No 'Access-Control-Allow-Origin' header is present on the requested resource.

[deffcolony]

Describe the problem

I am selfhosting netbird on docker together with traefik and authentik.. When i visit netbird.domain.com i get the following error i cannot click on logout because it does nothing... i found the following errors in the console of the browser

Access to fetch at 'https://authentik.domain.com/application/o/netbird/.well-known/openid-configuration' from origin 'https://netbird.domain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. 2731-e746de7d02695f25.js:1

GET https://authentik.domain.com/application/o/netbird/.well-known/openid-configuration net::ERR_FAILED 200 (OK)

My setup

• OS: Ubuntu server 22.04.3 LTS x86_64
• Docker version 25.0.3, build 4debf41
• Traefik as the reverse proxy
• Authentik as the idps

docker-compose.yml

version: "3.8"
services:
  dashboard:
    image: netbirdio/dashboard:latest
    container_name: netbird-dashboard
    environment:
      NETBIRD_MGMT_API_ENDPOINT: https://netbird.DOMAIN.COM:33073
      NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.DOMAIN.COM:33073
      AUTH_AUDIENCE: MY_CLIENT_ID_HERE
      AUTH_CLIENT_ID: netbird-client
#      AUTH_CLIENT_SECRET: 
      AUTH_AUTHORITY: https://authentik.DOMAIN.COM/application/o/netbird/
      USE_AUTH0: false
      AUTH_SUPPORTED_SCOPES: openid profile email offline_access api
#      AUTH_REDIRECT_URI: 
#      AUTH_SILENT_REDIRECT_URI: 
      NETBIRD_TOKEN_SOURCE: accessToken
#      NGINX_SSL_PORT: 443
#      LETSENCRYPT_DOMAIN:  
#      LETSENCRYPT_EMAIL: 
    volumes:
      - ./netbird_container/netbird-letsencrypt:/etc/letsencrypt/
    ports:
      - 9180:80
#      - 9181:443
    restart: unless-stopped
#    labels:
#      - traefik.enable=true
#      - traefik.http.routers.netbird.rule=Host(`netbird.DOMAIN.COM`)
#      - traefik.http.routers.netbird.entrypoints=https
#      - traefik.http.services.netbird.loadbalancer.server.url=http://192.168.1.95:9180
##      - traefik.http.services.netbird-dashboard.loadbalancer.server.port=80
#      - traefik.http.routers.netbird.middlewares=cors
#      - traefik.http.middlewares.cors.headers.accesscontrolallowmethods=GET,OPTIONS,PUT
#      - traefik.http.middlewares.cors.headers.accesscontrolallowheaders=*
#      - traefik.http.middlewares.cors.headers.accesscontrolalloworiginlist=*
#      - traefik.http.middlewares.cors.headers.accesscontrolmaxage=100
#      - traefik.http.middlewares.cors.headers.addvaryheader=true

  signal:
    image: netbirdio/signal:latest
    container_name: netbird-signal
    volumes:
      - ./netbird_container/netbird-signal:/var/lib/netbird
    ports:
      - 10000:80
    # port and command for Let's Encrypt validation
#      - 443:443
    command: ["--letsencrypt-domain", "", "--log-file", "console"]
    restart: unless-stopped
#    labels:
#    - traefik.enable=true
#    - traefik.http.routers.netbird-signal.rule=Host(`netbird.DOMAIN.COM`) && PathPrefix(`/signalexchange.SignalExchange/`)
#    - traefik.http.services.netbird-signal.loadbalancer.server.port=80
#    - traefik.http.services.netbird-signal.loadbalancer.server.scheme=h2c

  management:
    image: netbirdio/management:latest
    container_name: netbird-management
    depends_on:
      - dashboard
    volumes:
      - ./netbird_container/netbird-mgmt:/var/lib/netbird
      - ./netbird_container/netbird-letsencrypt:/etc/letsencrypt:ro
      - ./management.json:/etc/netbird/management.json
    ports:
      - 33073:443 # API port
      # command for Let's Encrypt validation without dashboard container
#    command: ["--letsencrypt-domain", "", "--log-file", "console"]
    command: [
      "--port", "443",
      "--log-file", "console",
      "--disable-anonymous-metrics=false",
      "--single-account-mode-domain=netbird.DOMAIN.COM",
      "--dns-domain=netbird.selfhosted"
      ]
    restart: unless-stopped
#    labels:
#    - traefik.enable=true
#    - traefik.http.routers.netbird-api.rule=Host(`netbird.DOMAIN.COM`) && PathPrefix(`/api`)
#    - traefik.http.routers.netbird-api.service=netbird-api
#    - traefik.http.services.netbird-api.loadbalancer.server.port=443
#    - traefik.http.routers.netbird-management.rule=Host(`netbird.DOMAIN.COM`) && PathPrefix(`/management.ManagementService/`)
#    - traefik.http.routers.netbird-management.service=netbird-management
#    - traefik.http.services.netbird-management.loadbalancer.server.port=443
#    - traefik.http.services.netbird-management.loadbalancer.server.scheme=h2c

  coturn:
    image: coturn/coturn:latest
    container_name: netbird-coturn
    command:
      - -c /etc/turnserver.conf
    domainname: netbird.DOMAIN.COM
    volumes:
      - ./turnserver.conf:/etc/turnserver.conf:ro
#      - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
#      - ./cert.pem:/etc/coturn/certs/cert.pem:ro
    network_mode: host
    restart: unless-stopped

setup.env

# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="netbird.DOMAIN.COM"

# OIDC configuration
NETBIRD_MGMT_IDP="authentik"
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://YOUR_AUTHENTIK_HOST_AND_PORT/application/o/netbird/.well-known/openid-configuration"
NETBIRD_AUTH_AUDIENCE="PROVIDER_CLIENT_ID_HERE"
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE="PROVIDER_CLIENT_ID_HERE"
NETBIRD_IDP_MGMT_CLIENT_ID="PROVIDER_CLIENT_ID_HERE"
NETBIRD_IDP_MGMT_EXTRA_USERNAME="netbird"
NETBIRD_IDP_MGMT_EXTRA_PASSWORD="SERVICE_ACCOUNT_PASSWORD"

# e.g. netbird-client
NETBIRD_AUTH_CLIENT_ID="netbird-client"

# Indicates whether to use Auth0 or not: true or false
NETBIRD_USE_AUTH0="false"
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"

# Enables Interactive SSO Login feature (Oauth 2.0 Device Authorization Flow)
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="PROVIDER_CLIENT_ID_HERE"
NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api"

# If disabled (false) Let's Encrypt will create an account while generating a new certificate.
NETBIRD_DISABLE_LETSENCRYPT="true"
#NETBIRD_LETSENCRYPT_EMAIL="info@DOMAIN.COM"

fileConfig.yml (Traefik)

http:
  routers:
    # netbird router
    netbird:
      entryPoints:
        - https
      rule: 'Host(`netbird.domain.com`)'
      service: netbird

  services:
     # netbird service          
    netbird:
      loadBalancer:
        servers:
          - url: http://192.168.1.95:9180

Context I have disabled SSL inside netbird since my bought domain already provides the SSL (this is with https on netbird.domain.com)

I have followed all steps for authentik at: https://docs.netbird.io/selfhosted/identity-providers#authentik

I am using cloudflare and have enabled gRPC

[jvanbruegge]

Remove the commas from the redirect URLs in authentik

[deffcolony]

@jvanbruegge Thanks removing commas from the redirect URLs in authentik worked for me. Now there is a new problem

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://netbird.domain.com:33073/api/users. (Reason: CORS request did not succeed). Status code: (null) Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://netbird.domain.com:33073/api/groups. (Reason: CORS request did not succeed). Status code: (null) Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://netbird.domain.com:33073/api/peers. (Reason: CORS request did not succeed). Status code: (null) Loading infinity

i am confused on what i have to add for the traefik config at fileConfig.yaml This is my current config:

fileConfig.yaml

http:
  routers:
##======================ROUTERS======================##
    netbird:
      entryPoints:
        - https
      rule: 'Host(`netbird.DOMAIN.COM`)'
      service: netbird

    netbird-signal:
      rule: 'Host(`netbird.DOMAIN.COM`) && PathPrefix(`/signalexchange.SignalExchange/`)'
      service: netbird-signal

    netbird-api:
      rule: 'Host(`netbird.DOMAIN.COM`) && PathPrefix(`/api`)'
      service: netbird-api

    netbird-management:
      rule: 'Host(`netbird.DOMAIN.COM`) && PathPrefix(`/management.ManagementService/`)'
      service: netbird-management
      middlewares:
        - netbird-management-middleware

    netbird-management:
      rule: 'Host(`netbird.DOMAIN.COM`) && PathPrefix(`/management.ManagementService/`)'
      service: netbird-management

##======================SERVICES======================##
  services:     
    netbird:
      loadBalancer:
        servers:
          - url: http://192.168.1.95:9180

    netbird-signal:
      loadBalancer:
        servers:
          - url: "http://192.168.1.95:10000"

    netbird-api:
      loadBalancer:
        servers:
          - url: "http://192.168.1.95:33073"

    netbird-management:
      loadBalancer:
        servers:
          - url: "http://192.168.1.95:33073"
          - scheme: h2c

[deffcolony]

now it works suddenly... i can make a setup key now but... i cannot connect with the netbird client to my setup key I cleared my cloudflare cache and i removed the 33073 port from NETBIRD_MGMT_GRPC_API_ENDPOINT: netbird.domain. com and from NETBIRD_MGMT_API_ENDPOINT: netbird.domain .com

i tried running the docker run command with setup key and domain but it returns a error called

2024-02-18T21:47:35Z INFO client/internal/config.go:217: new Management URL provided, updated to https:// netbird.domain. com (old value https:// netbird.domain. com:443)

2024-02-18T21:47:35Z ERRO client/internal/login.go:105: failed while getting Management Service public key: rpc error: code = Unknown desc = unexpected HTTP status code received from server: 500 (Internal Server Error); transport: received unexpected content-type "text/plain; charset=utf-8"

2024-02-18T21:47:35Z WARN client/cmd/root.go:195: retrying Login to the Management service in 556.795073ms due to error rpc error: code = Unknown desc = unexpected HTTP status code received from server: 500 (Internal Server Error); transport: received unexpected content-type "text/plain; charset=utf-8"

[bmcgonag]

I'm having a similar issue after updating to :latest in the docker-compose that is generated from the configure.sh.

• I also use Authentik self hosted
• The system was working fine before this latest update
• I have a slightly different symptom. I am directed to authentik to authenticate, then when redirected back to Netbird, it just shows the little loading animation forever. I the browser console log I see:

TypeError: NetworkError when attempting to fetch resource. [layout-510c7c5d53efb927.js:1:47753](https://netbird.fixitdelrio.com/_next/static/chunks/app/(dashboard)/layout-510c7c5d53efb927.js)
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://netbird.fixitdelrio.com:33073/api/users. (Reason: CORS request did not succeed). Status code: (null).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://netbird.fixitdelrio.com:33073/api/users. (Reason: CORS request did not succeed). Status code: (null).

TypeError: NetworkError when attempting to fetch resource. [layout-510c7c5d53efb927.js:1:47753](https://netbird.fixitdelrio.com/_next/static/chunks/app/(dashboard)/layout-510c7c5d53efb927.js)
Uncaught (in promise) undefined
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://netbird.fixitdelrio.com:33073/api/users. (Reason: CORS request did not succeed). Status code: (null).

