Hey Jim! One of our users just shared this video with us. Somehow we missed it. We had a few users that struggled to set up NetBird behind a proxy and had a few issues with Authentik. This video will be definitely useful for these users and the whole NetBird community. Thank you so much for making amazing content! 🎉
@Jims-Garage
2 ай бұрын
@@netbirdio that's great to hear, appreciate the feedback
@GpconnectInfohotspot
2 ай бұрын
So we can not create sub-accounts nor separate networks? why do the open source version is so limited? I will be more than happy to paid a license to be able to have more options !
@netbirdio
2 ай бұрын
@@GpconnectInfohotspot It is not possible to create sub accounts and separate networks within one org account in the cloud version too. What is your use case for that?
@willwullems4371
3 ай бұрын
I discovered this channel about 1.5 months ago. Excellent content and it really helped with improving my homelab. From all homelab channels, it is the best one I have seen so far. Setting up a self hosted VPN was the next step (searched for it an hour ago). Nice to piggyback of your work instead of figuring it out myself.
@Jims-Garage
3 ай бұрын
Welcome aboard! Thanks for the kind feedback.
@_ytuser
3 ай бұрын
Spot on comment! 👌
@ellieminette6463
3 ай бұрын
Jim - you have absolutely some of the best tutorials on YT and do a great job. I would agree with one other comment - I do not use Traefik nor do I have your knowledge and expertise. For me, the Traefik integration makes it difficult for me to implement. However, I completely understand that is your setup so that is how you have it setup. Keep up the great work.
@Jims-Garage
3 ай бұрын
@@ellieminette6463 very kind, thanks. I get it, it's hard to please everyone. For those who need it they can just run the script, albeit it's likely to replicate much of what you already have. Plus, even if you don't do it this way many of the things the script does are still relevant to my explanation.
@OM-rnd
2 ай бұрын
Hi Jim. Thank you for your channel. It was one of the things why I decided to start my home server journey. It’s absolutely fantastic to have comprehensive information how to setup things. My setup is going great and growing every day. One thing I’m struggling now is how to structure my network regarding I’m being CGNAT. Your videos about NetBird and Headscale helped a lot. Could you consider to make a video for newbies with general overview how to structure setup for those pure things stucked without port forwarding. E.g. you have your docker containers, their networks, network of Proxmox VM, your Opnsense/Pfsense and VPS for self hosting NetBird/Headscale and maybe few more things in docker. How to configure flow of data, do you need to have reverse proxy at home and/or at VPS in this setup, do you need DMZ and so on. Just traffic flow and general structure, considering that all vms and basic networks already set up. It sounds like a lot but such video would be a lifesaver for those who just starting out and don’t understand why one needs certain things.
@pandie_me
3 ай бұрын
Hah I just the day before implemented Netbird for my own network, and loving it so far. Good video.
@Jims-Garage
3 ай бұрын
@@pandie_me awesome, how are you finding it?
@pandie_me
3 ай бұрын
@@Jims-Garage I really like it. It helps that the clients feel polished, but between setting up my policies, routes and groups I’m really happy with how it’s working. I’ll be sticking with it for the foreseeable future. 😄
@Jims-Garage
3 ай бұрын
@@pandie_me me too. Just wish Android client supported exit nodes...
@pandie_me
3 ай бұрын
@@Jims-Garage aha yeah, that’d be a pain. Im on my iPhone rotation this year. Haven’t tested an actual exit node on it yet but the defined routes work a treat.
@vmerinom
27 күн бұрын
Thanks for the video, Jim! Regards from Chile
@Jims-Garage
26 күн бұрын
You are welcome!
@arctiinae
2 ай бұрын
FYI - Cloudflare users need to set "Allow gRPC connections to your origin server" to "On" under "Network" for the relevant domain. Without that I get an error on the netbird client: "failed while getting Management Service public key".
@DigisDen
24 күн бұрын
Jim, I'm so glad I watched this video. I have just replaced our works 90 user tailscale that was costing a lot per month per user. I have it set up with a postgres back end and using gsuite for auth, its working brilliantly.
