search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
10.55k stars 473 forks source link

Self-hosting Quickstart: getting-started-with-zitadel.sh: Blank page instead of management interface #1261

Open bernhardkaindl opened 10 months ago

bernhardkaindl commented 10 months ago

Describe the problem After the self-hosting quickstart, https://netbird.mydomain.com/ produces a blank page:

curl https://netbird.mydomain.com/
<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="robots" content="noindex"><meta name="description" content="NetBird Management Dashboard"/><link rel="manifest" href="/manifest.json"/><title>NetBird</title><script defer="defer" src="/static/js/main.6f1f3039.js"></script><link href="/static/css/main.940e3c70.css" rel="stylesheet"></head><body><noscript>NetBird Management Dashboard.</noscript><div id="root"></div></body></html>root@a3:~/bird#

To Reproduce

As of 28/10/2023, I tested both

export NETBIRD_DOMAIN=netbird.mydomain.com; curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started-with-zitadel.sh | bash

and

git clone git@github.com:netbirdio/netbird.git
export NETBIRD_DOMAIN=netbird.mydomain.com
mkdir ~/bird;cd ~/bird
../netbird/infrastructure_files/getting-started-with-zitadel.sh

multiple times. Of course, with this in between to cleanup everything:

# several trieds of
docker compose down --volumes
rm -rf ~/bird/*
docker ps -a # no containers
docker system prune -a

Expected behavior I expect to be able to see the management interface

Screenshots

Rendering initial files...
Initializing Zitadel's CockroachDB
[+] Running 7/7
 ✔ crdb 6 layers [⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                                                                         5.9s 
   ✔ b7bf29fb48be Pull complete                                                                                                                                                                                                          0.9s 
   ✔ 0fd04bcf354a Pull complete                                                                                                                                                                                                          0.4s 
   ✔ 93a012e87355 Pull complete                                                                                                                                                                                                          0.7s 
   ✔ e92bc73c5e15 Pull complete                                                                                                                                                                                                          1.3s 
   ✔ 5502c43a5b8e Pull complete                                                                                                                                                                                                          1.0s 
   ✔ 44d552bd34f2 Pull complete                                                                                                                                                                                                          1.9s 
[+] Running 7/7
 ✔ Network bird_netbird                 Created                                                                                                                                                                                          0.1s 
 ✔ Volume "bird_netbird_crdb_data"      Created                                                                                                                                                                                          0.0s 
 ✔ Volume "bird_netbird_crdb_certs"     Created                                                                                                                                                                                          0.0s 
 ✔ Volume "bird_netbird_caddy_data"     Created                                                                                                                                                                                          0.0s 
 ✔ Volume "bird_netbird_management"     Created                                                                                                                                                                                          0.0s 
 ✔ Volume "bird_netbird_zitadel_certs"  Created                                                                                                                                                                                          0.0s 
 ✔ Container bird-crdb-1                Started                                                                                                                                                                                          3.8s 

Waiting cockroachDB  to become ready  . done

Starting Zidatel IDP for user management

[+] Running 9/9
 ✔ caddy 4 layers [⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                                                                          2.8s 
   ✔ 579b34f0a95b Pull complete                                                                                                                                                                                                          0.4s 
   ✔ 461fe4f467fe Pull complete                                                                                                                                                                                                          0.3s 
   ✔ 9335adc9ff07 Pull complete                                                                                                                                                                                                          0.4s 
   ✔ c32426666f5e Pull complete                                                                                                                                                                                                          0.9s 
 ✔ zitadel 3 layers [⣿⣿⣿]      0B/0B      Pulled                                                                                                                                                                                         2.5s 
   ✔ c170bc198376 Pull complete                                                                                                                                                                                                          0.3s 
   ✔ b00148f65b35 Pull complete                                                                                                                                                                                                          0.3s 
   ✔ 966d91eaa0ad Pull complete                                                                                                                                                                                                          1.0s 
[+] Running 3/3
 ✔ Container bird-caddy-1    Started                                                                                                                                                                                                     0.7s 
 ✔ Container bird-crdb-1     Healthy                                                                                                                                                                                                     0.0s 
 ✔ Container bird-zitadel-1  Started                                                                                                                                                                                                     0.7s 

Initializing Zitadel with NetBird's applications

Waiting for Zitadel's PAT to be created  . . . done
Reading Zitadel PAT
Waiting for Zitadel to become ready  . . . . . . . . . . . . . . . . done
Creating new zitadel project
Creating new Zitadel SPA Dashboard application
Creating new Zitadel SPA Cli application

Rendering NetBird files...

Starting NetBird services

[+] Running 36/22
 ✔ coturn 4 layers [⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                                                                        15.7s 
 ✔ dashboard 11 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                                                              7.7s 
 ✔ signal 14 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿]      0B/0B      Pulled                                                                                                                                                                              9.3s 
 ✔ management 3 layers [⣿⣿⣿]      0B/0B      Pulled              
[+] Running 7/7
 ✔ Container bird-signal-1      Started                                                                                                                                                                                                  1.5s 
 ✔ Container bird-coturn-1      Started                                                                                                                                                                                                  1.5s 
 ✔ Container bird-dashboard-1   Started                                                                                                                                                                                                  1.5s 
 ✔ Container bird-management-1  Started                                                                                                                                                                                                  1.5s 
 ✔ Container bird-caddy-1       Running                                                                                                                                                                                                  0.0s 
 ✔ Container bird-crdb-1        Healthy                                                                                                                                                                                                  0.0s 
 ✔ Container bird-zitadel-1     Running                                                                                                                                                                                                  0.0s 

Done!

