Nginx vpn internal domains
How can I expose a service (Manager) only over Netbird VPN using a custom internal domain name?
I have a dedicated server running Nginx and Docker containers (including coturn, netbird-agent), and multiple VMs also running Docker (+ containers and netbird-agents) using multipass. One of the VMs hosts a Django service accessible via manager.domain.com, with Nginx on the dedicated server proxying to VM_IP:8080.
I want to remove public access to manager.domain.com and make Django only accessible through Netbird VPN using manager.domain.internal. When users are connected to the VPN, they should be able to type manager.domain.internal in their browser and access Django.
In Netbird, i can see the Django VM as a peer with the correct Netbird IP and hostname (manager.domain.internal), but im not sure what the best approach is to:
- Set up DNS resolution so manager.domain.internal resolves to see Django website. (no experience with DNS)
- Ensure Django traffic routes securely and only through the VPN.
What's the best way to achieve this using Netbird's DNS or another internal method?
* in netbird settings wildcard we have *.domain.internal
6 Replies
You can route the dns in general, or for a matched domain, to a specific resolver of your choice:
https://docs.netbird.io/how-to/manage-dns-in-your-network#creating-a-nameserver-for-specific-domains
I have read the documentation again i ended up at this spot:
in settings -> networks
DNS domain domain.internal
enabled wildcard routing
Nameservers:
Google DNS | match all domains | 8.8.8.8 8.8.4.4
Networks:
Internal
Resources:
Host | HOST_IP
Host | *.domain.internal
Internal VMs | 192.168.122.0/24
Routing peers:
SRV | 100.67.204.99 | 192.168.122.1 | srv.domain.internal
MANAGER | 100.67.252.15 | 192.168.122.1 | manager.domain.internal
ping manager.domain.internal i see pings from netbird ip
added in nginx server_name manager.domain.com manager.domain.internal;
in browser http://manager.domain.internal -> cant connect to the server
Hope the issue is much more clear now
ok, i specifically got DNS working on my linux to help.
If you can do "ping whatever.domain.internal", and you get the proper IP, then DNS itself is working. You do have to make sure that the correct port is open between the devices in netbird, as well as the host firewall
So i guess "what do your ACL Policies look like"
i just got it working couple minutes ago, i spun up another VM v-netbird-dns that uses dnsmasq and its working properly, although issue is now certificate
It wasnt problem in netbird specifically
The only way i can think of to get a valid certificate is to self-sign something and push it to all machines using that domain.
Your manager.domain.com would work better, so see if you can get the same thing working with that domain i guess?
I had to change my DNS manager from Network Manager -> systemd-resolved in linux to get it to actually resolve that way
So Netbird should be compatible with that
Lemme try something
Yeah, so its easily changable to a custom domain from the settings page
they recommend in there
to not use a real domain
so you don't have troubles with overlapping
so if you use an "internal.yourdomain.com"
then its a real domain, that you can get real SSL certs for if you wanted(Use the "TXT/API" method)
thanks, ill try that