The part where Brian configures NetBird with Authentik is just brilliant. It is very detailed and highlights the caveats people might have (e.g., the hosts file point). We will link it to our docs 👍
Great content Brian! Thanks. For better security, you should enable 2FA for Authentik and then add a provider (proxy provider) and application for nginx proxy manager itself, so that the access is protected with 2FA of Authentik, too 🙂
I think if you set NPM to Basic Auth (if possible), then you can use Authentik to login through that (again, just saw an @Cooptonian video that showed something like this).
Hey Brian, Great series. Can you add the notes when you have a minute? I have been wrestling with this exact install. Question: I didn't see the Netbird FQDN being routed via the NPM Proxy. Is that correct? I have all these on the same network, so I was going to route my FQDN via my proxy to the Netbird IP Address internally and then use Authentik to secure it.
I'm adding them now, might take a bit to get it all in, but I'll be referencing my original video notes as well. I updated those links in the description already. Just need to finish the show notes specific to this video.
Did this setup allow a client to connect? I've setup the same thing using Caddy because I read the Nginx Proxy Manager doesn't support gRPC and as a result doesn't allow me to connect clients with whining about expecting an gRPC connection and getting a html/text 1.1 connection. I even ran the script version to find out how it sets up the CaddyFile to make gRPC work, still not working. Let me know when you do the episode showing it connecting to the clients
Hello there! Could you please create a video that talks about open-source email validation system ? Bulk Email Verification Recher mail, AfterShip /email-verifier, truemail
Can you setup the Authentik and Netbird with purchasing two VPS instances? It'd also be nice to be able to use the VPS's for other things like email or website etc.. We're not all made of money
You can. You just need to adjust the ports they run on and adjust the proxy settings for them. It's a bit easier to do it the way I have, but I completely understand.
any one else trying this finish, then when browsing to the nb site, met with error: Application error: a client-side exception has occurred (see the browser console for more information).
I haven't experienced that. If you can say what's in the console, it may help identify the issue.
18 วันที่ผ่านมา +1
Hey really great your video!! This is the best and helpful video guiding this kind of setup that I watched until now! Just one thing that bring me here but unfortunatelly is not covered in your video. My main doubt on how to is set up netbird behind Nginx Proxy Manager. In case I am doing the self-host in on-prem with only one link with fixed public IP, so all of this services need to be behind NPM... Until now I got the NPM and Authentik working smoothly, only Netbird is letting me off. Do you know how to do that way? Thanks
You have to forward all of the ports they specify that aren't related to the web administration pages.
18 วันที่ผ่านมา
@@AwesomeOpenSource Sure! All the ports they mentioned is directly forwarded to the server, and por 80 and 443 is set to NPM. I got the Authentik login page, but after successful login doesnt load management/dashboard page of netbird... But I am about to redo it from scratch following your video and see if it works. Thanks
Great video...but I am kind of stuck. I use HAProxy (pfSense package), Authentik and I would like to setup NetBird. I am missing how to setup Netbird behind the HAProxy... any ideas?
You'll have to forward the web admin ports to your server, and also all of the ranges of ports it needs to that server. Not sure how well it will work. Not used HAProxy, so just not familiar with its setup.
Hi , great videos... but im stuck. :( Getting this error when starting the netbird Docker... >> Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/kernel/domainname: permission denied: unknown
Seems like it's hitting a permission error. Is your user in the docker group? If so, make sure not to bring up docker with sudo, you shouldn't need it. It's talking about the domain specifically, so maybe there's some issue with the domain name you've setup. Make sure it's typed in correctly.
@@AwesomeOpenSource I gave up... could not get this to work. switched from nginx to caddy.. and then the quick start from Netbird worked. I guess the biggest problem was/is to get NGINX to work. The above error is when you use a container and not a VM...
so I been playing around with this and thought about a theory. if you have a server/s laying around and don't want to expose your IP could you do a proxy server on DO then set-up the auth and nb on your home lab? Apply NB agents on all the servers so that they can talk to them like your own private cloud. then the only server on DO is the proxy so you can have a public address.
