I installed NetBird self hosted server (latest version from Github) on to both Debian 12 and Ubuntu 22.04 / 24.04 DigitalOcean droplets.
Followed the advanced self hosting documentation to the letter, and for the life of me, can't get authentication to work. When accessing Netbird from the public URL, I get redirected to Auth0 correctly, and if I create a user, the user gets authenticated, but I only have access to the /peers page. I get the following errors upon login:
Request failed with status code 500 (internal server error)
Request failed with status code 401 (invalid token)
I can logout without error.
I have a couple of questions:
1) What could be causing the above errors?
2) With Auth0, there is no "admin" user configured during the Netbird install / initialization / first run.
I am sure I am missing something with regards to #2, but documentation has no information regarding adding an admin user or associating admin roles to any other user. I thought there might be a script to kick off a onboarding / admin configuration but, so far I am stumped.
Any help would be appreciated. Happy to provide admin access to the server if needed. This is just a testbed for now.
Configuration files are below. This is currently running on a fresh Debian 12 install on DigitalOcean. 1 core 2GB ram,
Thanks in advance.
Rob.
My Auth0 "setup.env" config is below:
# Dashboard domain. e.g. app.mydomain.com
NETBIRD_DOMAIN="vpn1.ttscontrols.com"
# -------------------------------------------
# OIDC
# e.g., https://example.eu.auth0.com/.well-known/openid-configuration
# -------------------------------------------
NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://ttscontrols.us.auth0.com/.well-known/openid-configuration"
# The default setting is to transmit the audience to the IDP during authorization. However,
NETBIRD_AUTH_AUDIENCE="https://netbird/api"
# e.g. netbird-client
NETBIRD_AUTH_CLIENT_ID="4QUNNXJFLPacuO5rDJfUBE5rXzmWST4k"
# indicates the scopes that will be requested to the IDP
NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api email_verified"
# indicates whether to use Auth0 or not: true or false
NETBIRD_USE_AUTH0="true"
# Updates the preference to use id tokens instead of access token on dashboard
# Okta and Gitlab IDPs can benefit from this
# NETBIRD_TOKEN_SOURCE="idToken"
# -------------------------------------------
# OIDC Device Authorization Flow
# -------------------------------------------
NETBIRD_AUTH_DEVICE_AUTH_PROVIDER="none"
NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID="wFTz2jpgLZq37iNUHamA8YtSiAbJwaO2"
# Some IDPs requires different audience, scopes and to use id token for device authorization flow
# you can customize here:
NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE=$NETBIRD_AUTH_AUDIENCE
NETBIRD_AUTH_DEVICE_AUTH_SCOPE="openid"
NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN=false
# -------------------------------------------
# OIDC PKCE Authorization Flow
# -------------------------------------------
# Comma separated port numbers. if already in use, PKCE flow will choose an available port from the list as an alternative
# eg. 53000,54000
NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS="53000"
# -------------------------------------------
# IDP Management
# -------------------------------------------
# eg. zitadel, auth0, azure, keycloak
NETBIRD_MGMT_IDP="auth0"
# Some IDPs requires different client id and client secret for management api
NETBIRD_IDP_MGMT_CLIENT_ID="beAPMCneTjOGiQbEsKbFhTrlleL7ucIy"
NETBIRD_IDP_MGMT_CLIENT_SECRET="05Ckxm-1yHDgb9SA2lep6PbrNY7jsIQYKqLFHtK8Hrv1gxlgGpt5AWhEWHmwSrAZ"
NETBIRD_IDP_MGMT_EXTRA_AUDIENCE="https://ttscontrols.us.auth0.com/api/v2/"
# -------------------------------------------
# Letsencrypt
# -------------------------------------------
# Disable letsencrypt
# if disabled, cannot use HTTPS anymore and requires setting up a reverse-proxy to do it instead
NETBIRD_DISABLE_LETSENCRYPT=false
# e.g. hello@mydomain.com
NETBIRD_LETSENCRYPT_EMAIL="webmaster@ttscontrols.com"
# -------------------------------------------
# