[SUPPORT] NetBird

[pugnobellum]

Hello friends, I have been reading this forum and others with no success so far. I am on the latest Unraid version (6.12.12), running Authelia (v4.38.10) as my identity provider and SWAG for reverse proxy. I am using docker compose method, I attached my docker-compose.yml I am using in Unraid compose manager, all the four containers spin up no problem. Also attached my Authelia configuration.yml and my SWAG netbird.subdomain.conf. I followed the SWAG info in the post, the Authelia I had to figure out a lot on my own and I have it mostly working I think. But when I navigate to netbird.example.com I get this error:

 

error"invalid_request"

error_description"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. The 'redirect_uri' parameter does not match any of the OAuth 2.0 Client's pre-registered 'redirect_uris'."

So not sure if I just have the wrong redirect_uri or not, I have tried many. Appreciate any feedback. https://docs.netbird.io/selfhosted/identity-providers "NetBird supports generic OpenID (OIDC) protocol allowing for the integration with any IDP that follows the specification." Thanks!

 

edit: forgot to add this as well as further info: https://github.com/authelia/authelia/discussions/7185

 

edit 2:

Ok I have made some progress actually! It still might be a NetBird issue but here is my Authelia logs: https://pastebin.com/6tDHV4WR

 

with netbird.pugnobellum.com I am sent to this screen after successfully logging in.

And when I click accept it goes to this for 15-20 seconds then back to the Consent Request Screen:

 

when I hit f12 on firefox I get:

The resource at “https://netbird.pugnobellum.com/_next/static/media/7385e8d9d3c5518f-s.p.ttf” preloaded with link preload was not used within a few seconds. Make sure all attributes of the preload tag are set correctly. peers Object { code: 401, message: "token expired" } layout-8d9e50216f3f6630.js:1:38097 Object { code: 401, message: "token expired" } layout-8d9e50216f3f6630.js:1:38097 Object { code: 401, message: "token expired" } layout-8d9e50216f3f6630.js:1:38097 Object { code: 401, message: "token expired" }

 

 

configuration.yml docker-compose.yml netbird.subdomain.conf

Edited August 22 by pugnobellum
added github post with related issue

[Espressomatic]

I gave Netbird a go and everything on the Unraid side seems to have gone smoothly and appeared to be working (using Netbird's own server as coordinator). Unfortunately I couldn't get it to sign in or authorize on my iOS devices (strictly a Netbird issue, nothing to do with the docker containers here). After finding many dozens of people complaining about the same thing, I had to try something else - connecting from iPhones and iPads is 99% of the reason to have this set up.

 

Tailscale was an even easier install and pretty much "just worked." I hate to even call it an install as it was no more than hitting the app-store, clicking on an app and logging in. Repeat for other devices, including Unraid where TS is available as a plugin.

 

If the Netbird folks can get their iOS app working (again?) I'd really like to give this another shot - especially if we might have the possibility of seeing the client as an Unraid plugin in the future.

 

As a comparison, Tailscale is easy to get going, but I'm not a big fan of how convoluted they make their whole management. It's like the first steps are a few dots of sauce on an empty plate, easy to see, easy to understand. Then they throw a giant pot full of spaghetti on top and leave you to sort it out. 🤣 There's apparently no way to even rename your users or put a custom icon on them. If this were an organization account, I have no idea how anyone could possibly manage it. I haven't tried the self-hosted custom coordination server Headscale, hopefully that's cleaner.

Edited September 22 by Espressomatic