@Jims-Garage
24 күн бұрын
That's amazing and equally daunting! Really interested to hear how this works out. What's performance like?
@DigisDen
23 күн бұрын
@@Jims-Garage I haven't tested performance yet but I will. Its main role is just to allow access to a couple of applications, for the majority, hosted in Google cloud. For devs and it admin, we 781 Google VMs!
@angelahoyt5354
3 ай бұрын
I just found this channel while searching yt for tutorials. This is my first home server. What setup/tutorials of yours should I start out with. Ive installed dockge and a few containers such as dashy, audiobookshelf, etc. I'm feeling overwhelmed but I like a good puzzle.
@Jims-Garage
3 ай бұрын
Hey, welcome to the channel. Most of the early videos are sequential so start with those. Worth setting up a proxy and putting some security in place before you start opening up services to the web (Traefik, CrowdSec, Authentik etc).
@angelahoyt5354
3 ай бұрын
@@Jims-Garage perfect, I will start there. Thank you for your direction.
@PW-72648
2 ай бұрын
The documentation and app itself looks great but with your presentation was even better. Do you use Tailscale still Jim or you are fully on Netbird now?
@Jims-Garage
2 ай бұрын
I'm trialling netbird, so far so good.
@GundamExia88
2 ай бұрын
Nice video, just watched your other headscale/tailscale video... hmm... how would you compare twingate and netbird?
@Jims-Garage
2 ай бұрын
@@GundamExia88 thanks. I'm yet to look into twingate, it's on the list though.
@DanQuinn-mg2wu
17 күн бұрын
Hi James. Once again thanks for another great video. I’d very much like to hear your thoughts on restricting external access to something like this with the addition of hardware attestation. Would you have any thoughts on combining something like a yubbikey with an internal Certificate authority, proxy and Authentik for self hosted VPN access? Your thoughts critical or otherwise would be valued but either way thanks again for another great video they are appreciated
@omerta3393
2 ай бұрын
Hi Jim, thanks for another awesome video. I did setup netbird, authentik works but dashboard just stuck on loading, I saw several people had that issue too, did you notice same kind of issue yourself?
@Jims-Garage
2 ай бұрын
@@omerta3393 thanks, which dashboard?
@dionisierus5055
2 ай бұрын
I have the same issue. First time I try to open Netbird, it just hangs at the "Peers - NetBird Dashboard" page title and /peers web address.
@Jims-Garage
2 ай бұрын
@@dionisierus5055 do you have all of the domains, subdomains setup? Double checked the config for Authentik?
@dionisierus5055
2 ай бұрын
Thanks Jim. I did double check and it looks OK. Authentik only shows successful logins for the Netbird user and the container logs do not have anything suspicious. There is also a github issue raised that is matching the symptoms but they talk more about cert issues - none in my logs. Will try to build it without traefik and see.
@dionisierus5055
2 ай бұрын
managed to solve this with a few tweaks but I believe the main one was adding "@docker" at the end of "traefik.http.routers.netbird-management.service=netbird-management" label. I noticed an error in the logs of traefik after I rebooted the container - it could not find the IP
@kiranjadhav4125
Ай бұрын
Great video Jim. How do you update (to the latest container image) of this stack in docker?
@Jims-Garage
Ай бұрын
Shut down, delete and redeploy (if you have a volume mapped you won't lose the data). Otherwise you can use docker pull, or something like watchtower which I've recently covered (auto update).
@john__johnson
3 ай бұрын
Thanks Jim. I'll give it a test against wireguard this weekend.
@WoKo65
24 күн бұрын
Hi Jim, great channel. If one puts this on a small VPS, and have all other homelab servers/containers at home behind a cgnat / opnsense box, would this work ? I am thinking of a scenario like you presented some time ago for the headscal/tailscale solution. Thanks for your interesting videos !
@Jims-Garage
24 күн бұрын
Yes, this is a perfect solution for cirumventing the limitations of CGNAT.
@WoKo65
24 күн бұрын
Thanks, just to clarify: Traefik only on the VPS, open relevant ports at my local opnsense, and my local lan would be the "proxy" subnet ?