100%. You can set this up in a ton of different ways, I'm just showing one way to give the basics. But, absolutely set it up how you feel it best works.
Thinking about it more there may be some ssl problem with netbird and auth so probably best that they be in a cloud host area with the proxy but once netbird is up you could host other servers locally with netbird agents.
Dear AOS, this is really at the moment (trust me, been following bunch of well known and quite wholesome homelab enthusiasts) one of the most effective list of resources and tools for IT power-users who want to start something like a business on a budget, very small budget, but are not sure they want to leave everyday job. Also for unemployed (what ever the reason might be) to maybe earn some income. Even for those who aren't in a pinch for money (hard to find, but who knows...) to keep up with the ever changing and evolving tech. I mean, lately, every few months something crazy good comes out. Netbird with free 5/100 tier is amazing for practice as well as small home bizz. Anyways, I am packing 3 laptops and a Pi and right afer installing Netbird time to figure out Authentik - and here comes ... your video. Thx a bunch
I was wondering if there was an open source tool to basically post ideas (like a PasteBin+Forumn combo of sorts) It would be like an Adventure Guild quest board that you see in Fantasy Animes, putting bounties on tasks Except here you could post ideas or a "wanted" list on what FOSS tools/apps are needed in this world to further help the cause of FOSS This is just me thinking out aloud
I think you could use something like Lemmy for this ut there are some borads I've com across in the past that are more specifically for voting on certaint hings. I'll see what I can find.
Very well done, Brian. Thank you a lot, this is good to reproduce, but I miss in general the IPv6 consideration a little bit in parallel to IPv4. I would assume Digital Ocean also provides IPv6 addresses in parallel, don't they? I think, it should not be skipped as many parts in the internet go IPv6 today and also to be future prepared, I would appreciate if you consider IPv6 in parallel within your setups as some things might be slightly different. So please move on as you are doing and thank you!
DO allows you to enable IPv6, but not on by default as I recall. I haven't mastered IPv6 yet for sure, but maybe that's an opportunity for me to get @scottibyte and @ibracorp involved in my series...they can school me on it a bit.
Great content, Brain. I'm longtime fan of the show, and right now I'm trying to create a similar thing as an MSP in my home country. and this series was a great resource for me. I wanted to ask though what if you're trying to create something like what Microsoft did with Azure and Intune for both device and user management but with OSS. where you use one account to access everything, and all service play nicely with each other. thanks for all the efforts you're going through to put this knowledge out for the world
I think SSO is definitely possible. The services playing nicely, is a different story. We are essentially pulling a bunch of different software together. I don't use Microsoft or Intune, but it's one thing to pull a bunch of things together, it's different to own all of it.
Great video and explanation as always! Just a little tip about the authentik setup: you dont need to specify the version of image to pull in both .env and compose file, you just need to match the variable name which is different in this case. When the variable is the same docker will matches the version specified in .env file and use the other one in compose as fallback.
Thank you so much for this tutorial! You have no idea how much I have been looking forward to this! Thank you, you really a great at giving instructions, these videos are valuable ressources!
Thanks for the great video Brian, It took me a few hours to get through this one. I followed a long the whole way. I had a few difficulties as I used a local provider for my servers and the settings were a bit different. Got there in the end. Looking forward to the next one greatly and starting to integrate some of the solutions into my own business I am just starting.
I would recommend something like Borg Backup with BorgWarehouse, as these service don't have a desktop environment, which is needed for PikaBackup to work. The other option that I'll be looking at is URBackup, which is also a nice solution.
any ideas or instructions on authentik/netbird working behind a reverse proxy? Setting this up on a self hosted server with VMs. Nginx, Authentik and Netbird each on its own VM. Got the first two up and running, and netbird installed but issues with netbird able to open to FQDN using nginx and when I conntect with internal IP it fails to communicate with authentik. the FQDN is an issue with the SSL cert being part of netbird and not offered by nginx. Ideas or thoughts would be appreciated.
I finally got it working. basically had to disable the install of the let's encrypt in the setup file. but now it authenticates with Authentik and is stuck on /peers with the animated loading.
Who cares? There's a reason we call these "Public IPs" The IPv4 space isn't very large. All public IPv4 addresses are scanned every day for open ports. No point pretending they are hidden.
Once he’s registered a domain name and pointed DNS records to his IP addresses, those IPs are published for the whole world to see. That’s just how DNS works. Security through obscurity is no security at all.
Thank you and I really appreciate your hard work! I just followed everything in the video and all is working as indented. Only issue I have is connecting do Win Server via RDP through Netbird network.. Maybe you have some information about it?@@AwesomeOpenSource
Absolutely love it! Thank you for this video :)
The part where Brian configures NetBird with Authentik is just brilliant. It is very detailed and highlights the caveats people might have (e.g., the hosts file point). We will link it to our docs 👍
Glad you guys like it, and thank you so very much for such an awesome open source project!
Great content Brian! Thanks. For better security, you should enable 2FA for Authentik and then add a provider (proxy provider) and application for nginx proxy manager itself, so that the access is protected with 2FA of Authentik, too 🙂
It seems, that npm can not be configured for authentik... Has anybody an idea, how to get 2FA for npm?
100%. Just didn't show it yet. But, I'd point folks to @Cooptonian as his Authentik videos are gold!
I think if you set NPM to Basic Auth (if possible), then you can use Authentik to login through that (again, just saw an @Cooptonian video that showed something like this).
Hey Brian, Great series. Can you add the notes when you have a minute? I have been wrestling with this exact install. Question: I didn't see the Netbird FQDN being routed via the NPM Proxy. Is that correct? I have all these on the same network, so I was going to route my FQDN via my proxy to the Netbird IP Address internally and then use Authentik to secure it.
I'm adding them now, might take a bit to get it all in, but I'll be referencing my original video notes as well. I updated those links in the description already. Just need to finish the show notes specific to this video.
Did this setup allow a client to connect? I've setup the same thing using Caddy because I read the Nginx Proxy Manager doesn't support gRPC and as a result doesn't allow me to connect clients with whining about expecting an gRPC connection and getting a html/text 1.1 connection.
I even ran the script version to find out how it sets up the CaddyFile to make gRPC work, still not working.
Let me know when you do the episode showing it connecting to the clients
I can connect, but yes, you may have gRPC issues. It is something they use in Netbird for sure.
Hello there! Could you please create a video that talks about open-source email validation system ? Bulk Email Verification Recher mail, AfterShip /email-verifier, truemail
Let me see what I can dig up.
Can you setup the Authentik and Netbird with purchasing two VPS instances? It'd also be nice to be able to use the VPS's for other things like email or website etc.. We're not all made of money
You can. You just need to adjust the ports they run on and adjust the proxy settings for them. It's a bit easier to do it the way I have, but I completely understand.
any one else trying this finish, then when browsing to the nb site, met with error: Application error: a client-side exception has occurred (see the browser console for more information).
I haven't experienced that. If you can say what's in the console, it may help identify the issue.
Hey really great your video!! This is the best and helpful video guiding this kind of setup that I watched until now!
Just one thing that bring me here but unfortunatelly is not covered in your video.
My main doubt on how to is set up netbird behind Nginx Proxy Manager.
In case I am doing the self-host in on-prem with only one link with fixed public IP, so all of this services need to be behind NPM... Until now I got the NPM and Authentik working smoothly, only Netbird is letting me off.
Do you know how to do that way?
Thanks
You have to forward all of the ports they specify that aren't related to the web administration pages.
