/80.. You can access the NetBird dashboard at https://nb.groblers.co.uk I can obviously not go to http , so trying to go provided adress gives me 502 gateway error.
saavagebueno commented 2025-11-20 05:18:58 -05:00
Author
Owner
Copy Link

@zoechi commented on GitHub (Sep 20, 2024):

I installed using NixOS and I saw the same error.
In my case it was a network issue and I had the same errors in the log as #2576

@zoechi commented on GitHub (Sep 20, 2024): I installed using NixOS and I saw the same error. In my case it was a network issue and I had the same errors in the log as #2576
saavagebueno commented 2025-11-20 05:18:58 -05:00
Author
Owner
Copy Link

@nazarewk commented on GitHub (Apr 28, 2025):

Hello @HybridRCG,

We're currently reviewing our open issues and would like to verify if this problem still exists in the latest NetBird version.

Could you please confirm if the issue is still there?

We may close this issue temporarily if we don't hear back from you within 2 weeks, but feel free to reopen it with updated information.

Thanks for your contribution to improving the project!

@nazarewk commented on GitHub (Apr 28, 2025): Hello @HybridRCG, We're currently reviewing our open issues and would like to verify if this problem still exists in the [latest NetBird version](https://github.com/netbirdio/netbird/releases). Could you please confirm if the issue is still there? We may close this issue temporarily if we don't hear back from you within **2 weeks**, but feel free to reopen it with updated information. Thanks for your contribution to improving the project!
saavagebueno commented 2025-11-20 05:18:58 -05:00
Author
Owner
Copy Link

@mlsmaycon commented on GitHub (Jun 1, 2025):

closing issue due to no recent feedback. Feel free to open a new one if the issue persist or reopen if this was a feature request.

@mlsmaycon commented on GitHub (Jun 1, 2025): closing issue due to no recent feedback. Feel free to open a new one if the issue persist or reopen if this was a feature request.
saavagebueno commented 2025-11-20 05:18:58 -05:00
Author
Owner
Copy Link

@disarticulate commented on GitHub (Jul 20, 2025):

just installed via https://docs.netbird.io/selfhosted/selfhosted-quickstart

curl -sSLO https://github.com/netbirdio/netbird/releases/latest/download/getting-started-with-zitadel.sh
# check the script
cat getting-started-with-zitadel.sh
# run the script
export NETBIRD_DOMAIN=x
bash getting-started-with-zitadel.sh

//CADDY error
{
  "level": "error",
  "ts": 1753039521.263012,
  "logger": "http.log.error",
  "msg": "dial tcp: lookup management: i/o timeout",
  "request": {
    "remote_ip": "192.168.241.243",
    "remote_port": "52404",
    "client_ip": "192.168.241.243",
    "proto": "HTTP/3.0",
    "method": "GET",
    "host": "x",
    "uri": "/api/users",
    "headers": {
      "Priority": [
        "u=1, i"
      ],
      "Authorization": [
        "REDACTED"
      ],
      "Sec-Ch-Ua-Mobile": [
        "?0"
      ],
      "Accept-Encoding": [
        "gzip, deflate, br, zstd"
      ],
      "Sec-Fetch-Dest": [
        "empty"
      ],
      "Sec-Ch-Ua-Platform": [
        "\"Windows\""
      ],
      "Sec-Fetch-Mode": [
        "cors"
      ],
      "Accept": [
        "application/json"
      ],
      "Sec-Ch-Ua": [
        "\"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\""
      ],
      "Sec-Fetch-Site": [
        "same-origin"
      ],
      "User-Agent": [
        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
      ],
      "Referer": [
        "https://x/peers"
      ],
      "Content-Type": [
        "application/json"
      ],
      "Accept-Language": [
        "en-US,en;q=0.9"
      ],
      "Cookie": [
        "REDACTED"
      ]
    },
    "tls": {
      "resumed": false,
      "version": 772,
      "cipher_suite": 4865,
      "proto": "h3",
      "server_name": "x"
    }
  },
  "duration": 3.001465715,
  "status": 502,
  "err_id": "bey3jj9sv",
  "err_trace": "reverseproxy.statusError (reverseproxy.go:1390)"
}
netbird_caddy  | {
  "level": "debug",
  "ts": 1753039521.5295088,
  "logger": "http.handlers.reverse_proxy",
  "msg": "selected upstream",
  "dial": "management:80",
  "total_upstreams": 1
}
netbird_caddy  | {
  "level": "debug",
  "ts": 1753039524.389434,
  "logger": "http.handlers.reverse_proxy",
  "msg": "upstream roundtrip",
  "upstream": "management:80",
  "duration": 2.859849788,
  "request": {
    "remote_ip": "192.168.241.243",
    "remote_port": "52404",
    "client_ip": "192.168.241.243",
    "proto": "HTTP/3.0",
    "method": "GET",
    "host": "x",
    "uri": "/api/users",
    "headers": {
      "X-Forwarded-For": [
        "192.168.241.243"
      ],
      "Sec-Ch-Ua-Mobile": [
        "?0"
      ],
      "Referer": [
        "https://x/peers"
      ],
      "Cookie": [
        "REDACTED"
      ],
      "Content-Type": [
        "application/json"
      ],
      "Sec-Fetch-Dest": [
        "empty"
      ],
      "Sec-Fetch-Site": [
        "same-origin"
      ],
      "Accept-Encoding": [
        "gzip, deflate, br, zstd"
      ],
      "User-Agent": [
        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
      ],
      "Priority": [
        "u=1, i"
      ],
      "X-Forwarded-Proto": [
        "https"
      ],
      "Accept-Language": [
        "en-US,en;q=0.9"
      ],
      "Sec-Ch-Ua-Platform": [
        "\"Windows\""
      ],
      "Accept": [
        "application/json"
      ],
      "Sec-Fetch-Mode": [
        "cors"
      ],
      "X-Forwarded-Host": [
        "x"
      ],
      "Via": [
        "3.0 Caddy"
      ],
      "Authorization": [
        "REDACTED"
      ],
      "Sec-Ch-Ua": [
        "\"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\""
      ]
    },
    "tls": {
      "resumed": false,
      "version": 772,
      "cipher_suite": 4865,
      "proto": "h3",
      "server_name": "x"
    }
  },
  "error": "dial tcp: lookup management on 127.0.0.11:53: server misbehaving"
}
netbird_caddy  | {
  "level": "error",
  "ts": 1753039524.38952,
  "logger": "http.log.error",
  "msg": "dial tcp: lookup management on 127.0.0.11:53: server misbehaving",
  "request": {
    "remote_ip": "192.168.241.243",
    "remote_port": "52404",
    "client_ip": "192.168.241.243",
    "proto": "HTTP/3.0",
    "method": "GET",
    "host": "x",
    "uri": "/api/users",
    "headers": {
      "Accept-Language": [
        "en-US,en;q=0.9"
      ],
      "Sec-Ch-Ua-Platform": [
        "\"Windows\""
      ],
      "Content-Type": [
        "application/json"
      ],
      "Sec-Fetch-Dest": [
        "empty"
      ],
      "Sec-Fetch-Site": [
        "same-origin"
      ],
      "Accept-Encoding": [
        "gzip, deflate, br, zstd"
      ],
      "Authorization": [
        "REDACTED"
      ],
      "Priority": [
        "u=1, i"
      ],
      "Sec-Ch-Ua": [
        "\"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\""
      ],
      "Referer": [
        "https://x/peers"
      ],
      "User-Agent": [
        "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
      ],
      "Accept": [
        "application/json"
      ],
      "Sec-Fetch-Mode": [
        "cors"
      ],
      "Sec-Ch-Ua-Mobile": [
        "?0"
      ],
      "Cookie": [
        "REDACTED"
      ]
    },
    "tls": {
      "resumed": false,
      "version": 772,
      "cipher_suite": 4865,
      "proto": "h3",
      "server_name": "x"
    }
  },
  "duration": 2.860090601,
  "status": 502,
  "err_id": "r27161pv9",
  "err_trace": "reverseproxy.statusError (reverseproxy.go:1390)"
}

netbird_management  | Error: failed reading provided config file: /etc/netbird/management.json: failed fetching OIDC configuration from endpoint https://x/.well-known/openid-configuration Get "https://x/.well-known/openid-configuration": dial tcp [::1]:443: connect: connection refused