@pksrbx292
3 ай бұрын
here we go =D Lets see if with your help i can set this up thanks for the excelent content
@Jims-Garage
3 ай бұрын
You're most welcome. To start with you can copy and paste my configs. Once it works I'd start subbing out values e.g., keys etc (you'll need to change domain name regardless).
@pksrbx292
3 ай бұрын
@@Jims-Garage the problem is that im using NGXPM and i can't make it work =(
@june012006
2 ай бұрын
Have you used the Android client with it? I'm connected, but can't reach any other clients, or be reached.
@zhiyigong6056
2 ай бұрын
Hey, how do you use the exit node funcion to create a self hosted VPN at home, so I can connect to it from anywhere else? I tried setting up one myself but nothing shows up in the exit nodes routes tab on a peer laptop?
@Jims-Garage
2 ай бұрын
On the node you want you need to advertise as exit node then add a route as I show in the video.
@virtual-riot
2 ай бұрын
One question, why in the exit node configuration it only allows me to choose the UBUNTU machine and not the other one, for example the Windows machine?
@Jims-Garage
2 ай бұрын
On the windows machine, add it as an exit node
@Michael-v3v2u
13 күн бұрын
Do your domain need to be pointed at the web for this to work?
@Jims-Garage
13 күн бұрын
@@Michael-v3v2u yes (albeit if you're behind cgnat you can put a node in the cloud and route through that to internal).
@TheXalloumi
2 ай бұрын
thanks again for your tutorials. i am running the single traefik approach with the -external labels. however i am unable to access netbird UI using my mobile phone (authentication error). it seems that the redirection is not working correctly. i must say, that my current router does not support nat hairpin, so i used unbound to create a corresponding a-record. any hint?
@Jims-Garage
2 ай бұрын
@@TheXalloumi anything in the logs? Usually it's a config error
@TheXalloumi
2 ай бұрын
@@Jims-Garage . the only errors i have are in traefik.log, : ERR error="service \"netbird-management\" error: unable to find the IP address for the container \"/artifacts-management-1\": the server is ignored" container=management-artifacts-a5c7289b9ce0b02a37a594871dd78df1a9f5f19d409744b2c2bb3fbc44b2a5ba providerName=docker 2024-08-01T19:45:50+03:00 ERR error="service \"api\" error: unable to find the IP address for the container \"/artifacts-management-1\": the server is ignored" container=management-artifacts-a5c7289b9ce0b02a37a594871dd78df1a9f5f19d409744b2c2bb3fbc44b2a5ba providerName=docker any hint?
@ryanarnold2293
2 ай бұрын
Thanks Jim! Have you tried this on Kubernetes yet?
@Jims-Garage
2 ай бұрын
@@ryanarnold2293 yes, I've spun it up but haven't started to use it yet.
@ryanarnold2293
2 ай бұрын
@@Jims-Garage Any caveats compared to the Docker setup? I want to try this on my k3s cluster with Traefik
@Glatze603
3 ай бұрын
Nice but a bit diffucult when deploing in your homelab behind traefik and authentik. I prefer using it on a small vps.
@Jims-Garage
3 ай бұрын
Yes, I get that, makes sense in many ways. Good to have both options.
@ramomammah
3 ай бұрын
Hi Jim, do you need a static IP to run this as a self hosted VPN instance?
@Jims-Garage
3 ай бұрын
@@ramomammah no, you can use DDNS (like I do) to ensure your domain record remains accurate.
@ramomammah
2 ай бұрын
@@Jims-Garage Thanks! Do you use cloudflare for example to point the DDNS address to your machine hosting netbird?
@Jims-Garage
2 ай бұрын
@@ramomammah yes. Add the record in Cloudflare or any supported domain registrar and then configure DDNS to keep it up to date (there are specific docker containers for it and can also be done with firewalls that support it)
@ashoktvm
2 ай бұрын
Is there limit for number of users. Or is it paid for more users?
@Jims-Garage
2 ай бұрын
@@ashoktvm there's no limit on users that I'm aware of
@Metzlmane
3 ай бұрын
Why did you use Authentik instead of zitadel? Just curious since I redo my whole setup. Which one do you prefer?