@@AwesomeOpenSource Sure! All the ports they mentioned is directly forwarded to the server, and por 80 and 443 is set to NPM. I got the Authentik login page, but after successful login doesnt load management/dashboard page of netbird... But I am about to redo it from scratch following your video and see if it works. Thanks
thank you for the video it is helping me i am juest starting out with netbird selfhost👍👍
Glad I could help!
Great video...but I am kind of stuck. I use HAProxy (pfSense package), Authentik and I would like to setup NetBird. I am missing how to setup Netbird behind the HAProxy... any ideas?
You'll have to forward the web admin ports to your server, and also all of the ranges of ports it needs to that server. Not sure how well it will work. Not used HAProxy, so just not familiar with its setup.
@@AwesomeOpenSource Is this why we didn't set up Netbird behind the Nginx Reverse Proxy? I was wondering that as I went through this yesterday.
Hi , great videos... but im stuck. :(
Getting this error when starting the netbird Docker... >> Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/kernel/domainname: permission denied: unknown
Seems like it's hitting a permission error. Is your user in the docker group? If so, make sure not to bring up docker with sudo, you shouldn't need it. It's talking about the domain specifically, so maybe there's some issue with the domain name you've setup. Make sure it's typed in correctly.
@@AwesomeOpenSource I gave up... could not get this to work. switched from nginx to caddy.. and then the quick start from Netbird worked. I guess the biggest problem was/is to get NGINX to work. The above error is when you use a container and not a VM...
so I been playing around with this and thought about a theory. if you have a server/s laying around and don't want to expose your IP could you do a proxy server on DO then set-up the auth and nb on your home lab? Apply NB agents on all the servers so that they can talk to them like your own private cloud. then the only server on DO is the proxy so you can have a public address.
100%. You can set this up in a ton of different ways, I'm just showing one way to give the basics. But, absolutely set it up how you feel it best works.
Thinking about it more there may be some ssl problem with netbird and auth so probably best that they be in a cloud host area with the proxy but once netbird is up you could host other servers locally with netbird agents.
Dear AOS, this is really at the moment (trust me, been following bunch of well known and quite wholesome homelab enthusiasts) one of the most effective list of resources and tools for IT power-users who want to start something like a business on a budget, very small budget, but are not sure they want to leave everyday job. Also for unemployed (what ever the reason might be) to maybe earn some income. Even for those who aren't in a pinch for money (hard to find, but who knows...) to keep up with the ever changing and evolving tech. I mean, lately, every few months something crazy good comes out. Netbird with free 5/100 tier is amazing for practice as well as small home bizz. Anyways, I am packing 3 laptops and a Pi and right afer installing Netbird time to figure out Authentik - and here comes ... your video. Thx a bunch
Absolutely my pleasure!
Priceless content
Thank you so much!
You make great content Brian, thanks for your hard work! Excited to see the next video
I appreciate that!
Hey bro
Please make one video on zammad ticketing System installation
It's on my list for this series.
It's on my list for this series my friend.
I was wondering if there was an open source tool to basically post ideas (like a PasteBin+Forumn combo of sorts)
It would be like an Adventure Guild quest board that you see in Fantasy Animes, putting bounties on tasks
Except here you could post ideas or a "wanted" list on what FOSS tools/apps are needed in this world to further help the cause of FOSS
This is just me thinking out aloud
I think you could use something like Lemmy for this ut there are some borads I've com across in the past that are more specifically for voting on certaint hings. I'll see what I can find.
Very well done, Brian. Thank you a lot, this is good to reproduce, but I miss in general the IPv6 consideration a little bit in parallel to IPv4. I would assume Digital Ocean also provides IPv6 addresses in parallel, don't they? I think, it should not be skipped as many parts in the internet go IPv6 today and also to be future prepared, I would appreciate if you consider IPv6 in parallel within your setups as some things might be slightly different. So please move on as you are doing and thank you!
DO allows you to enable IPv6, but not on by default as I recall. I haven't mastered IPv6 yet for sure, but maybe that's an opportunity for me to get @scottibyte and @ibracorp involved in my series...they can school me on it a bit.
