search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.25k stars 517 forks source link

Netbird can't reach Zitadel's oidc config #2094

Open zackenbaron opened 5 months ago

zackenbaron commented 5 months ago

Netbird can't reach Zitadel's oidc config

After install via the getting-started-with-zitadel.sh script, the only thing that isn't working is the management panel which can't access ZITADEL's oidc config via the url https://example.com/.well-known/openid-configuration

To Reproduce

Steps to reproduce the behavior:

  1. Go to https://docs.netbird.io/selfhosted/selfhosted-quickstart
  2. Follow the setup instructions showed on the site.

Expected behavior

Clean working install of Netbird in combination with ZITADEL using docker.

Are you using NetBird Cloud?

I'm using self-hosted Netbird on docker.

NetBird version

latest (current date: 4th June 2024)

NetBird status

Docker: 

[root@nb netbird]# docker compose ps
WARN[0000] /root/netbird/docker-compose.yml: `version` is obsolete 
NAME                   IMAGE                             COMMAND                  SERVICE      CREATED          STATUS                          PORTS
netbird-caddy-1        caddy                             "caddy run --config …"   caddy        32 minutes ago   Up 32 minutes                   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 443/udp, 2019/tcp
netbird-coturn-1       coturn/coturn                     "docker-entrypoint.s…"   coturn       30 minutes ago   Up 30 minutes                   
netbird-crdb-1         cockroachdb/cockroach:v22.2.2     "/cockroach/cockroac…"   crdb         32 minutes ago   Up 32 minutes (healthy)         8080/tcp, 26257/tcp
netbird-dashboard-1    netbirdio/dashboard:latest        "/usr/bin/supervisor…"   dashboard    30 minutes ago   Up 30 minutes                   80/tcp, 443/tcp
netbird-management-1   netbirdio/management:latest       "/go/bin/netbird-mgm…"   management   30 minutes ago   Restarting (1) 13 seconds ago   
netbird-signal-1       netbirdio/signal:latest           "/go/bin/netbird-sig…"   signal       30 minutes ago   Up 30 minutes                   
netbird-zitadel-1      ghcr.io/zitadel/zitadel:v2.31.3   "/app/zitadel start-…"   zitadel      32 minutes ago   Up 32 minutes

Docker logs of netbird-management-1:

[root@nb netbird]# docker logs netbird-management-1
2024-06-04T16:31:12Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://example.com/.well-known/openid-configuration
Error: failed reading provided config file: /etc/netbird/management.json: failed fetching OIDC configuration from endpoint https://example.com/.well-known/openid-configuration Get "https://example.com/.well-known/openid-configuration": dial tcp [::1]:443: connect: connection refused

Edit: I'm sorry if this is a duplicate. I haven't looked up in the issues yet.

ChristianLavigne commented 5 months ago

Same here, new install on new linode VM:

2024-06-17T03:24:39Z INFO management/cmd/management.go:455: loading OIDC configuration from the provided IDP configuration endpoint https://myvalidurl.net/.well-known/openid-configuration Error: failed reading provided config file: /etc/netbird/management.json: failed fetching OIDC configuration from endpoint https://myvalidurl.net/.well-known/openid-configuration Get "https://myvalidurl.net/.well-known/openid-configuration": dial tcp [valid resolved ip address]:443: i/o timeout

zackenbaron commented 4 months ago

Update: It somehow is now working for me. I have following docker image IDs:

root@NetBird:~/netbird# docker image ls 
REPOSITORY                TAG         IMAGE ID       CREATED        SIZE
netbirdio/dashboard       latest      5a7297f4000f   44 hours ago   121MB
netbirdio/management      latest      d3e11dfbb72e   2 days ago     158MB
netbirdio/signal          latest      3bb7e215e8bb   2 days ago     45.5MB
coturn/coturn             latest      fb92b2191e80   2 weeks ago    168MB
ghcr.io/zitadel/zitadel   v2.54.3     2279e42e55ec   3 weeks ago    116MB
caddy                     latest      45a3686fbe0f   4 weeks ago    49.4MB
postgres                  16-alpine   4186c86cb8e8   4 weeks ago    252MB

@ChristianLavigne could you try that again too?

ChristianLavigne commented 4 months ago

@zackenbaron The solution I found was to run Zitadel on a separate server.

I wanted to use Zitadel for a number of other things, so it made sense to me to have Zitadel on it's own.