@Jims-Garage
3 ай бұрын
As I mention in the video I use Authentik as it does everything Zitadel does plus it has the option of a proxy for apps that don't support OAuth
@JohnWeland
3 ай бұрын
Is there a use case for a stack deployed VPN like this vs setting up a VPN on my router (I have Unifi, so I think I have a few options)
@Jims-Garage
3 ай бұрын
They're completely different types of VPNs, one is point to point (Unifi) and the other is a mesh. It depends what you want. Both should be equally performant.
@avidflyer17
3 ай бұрын
Hello Jim ! Nice video ! On my end, I like Twingate. Why would you choose this instead of Twingate ? ;) See ya !
@Jims-Garage
3 ай бұрын
@@avidflyer17 thanks. No idea 😂 I'm yet to investigate. I'll put on the list!
@pksrbx292
21 күн бұрын
Can someone here help me i did everything like the video, and i tried on my phone outside from my home network and it connects but none of my computers inside my network connect. the problem seems to be with port 33080 the relay one i dont have a redirect anywere so why does it work from the outside and from inside it doesnt work?
@Jims-Garage
21 күн бұрын
I believe the Netbird app was updated right after I published the video changing things with the relay. I'll have to do an update...
@magnusnelenius649
10 күн бұрын
@@Jims-Garage Is the update still in the plan?
@HunterGeophysicsAustralia
2 ай бұрын
18:06, nope, won't log in. I see the pulsating orange vertical lines on black background, then it redirects to Authentik for a second, then back to the orange lines, but then I just get a 404 error and it remains stuck on the black page with orange lines. :/
@Jims-Garage
2 ай бұрын
Check your Traefik labels for a typo, I initially had that issue.
@user-qh5zz7dy1h
2 ай бұрын
Thanks Jim! Zitadel or Authentik which you like more? //edited :)
@Jims-Garage
2 ай бұрын
@@user-qh5zz7dy1h I like them both, but I prefer Authentik for a homelab as it has the proxy option for all the homelab apps that don't support oauth2.
@user-qh5zz7dy1h
2 ай бұрын
@@Jims-Garage damn, you're faster than I edit my comments haha, thanks! That helped me a lot to decide :)
@Shaq2k
2 ай бұрын
A video on how to set up authentik proxy would be nice. For apps that don't have oauth
@Jims-Garage
2 ай бұрын
@@Shaq2k think I did that for my first Authentik video
@magnusnelenius649
16 күн бұрын
I have struggled a lot with the coturn container. I get this repeated log error: "bind: Address already in use Cannot bind local socket to addr: Address already in use 2: (1): WARNING: Trying to bind fd 348 to : errno=98 2: (1): WARNING: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:3478 2: (1): INFO: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:3478, again..." Everything else is workning and I can follow along with all the instructions in the video. It is also possible to ping the different peers as long as they are in the same LAN but as soon as I turn off WiFi in my android phone, I can no longer ping the other peers 😞 and vice versa. I also loose the connection to the netbird admin page as soon as I connect the Netbird client on my Windows maskin. Can this also be part of the newely released client problem or is this something else?
@djsmeguk
3 ай бұрын
The current lack of BSD support makes it difficult to integrate with OPNsense and other similar firewalls.. Edit: they _do_ have BSD, pfsense and opnsense on their roadmap, but it doesn't seem like it's very active. They seem to have some initial support for BSD, but it looks like you're building it from source, which isn't super helpful.
@Jims-Garage
3 ай бұрын
I agree, same with Android mobile and exit nodes. They're a small team but they've achieved a lot so far. Fingers crossed they deliver, would be ace to have it in OPNSense.
@djsmeguk
3 ай бұрын
@@Jims-Garage yeah, it's definitely a product to watch and good luck to them
@Jims-Garage
3 ай бұрын
@@djsmeguk 💯
@chrisa.1740
2 ай бұрын
This limitation is exactly why I passed over Netbird when first seeing their product about a year ago. I'm hopeful they will eventually have OPNsense support, though!
@GeekendZone
3 ай бұрын
My question was: Do you need to open ports like WireGuard?