Great content, Brain. I'm longtime fan of the show, and right now I'm trying to create a similar thing as an MSP in my home country. and this series was a great resource for me. I wanted to ask though what if you're trying to create something like what Microsoft did with Azure and Intune for both device and user management but with OSS. where you use one account to access everything, and all service play nicely with each other. thanks for all the efforts you're going through to put this knowledge out for the world
I think SSO is definitely possible. The services playing nicely, is a different story. We are essentially pulling a bunch of different software together. I don't use Microsoft or Intune, but it's one thing to pull a bunch of things together, it's different to own all of it.
Great video and explanation as always! Just a little tip about the authentik setup: you dont need to specify the version of image to pull in both .env and compose file, you just need to match the variable name which is different in this case. When the variable is the same docker will matches the version specified in .env file and use the other one in compose as fallback.
Yeah, I don't recall at this point if I messed up that tag, or if that's how it was copied from therm, but you're 100% right.
Thank you so much for this tutorial! You have no idea how much I have been looking forward to this! Thank you, you really a great at giving instructions, these videos are valuable ressources!
Glad you like it my friend!
Thanks for the great video Brian, It took me a few hours to get through this one. I followed a long the whole way. I had a few difficulties as I used a local provider for my servers and the settings were a bit different. Got there in the end. Looking forward to the next one greatly and starting to integrate some of the solutions into my own business I am just starting.
Super glad you were able to work though it. Excited that you are coming along with me.
So would pika backup, that you showed in your last video, be a good backup solution for these servers?
I would recommend something like Borg Backup with BorgWarehouse, as these service don't have a desktop environment, which is needed for PikaBackup to work. The other option that I'll be looking at is URBackup, which is also a nice solution.
@@AwesomeOpenSource Thanks for the information!
any ideas or instructions on authentik/netbird working behind a reverse proxy? Setting this up on a self hosted server with VMs. Nginx, Authentik and Netbird each on its own VM. Got the first two up and running, and netbird installed but issues with netbird able to open to FQDN using nginx and when I conntect with internal IP it fails to communicate with authentik. the FQDN is an issue with the SSL cert being part of netbird and not offered by nginx. Ideas or thoughts would be appreciated.
I finally got it working. basically had to disable the install of the let's encrypt in the setup file. but now it authenticates with Authentik and is stuck on /peers with the animated loading.
That may be a GRPC issue. Make sure that you have gRPC traffic allowed through your proxy.
My man i would advice you to not show the IPs in a yt video. Some script kiddie might decide do ddos your stuff.
He just kills the machines when he's done
@@medinarick3I doubt it, since the IPs at 1:57 didnt have anything to do with this video.
yea, I hope it's just for demo because all the services are still available on HTTP.
Who cares? There's a reason we call these "Public IPs" The IPv4 space isn't very large. All public IPv4 addresses are scanned every day for open ports. No point pretending they are hidden.
Once he’s registered a domain name and pointed DNS records to his IP addresses, those IPs are published for the whole world to see. That’s just how DNS works. Security through obscurity is no security at all.
Amazing guide! Thank you. Do you have a shownotes available?
Working on the shownotes now. I got tied up yesterday with a multitude of unexpected issues, and am just now getting to add them.
Thank you and I really appreciate your hard work! I just followed everything in the video and all is working as indented. Only issue I have is connecting do Win Server via RDP through Netbird network.. Maybe you have some information about it?@@AwesomeOpenSource
Well, I'm not sure. Can you reach it via RDP through LAN?
Thank you for the video. The links section seems to be missing for the show notes
Working on the show notes now. I'll have them by the end of day (if all goes better than yesterday anyway).
Thank you for the update; hopefully everything goes well for you
Great has been waiting for this video. Thanks for the video ❤
You are so welcome!
Along with starting a MSP, you should offer documentation services.
100%
@@AwesomeOpenSource You have the best show notes on TH-cam.