In the compose logs for the management console I see

2024-08-06T21:56:17Z INFO [context: SYSTEM] management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081
Error: failed creating Store: /var/lib/netbird/: jsonfile is not supported. Please refer to the documentation for migrating to SQLite: https://docs.netbird.io/selfhosted/sqlite-store#migrating-from-json-store-to-sq-lite-store
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/cmd/management.go:495: loading OIDC configuration from the provided IDP configuration endpoint https://auth.routemehome.org/application/o/netbird/.well-known/openid-configuration
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/cmd/management.go:500: loaded OIDC configuration from the provided IDP configuration endpoint: https://auth.routemehome.org/application/o/netbird/.well-known/openid-configuration
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/cmd/management.go:502: overriding HttpConfig.AuthIssuer with a new value https://auth.routemehome.org/application/o/netbird/, previously configured value: https://auth.routemehome.org/application/o/netbird/
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/cmd/management.go:506: overriding HttpConfig.AuthKeysLocation (JWT certs) with a new value https://auth.routemehome.org/application/o/netbird/jwks/, previously configured value: https://auth.routemehome.org/application/o/netbird/jwks/
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/cmd/management.go:511: overriding DeviceAuthorizationFlow.TokenEndpoint with a new value: https://auth.routemehome.org/application/o/token/, previously configured value: https://auth.routemehome.org/application/o/token/
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/cmd/management.go:514: overriding DeviceAuthorizationFlow.DeviceAuthEndpoint with a new value: https://auth.routemehome.org/application/o/device/, previously configured value: https://auth.routemehome.org/application/o/device/
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/cmd/management.go:522: overriding DeviceAuthorizationFlow.ProviderConfig.Domain with a new value: auth.routemehome.org, previously configured value: auth.routemehome.org
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/cmd/management.go:532: overriding PKCEAuthorizationFlow.TokenEndpoint with a new value: https://auth.routemehome.org/application/o/token/, previously configured value: https://auth.routemehome.org/application/o/token/
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/cmd/management.go:535: overriding PKCEAuthorizationFlow.AuthorizationEndpoint with a new value: https://auth.routemehome.org/application/o/authorize/, previously configured value: https://auth.routemehome.org/application/o/authorize/
2024-08-06T21:57:18Z INFO [context: SYSTEM] management/server/telemetry/app_metrics.go:177: enabled application metrics and exposing on http://0.0.0.0:8081
Error: failed creating Store: /var/lib/netbird/: jsonfile is not supported. Please refer to the documentation for migrating to SQLite: https://docs.netbird.io/selfhosted/sqlite-store#migrating-from-json-store-to-sq-lite-store

I've done the switch to sqlite previously, so not sure why I'm getting the JSON file error...but maybe that's the issue. i' tried to go through the switch instructions again, but the system said, that a sqlite db file is already in use....so unsure on that front.

Just not sure why I can't access my netbird management pages and dashboard, but it's a hiderance to my productivity for sure.

[deffcolony]

@bmcgonag Hi,

currently my netbird is fully working ill provide you my full setup so you can replicate that and see if this magically fixes your problem and honestly I've started from scratch since then i was sure all configuration was correctly generated so here is my full tutorial:

If you use Cloudflare: Make sure to enable: gRPC Allow gRPC connections to your origin server. (In the network category)

The following command will create a folder called netbird then it will cd into netbird/infrastructure_files

REPO="https://github.com/netbirdio/netbird/"; LATEST_TAG=$(basename $(curl -fs -o/dev/null -w %{redirect_url} ${REPO}releases/latest)); echo $LATEST_TAG; git clone --depth 1 --branch $LATEST_TAG $REPO && cd netbird/infrastructure_files

Configure netbird

Configure netbird using Authentik

1. Go to: Admin interface > Applications > Providers
2. Click on: Create
3. Select: OAuth2/OpenID Provider then click Next
4. Insert the following settings:

• Name: Netbird

• Authentication Flow: default-authentication-flow (Welcome to authentik!)