@Jims-Garage
3 ай бұрын
Yes
@netbirdio
2 ай бұрын
For the control layer (management). For the clients you won't need to open ports.
@DanielSouzaMiranda
3 ай бұрын
Hi there.. one more awesome tutorial!
@Jims-Garage
3 ай бұрын
Glad you liked it! Thanks.
@geemobile6037
3 ай бұрын
Has anyone done a speed test of WireGuard vs NetBird? I’m asking as I’ve used both but with different implementations, self hosted vs cloud. And I did notice a speed difference. But I’d like to know the difference with both self hosted.
@Jims-Garage
3 ай бұрын
I will look to do some, there's a few on Reddit.
@toddselby443
3 ай бұрын
Thanks for the great video.
@comosaycomosah
3 ай бұрын
Currently trying to setup netbird on oracle hub and spoke network and connect to home network.....its not easy lol would be absolutely baller if you had a tutorial of this sometime 💀
@GuilhermeMarquesMachado
Ай бұрын
Trying to understand why my coturn server is not working
@magnusnelenius649
17 күн бұрын
I have struggled a lot with the coturn server as well. I get this repeated log error: "bind: Address already in use Cannot bind local socket to addr: Address already in use 2: (1): WARNING: Trying to bind fd 348 to : errno=98 2: (1): WARNING: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:3478 2: (1): INFO: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:3478, again..." Everything else is workning and I can follow along with all the instructions in the video. It is also possible to ping the different peers as log as the are in the same LAN but as soon as I turn off WiFi in my android phone, I can no longer ping the other peers 😞 and vice versa. Any suggestions where to look/troubleshoot is most appreciated.
@EDIIIZ
3 ай бұрын
Netbird is nice but their mobile clients are still rough, but in 1-2 years its gonna be wild. 😁
@Jims-Garage
3 ай бұрын
@@EDIIIZ yeah, seems to be some truth in that
@sergefedorow8430
3 ай бұрын
Great! Thanks!
@Jims-Garage
3 ай бұрын
You're welcome!
@PazzaPlays
3 ай бұрын
Thank you :D
@Jims-Garage
3 ай бұрын
No problem!
@malzbier1339
3 ай бұрын
As always 👍🏻
@Jims-Garage
3 ай бұрын
Thanks again!
@MikeDeVincentis
3 ай бұрын
Do you have a video on how to use vscode?
@Jims-Garage
3 ай бұрын
Yes
@Snoekverslaafde
3 ай бұрын
No simpler docker way without all the treafik etc? This is for many people a way to complicated way. No offence.
@Jims-Garage
3 ай бұрын
@@Snoekverslaafde check the video at the start, there's a single click script that does everything for you.
@jonathandoe7490
3 ай бұрын
Was meaning to ask on the headscale video and forgot, but would it be possible to include docker compose files that do not have all the traefik stuff. I think alot of people including myself use NPM and it would be easier to follow along with a file like that, not just this video but there have been others. Up to you only ask you to consider this.@@Jims-Garage
@Snoekverslaafde
3 ай бұрын
@@Jims-Garage Not working if you on lets say a Synology
@Jims-Garage
3 ай бұрын
@@Snoekverslaafde what error do you receive?
@Snoekverslaafde
3 ай бұрын
@@Jims-Garage I can only install it as a docker stack. And that is Netbird only. All other things you show in the video dont work. And after it runs i cant acces lan from outside.
@demanuDJ
3 ай бұрын
Sorry but netbird is $hit... It have so much issues that this is not production ready and not something I want to use in any scenario. Still Tailscale wins, Netbird s*cks. Tailscale also has amazing support, Netbird is just a toy for kids with no support, any support.
@M.s3rv
3 ай бұрын
Nice, been waiting for this. Have you heard about defguard?
@Jims-Garage
3 ай бұрын
Only in discord, it's on the list
@Glatze603
3 ай бұрын
defguard looks interesting, too!
@Xpider-dev
2 ай бұрын
Jim please help. How to use netbird. Like im making a dockerswarm connect the workers. And deploy apps in the worker access them from managers ip?
Пікірлер: 139