Can login, but it stalls at https://x/peers with 503

@disarticulate commented on GitHub (Jul 20, 2025): just installed via https://docs.netbird.io/selfhosted/selfhosted-quickstart ``` curl -sSLO https://github.com/netbirdio/netbird/releases/latest/download/getting-started-with-zitadel.sh # check the script cat getting-started-with-zitadel.sh # run the script export NETBIRD_DOMAIN=x bash getting-started-with-zitadel.sh ``` ``` //CADDY error { "level": "error", "ts": 1753039521.263012, "logger": "http.log.error", "msg": "dial tcp: lookup management: i/o timeout", "request": { "remote_ip": "192.168.241.243", "remote_port": "52404", "client_ip": "192.168.241.243", "proto": "HTTP/3.0", "method": "GET", "host": "x", "uri": "/api/users", "headers": { "Priority": [ "u=1, i" ], "Authorization": [ "REDACTED" ], "Sec-Ch-Ua-Mobile": [ "?0" ], "Accept-Encoding": [ "gzip, deflate, br, zstd" ], "Sec-Fetch-Dest": [ "empty" ], "Sec-Ch-Ua-Platform": [ "\"Windows\"" ], "Sec-Fetch-Mode": [ "cors" ], "Accept": [ "application/json" ], "Sec-Ch-Ua": [ "\"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\"" ], "Sec-Fetch-Site": [ "same-origin" ], "User-Agent": [ "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" ], "Referer": [ "https://x/peers" ], "Content-Type": [ "application/json" ], "Accept-Language": [ "en-US,en;q=0.9" ], "Cookie": [ "REDACTED" ] }, "tls": { "resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h3", "server_name": "x" } }, "duration": 3.001465715, "status": 502, "err_id": "bey3jj9sv", "err_trace": "reverseproxy.statusError (reverseproxy.go:1390)" } netbird_caddy | { "level": "debug", "ts": 1753039521.5295088, "logger": "http.handlers.reverse_proxy", "msg": "selected upstream", "dial": "management:80", "total_upstreams": 1 } netbird_caddy | { "level": "debug", "ts": 1753039524.389434, "logger": "http.handlers.reverse_proxy", "msg": "upstream roundtrip", "upstream": "management:80", "duration": 2.859849788, "request": { "remote_ip": "192.168.241.243", "remote_port": "52404", "client_ip": "192.168.241.243", "proto": "HTTP/3.0", "method": "GET", "host": "x", "uri": "/api/users", "headers": { "X-Forwarded-For": [ "192.168.241.243" ], "Sec-Ch-Ua-Mobile": [ "?0" ], "Referer": [ "https://x/peers" ], "Cookie": [ "REDACTED" ], "Content-Type": [ "application/json" ], "Sec-Fetch-Dest": [ "empty" ], "Sec-Fetch-Site": [ "same-origin" ], "Accept-Encoding": [ "gzip, deflate, br, zstd" ], "User-Agent": [ "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" ], "Priority": [ "u=1, i" ], "X-Forwarded-Proto": [ "https" ], "Accept-Language": [ "en-US,en;q=0.9" ], "Sec-Ch-Ua-Platform": [ "\"Windows\"" ], "Accept": [ "application/json" ], "Sec-Fetch-Mode": [ "cors" ], "X-Forwarded-Host": [ "x" ], "Via": [ "3.0 Caddy" ], "Authorization": [ "REDACTED" ], "Sec-Ch-Ua": [ "\"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\"" ] }, "tls": { "resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h3", "server_name": "x" } }, "error": "dial tcp: lookup management on 127.0.0.11:53: server misbehaving" } netbird_caddy | { "level": "error", "ts": 1753039524.38952, "logger": "http.log.error", "msg": "dial tcp: lookup management on 127.0.0.11:53: server misbehaving", "request": { "remote_ip": "192.168.241.243", "remote_port": "52404", "client_ip": "192.168.241.243", "proto": "HTTP/3.0", "method": "GET", "host": "x", "uri": "/api/users", "headers": { "Accept-Language": [ "en-US,en;q=0.9" ], "Sec-Ch-Ua-Platform": [ "\"Windows\"" ], "Content-Type": [ "application/json" ], "Sec-Fetch-Dest": [ "empty" ], "Sec-Fetch-Site": [ "same-origin" ], "Accept-Encoding": [ "gzip, deflate, br, zstd" ], "Authorization": [ "REDACTED" ], "Priority": [ "u=1, i" ], "Sec-Ch-Ua": [ "\"Chromium\";v=\"135\", \"Not-A.Brand\";v=\"8\"" ], "Referer": [ "https://x/peers" ], "User-Agent": [ "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" ], "Accept": [ "application/json" ], "Sec-Fetch-Mode": [ "cors" ], "Sec-Ch-Ua-Mobile": [ "?0" ], "Cookie": [ "REDACTED" ] }, "tls": { "resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h3", "server_name": "x" } }, "duration": 2.860090601, "status": 502, "err_id": "r27161pv9", "err_trace": "reverseproxy.statusError (reverseproxy.go:1390)" } ``` ``` netbird_management | Error: failed reading provided config file: /etc/netbird/management.json: failed fetching OIDC configuration from endpoint https://x/.well-known/openid-configuration Get "https://x/.well-known/openid-configuration": dial tcp [::1]:443: connect: connection refused ``` Can login, but it stalls at https://x/peers with 503
saavagebueno commented 2025-11-20 05:18:58 -05:00
Author
Owner
Copy Link