• Authorization Flow: default-provider-authorization-explicit-consent (Authorize Application)

• Protocol Settings:

  • Client type: Public

    Make sure to save the Client ID because you need to add it later in setup.env

  • Redirect URIs/Origins (RegEx): (Each URI should be entered on a new line) https://netbird.DOMAIN.COM https://netbird.DOMAIN.COM.* http://localhost:53000

• Advanced protocol settings:

  • Access code validity: minutes=10
  • Subject mode: Based on the User's ID

1. Go to: Admin interface > Applications > Applications
2. Click on: Create
3. Insert the following settings:

Name: Netbird Slug: netbird Provider: Netbird

1. Go to: Admin interface > Directory > Users
2. Click on: Create Service account
3. Insert the following settings then click on Create:

Username: netbird Create group: disable Expiring: disable

Make sure to save the username and password because you need to add it later in setup.env

1. Go to: Admin interface > Directory > Groups
2. Click on: authentik Admins
3. Click on: Users
4. Click on: Add existing user
5. Click on: + (Plus icon)
6. Select Netbird and click Add

Verify if the endpoint returns a JSON response by calling it from your browser. https://YOUR_AUTHENTIK_HOST_AND_PORT/application/o/netbird/.well-known/openid-configuration

nano setup.env

Add the following config to setup.env

# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="netbird.DOMAIN.COM"

# OIDC configuration
NETBIRD_MGMT_IDP="authentik"
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://YOUR_AUTHENTIK_HOST_AND_PORT/application/o/netbird/.well-known/openid-configuration"
NETBIRD_AUTH_AUDIENCE="PROVIDER_CLIENT_ID_HERE"
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE="PROVIDER_CLIENT_ID_HERE"
NETBIRD_IDP_MGMT_CLIENT_ID="PROVIDER_CLIENT_ID_HERE"
NETBIRD_IDP_MGMT_EXTRA_USERNAME="netbird"
NETBIRD_IDP_MGMT_EXTRA_PASSWORD="SERVICE_ACCOUNT_PASSWORD"

# e.g. netbird-client
NETBIRD_AUTH_CLIENT_ID="PROVIDER_CLIENT_ID_HERE"

# Indicates whether to use Auth0 or not: true or false
NETBIRD_USE_AUTH0="false"
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"

# Enables Interactive SSO Login feature (Oauth 2.0 Device Authorization Flow)
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="PROVIDER_CLIENT_ID_HERE"
NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api"

# If disabled (false) Let's Encrypt will create an account while generating a new certificate.
NETBIRD_DISABLE_LETSENCRYPT="true"
#NETBIRD_LETSENCRYPT_EMAIL="info@DOMAIN.COM"

NETBIRD_MGMT_API_PORT=443
NETBIRD_SIGNAL_PORT=443

Configure for traefik

nano fileConfig.yml

http:
  routers:

##########################################################
###======================ROUTERS======================###
  ### NetBird - router ###
    netbird:
      entryPoints:
        - https
        - http
      rule: "Host(`netbird.DOMAIN.COM`)"
      service: netbird

  # NetBird API - router
    netbird-api:
      rule: "Host(`netbird.DOMAIN.COM`) && PathPrefix(`/api`)"
      service: netbird-api

  # NetBird Management - router
    netbird-management:
      rule: "Host(`netbird.DOMAIN.COM`) && PathPrefix(`/management.ManagementService/`)"
      service: netbird-management

  # NetBird Signal - Router
    netbird-signal:
      rule: "Host(`netbird.DOMAIN.COM`) && PathPrefix(`/signalexchange.SignalExchange/`)"
      service: netbird-signal

##########################################################
###======================SERVICES======================###
  services:

  ### NetBird - service ###
    netbird:
      loadBalancer:
        servers:
          - url: http://192.168.1.x:9180

  # NetBird API - service
    netbird-api:
      loadBalancer:
        servers:
          - url: http://192.168.1.x:9184

  # NetBird Management - service
    netbird-management:
      loadBalancer:
        servers:
          - url: h2c://192.168.1.x:9184

  # NetBird Signal - service
    netbird-signal:
      loadBalancer:
        servers:
          - url: h2c://192.168.1.x:9182

