NC
NetBird: Community•3w ago
James0007#2836

Setting up Netbird on Proxmox with Authentik and Nginx.

I am rather inexperienced with networking concepts, so I ask your forgiveness beforehand for my dimwittedness. I have a Proxmox server, and on that server I have three Debian LXC containers, one for Nginx and the UI which I have chosen for managing it, one for Authentik, and one I want to setup Netbird in. Authentik and Netbird are going to be run in docker containers within their respective LXC containers. I have gotten as far as running the configure.sh file mentioned in step five of the advanced installation guide for Netbird, and here is the output I get: 
discovering server's public IP
unable to discover server's public IP
loading OpenID configuration from https://MY-DOMAIN.COM/authentik/application/o/netbird/.well-known/openid-configuration to the openid-configuration.json file
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2227  100  2227    0     0   8155      0 --:--:-- --:--:-- --:--:--  8157
Letsencrypt was disabled, the Https-endpoints cannot be used anymore
 and a reverse-proxy with Https needs to be placed in front of netbird!
The following forwards have to be setup:
- https://192.168.1.7:443 -http-> dashboard:80
- https://192.168.1.7:33073/api -http-> management:33073
- https://192.168.1.7:33073/management.ManagementService/ -grpc-> management:33073
- https://192.168.1.7:10000/signalexchange.SignalExchange/ -grpc-> signal:80
- rels://192.168.1.7:33080/relay/ -http-> relay:33080
You most likely also have to change NETBIRD_MGMT_API_ENDPOINT in base.setup.env and port-mappings in docker-compose.yml.tmpl and rerun this script.
 The target of the forwards depends on your setup. Beware of the gRPC protocol instead of http for management and signal!
discovering server's public IP
unable to discover server's public IP
loading OpenID configuration from https://MY-DOMAIN.COM/authentik/application/o/netbird/.well-known/openid-configuration to the openid-configuration.json file
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2227  100  2227    0     0   8155      0 --:--:-- --:--:-- --:--:--  8157
Letsencrypt was disabled, the Https-endpoints cannot be used anymore
 and a reverse-proxy with Https needs to be placed in front of netbird!
The following forwards have to be setup:
- https://192.168.1.7:443 -http-> dashboard:80
- https://192.168.1.7:33073/api -http-> management:33073
- https://192.168.1.7:33073/management.ManagementService/ -grpc-> management:33073
- https://192.168.1.7:10000/signalexchange.SignalExchange/ -grpc-> signal:80
- rels://192.168.1.7:33080/relay/ -http-> relay:33080
You most likely also have to change NETBIRD_MGMT_API_ENDPOINT in base.setup.env and port-mappings in docker-compose.yml.tmpl and rerun this script.
 The target of the forwards depends on your setup. Beware of the gRPC protocol instead of http for management and signal!
Advanced guide - NetBird Docs
3 Replies
James0007#2836
James0007#2836OP•3w ago
The IP is the LAN address for the Netbird container, and not difficult to change, but I'm confused as to what it means by telling me I need to forward 443 -http-> dashboard:80. I feel like it's blatanly obvious and I'm just missing it. Maybe forward requests from 443 outside to port 80 inside? 🤔
Codixer
Codixer•3w ago
So what I do is forwarding 443 to the internal port of the dashboard With docker, that would be the default port, but you'd also have to change the port back to the default in the docker-compose.yml.tmpl Otherwise it tries to bind on 443 and that is already claimed by your RP
James0007#2836
James0007#2836OP•3w ago
Thank you for your reply. I'll try it out sometime in the next few days if my schedule allows me to.

Did you find this page helpful?