@disarticulate commented on GitHub (Jul 20, 2025):

Can login, but it stalls at https://x/peers with 503

I resolved this by editting the docker-compose.yaml and adding a custom resolv.conf file:

 #docker-compose.yml
  management:
    image: netbirdio/management:latest
    container_name: netbird_management
    restart: unless-stopped
    networks: [netbird]
    volumes:
      - netbird_management:/var/lib/netbird
      - ./management.json:/etc/netbird/management.json
      - ./resolv.conf:/etc/resolv.conf
    command:
      [
        "--port",
        "80",
        "--log-file",
        "console",
        "--log-level",
        "info",
        "--disable-anonymous-metrics=false",
        "--single-account-mode-domain=netbird.selfhosted",
        "--dns-domain=netbird.selfhosted",
        "--idp-sign-key-refresh-enabled",
      ]
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"

#./resolv.conf
search x
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 1.1.1.1
@disarticulate commented on GitHub (Jul 20, 2025): > Can login, but it stalls at https://x/peers with 503 I resolved this by editting the docker-compose.yaml and adding a custom resolv.conf file: ``` #docker-compose.yml management: image: netbirdio/management:latest container_name: netbird_management restart: unless-stopped networks: [netbird] volumes: - netbird_management:/var/lib/netbird - ./management.json:/etc/netbird/management.json - ./resolv.conf:/etc/resolv.conf command: [ "--port", "80", "--log-file", "console", "--log-level", "info", "--disable-anonymous-metrics=false", "--single-account-mode-domain=netbird.selfhosted", "--dns-domain=netbird.selfhosted", "--idp-sign-key-refresh-enabled", ] logging: driver: "json-file" options: max-size: "500m" max-file: "2" ``` ``` #./resolv.conf search x nameserver 8.8.8.8 nameserver 8.8.4.4 nameserver 1.1.1.1 ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
2021 Q4
2022 Q1
2022 Q1
accessibility
acl
agent
agent
Android
Android
api
authentik
automation
azure
battery-usage
bug
cache
client
client-ui
cloud
cloud-only
cloudflare
community
compatibility
config-idp
config-issue
connection
contribution
coturn
cross-vpn
dashboard
data-usage
distribution
dns
docker
documentation
duplicate
enhancement
enhancement
event-stream
feature-request
freebsd
getting-started
go
good first issue
gui
help wanted
home-assistant
idp
inconsistency
integration
integrations
ios
ipv6
jwt
k8s
keycloak
linux
login
macos
management-service
missing-docs
mobile
moved-internal
needs-review
netbird-ui
networking
new-platform
nginx
notification
okta
openwrt
packaging
peer-management
peer-management
peer-management
performance
postgres
posture-checks
psk
pull-request
Mirrored from GitHub Pull Request
 question
refactor
relay
release
rfc
routes
security
security-related
self-hosting
server
signal
sleep-issue
ssh
ssl
status
store
synology
system-compatibility-issue
test-suite
third-party-integration
triage
triage-needed
troubleshooting
UX
waiting-feedback
windows
wontfix
zitadel
No Label triage-needed waiting-feedback
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
saavagebueno
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#868
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?