./configure.sh

cd artifacts && docker compose up -d

The following docker-compose.yml file is just a example for using it with a existing reverse proxy you could replace it existing docker-compose.yml with this one in the artifacts folder but make sure you change the DOMAIN. COM to your domain and the PROVIDER_CLIENT_ID_HERE

services:
  dashboard:
    image: netbirdio/dashboard:latest
    container_name: netbird-dashboard
    restart: unless-stopped
    ports:
      - 9180:80
#      - 443:443
    environment:
      # Endpoints
      NETBIRD_MGMT_API_ENDPOINT: https://netbird.DOMAIN.COM:443
      NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.DOMAIN.COM:443
      # OIDC
      AUTH_AUDIENCE: PROVIDER_CLIENT_ID_HERE
      AUTH_CLIENT_ID: PROVIDER_CLIENT_ID_HERE
      AUTH_CLIENT_SECRET: 
      AUTH_AUTHORITY: https://authentik.DOMAIN.COM/application/o/netbird/
      USE_AUTH0: false
      AUTH_SUPPORTED_SCOPES: openid profile email offline_access api
      AUTH_REDIRECT_URI: 
      AUTH_SILENT_REDIRECT_URI: 
      NETBIRD_TOKEN_SOURCE: accessToken
      # SSL
      NGINX_SSL_PORT: 443
      # Letsencrypt
#      - LETSENCRYPT_DOMAIN=
#      - LETSENCRYPT_EMAIL=
#    volumes:
#      - ./netbird_container/netbird-letsencrypt:/etc/letsencrypt/
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
    networks:
      - proxy

  signal:
    image: netbirdio/signal:latest
    container_name: netbird-signal
    restart: unless-stopped
    volumes:
      - ./netbird_container/netbird-signal:/var/lib/netbird
    ports:
      - 9182:80
  #      # port and command for Let's Encrypt validation
  #      - 443:443
  #    command: ["--letsencrypt-domain", "", "--log-file", "console"]
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
    networks:
      - proxy

  management:
    image: netbirdio/management:latest
    container_name: netbird-management
    restart: unless-stopped
    depends_on:
      - dashboard
    volumes:
      - ./netbird_container/netbird-mgmt:/var/lib/netbird
#      - ./netbird_container/netbird-letsencrypt:/etc/letsencrypt:ro
      - ./management.json:/etc/netbird/management.json
    ports:
      - 9184:443 #API port
  #    # command for Let's Encrypt validation without dashboard container
  #    command: ["--letsencrypt-domain", "", "--log-file", "console"]
    command: [
      "--port", "443",
      "--log-file", "console",
      "--log-level", "info",
      "--disable-anonymous-metrics=false",
      "--single-account-mode-domain=netbird.DOMAIN.COM",
      "--dns-domain=netbird.selfhosted"
      ]
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
    networks:
      - proxy

  coturn:
    image: coturn/coturn:latest
    container_name: netbird-coturn
    restart: unless-stopped
    #domainname: netbird.DOMAIN.COM # only needed when TLS is enabled
    volumes:
      - ./turnserver.conf:/etc/turnserver.conf:ro
    #      - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
    #      - ./cert.pem:/etc/coturn/certs/cert.pem:ro
    network_mode: host
    command:
      - -c /etc/turnserver.conf
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"

networks:
  proxy:
    external: true

I hope this works and that you might see a configuration that was different then my setup

[bmcgonag]

Hey @deffcolony I appreciate it. This is essentially exactly what I have setup.

As I stated, my setup was working, and has been for months now. I have peers that have been connected for a while. I updated the project (using docker compose pull and then docker compose up -d --force-recreate) This this all started happening. I tried to go in and re-run the configure.sh command, which generated new configs, but were no different than my old ones except for that part for my turn server, so I just moved back to the original files in the artifacts folder.

I just don't know what may be causing the issue suddenly. I have a second server I'm running, but this experience makes me very leary of updating it. At the same time, I want something like a VPN to have all the latest stuff for security reasons.

When I get time, i'll go back through and see if I can check line by line against your setup. I don't use Traefik, but everything else should be the same.