Hey Everyone, I’m currently wanting to switch from Headscale to Netbird. It looks like Netbird is much easier to self host now except I can’t get it working with my current Traefik v3.6 config. Here is my config.yaml file for the routers and headers. Any ideas?

Everything loads up fine (from the logs) however I can’t go to the domain address. I have a CNAME record in cloudflare not proxied. The documentation says to set an A record of “netbird.mydomain.com” however wouldn’t that defeat the purpose of the reverse proxy? I have an A record setup already pointing to my public ip and everything gets sent to my traefik reverse proxy.

` ###http:

routers:

netbird-dashboard:
  rule: Host(`netbird.mydomain.com`)
  entryPoints:
    - https
  tls: {} 
  service: dashboard
  priority: 1

netbird-grpc:
  rule: >
    Host(`netbird.mydomain.com`)
    && (PathPrefix(`/signalexchange.SignalExchange/`)
    || PathPrefix(`/management.ManagementService/`))
  entryPoints:
    - https
  tls: {} 
  service: netbird-server-h2c
  priority: 100

  netbird-backend:
  rule: >
    Host(`netbird.mydomain.com`)
    && (PathPrefix(`/relay`)
    || PathPrefix(`/ws-proxy/`)
    || PathPrefix(`/api`)
    || PathPrefix(`/oauth2`))
  entryPoints:
    - https
  tls: {} 
  service: netbird-server
  priority: 100

services:

 dashboard:
  loadBalancer:
    servers:
      - url: "http://netbird/"

 netbird-server:
  loadBalancer:
    servers:
      - url: "http://netbird/"

netbird-server-h2c:
  loadBalancer:
    servers:
      - url: "h2c://netbird:80"

___`

  • Tinkerer@lemmy.caOPEnglish
    2·
    5 hours ago

    Ok looks like I figured it out, turns out Netbird doesn’t like wildcard certificates, I spun up a quick NPM reverse proxy in docker and everything is now working fine using a certificate for netbird.mydomain.com instead of a wildcard cert like *.mydomain.com