You can access the NetBird dashboard at https://bird.a3.free.or.at:443
Login with the following credentials:
Username: admin@bird.a3.free.or.at
Password: PyFforlPLP03Sabkt1RxHboelJ+O13P0JaXMaMoCeac@ # (Of course this login is changed now)

curl https://bird.a3.free.or.at/
<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="robots" content="noindex"><meta name="description" content="NetBird Management Dashboard"/><link rel="manifest" href="/manifest.json"/><title>NetBird</title><script defer="defer" src="/static/js/main.6f1f3039.js"></script><link href="/static/css/main.940e3c70.css" rel="stylesheet"></head><body><noscript>NetBird Management Dashboard.</noscript><div id="root"></div></body></html>

Additional context

Same symtom as #755, where @a7g4 diagnosed:

After some debugging, it looked like the old version of docker-compose (and/or its interaction with podman) I was using wasn't passing through the $AUTH_AUTHORITY env variable.

Replacing podman with docker-engine and using the docker-compose-plugin and it all worked."

Initially, I was running the docker install of Ubuntu 22.04 but upgraded to the latest docker.com repo with the docker-complose-plugin:

docker version
Client: Docker Engine - Community
 Version:           24.0.7
 API version:       1.43
 Go version:        go1.20.10
 Git commit:        afdd53b
 Built:             Thu Oct 26 09:08:26 2023
 OS/Arch:           linux/arm64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.7
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.10
  Git commit:       311b9ff
  Built:            Thu Oct 26 09:08:26 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.24
  GitCommit:        61f9fd88f79f081d64d6fa3bb1a0dc71ec870523
 runc:
  Version:          1.1.9
  GitCommit:        v1.1.9-0-gccaecfc
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

But the issue stayed the same.

I can login to Zitadel at https://$ZITADEL_EXTERNALDOMAIN/ui/console with the generated admin credentials. The Zitadel onboarding process in it is at step 3/6 completed, the netmaker project exists and the user agents "Dashboard" and Cli" are created.

OTOH, the advanced self-hosting guide (using Authentik) worked fine: https://docs.netbird.io/selfhosted/selfhosted-guide#advanced-self-hosting-guide-with-a-custom-identity-provider

bernhardkaindl commented 10 months ago

Checking docker compose logs, I find:

bird-zitadel-1     | time="2023-10-28T10:58:57Z" level=debug msg="language malformed" caller="/home/runner/work/zitadel/zitadel/internal/api/grpc/management/user_converter.go:99" error="language: tag is not well-formed" logID=MANAG-3GUFJ
bird-zitadel-1     | time="2023-10-28T10:59:23Z" level=info msg="lock and generate signing key pair" caller="/home/runner/work/zitadel/zitadel/internal/api/oidc/key.go:168"
bird-zitadel-1     | time="2023-10-28T10:59:27Z" level=debug msg="statement dropped" caller="/home/runner/work/zitadel/zitadel/internal/eventstore/handler/crdb/handler_stmt.go:247" currentSequence="&{238227576919687172 139}" statement="&{user 139 138 238227576919687172 <nil>}"

The caddy log from curl is

bird-caddy-1       | {"level":"debug","ts":1698490824.2971153,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"dashboard:80","duration":0.003194409,"request":{"remote_ip":"129.159.197.211","remote_port":"60050","client_ip":"129.159.197.211","proto":"HTTP/2.0","method":"GET","host":"bird.a3.free.or.at","uri":"/","headers":{"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["bird.a3.free.or.at"],"User-Agent":["curl/7.81.0"],"Accept":["*/*"],"X-Forwarded-For":["129.159.197.211"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"bird.a3.free.or.at"}},"headers":{"Date":["Sat, 28 Oct 2023 11:00:24 GMT"],"Last-Modified":["Fri, 20 Oct 2023 07:36:29 GMT"],"Connection":["keep-alive"],"Server":["nginx"],"Content-Type":["text/html"],"Vary":["Accept-Encoding"],"Etag":["W/\"65322dfd-25a\""]},"status":200}
mlsmaycon commented 10 months ago

hello @bernhardkaindl it seems like something went wrong with your installation. Your domain certificate seems to be invalid.

Can you please run the quick start again after removing your local containers and volumes? Follow this removal guide: https://docs.netbird.io/selfhosted/selfhosted-quickstart#remove

Roeda commented 2 weeks ago

Hello nice people, I face the exact same issue. (I noticed also that zitadel logs has the time in GMT (wrong time zone). while the Database has the right time zone (different than GMT), wonder if it's related ?) I am battling with this error for weeks now @bernhardkaindl did you find a solution ?

bernhardkaindl commented 2 weeks ago

@Roeda: As I said, I found:

OTOH, the advanced self-hosting guide (using Authentik) worked fine: https://docs.netbird.io/selfhosted/selfhosted-guide#advanced-self-hosting-guide-with-a-custom-identity-provider

Authentik is quite cool and has a very nice user experience and graphical web UI. The Authentik dashboard provides a good-looking status view with recent login, authorisation and change events in a table with all events and even as a colored bar chart for the last 7 days. I really could not be happier with it.

I was able to integrate it as SSO for login to Oracle Cloud. The instructions on how to create new applications to authorize in it were easy to follow.

Authentik also allowed me to register multiple MFA devices to authenticate users: TOTP, Windows Hello, FIDO2 keys and Bitwarden passkeys.

I ended up using Authentik as SSO, and while there is another competing SSO that may be similar, I'm not even considering to use something else for now as it works so well.

mlsmaycon commented 2 weeks ago

@Roeda can you share the logs from your management service?

docker compse logs management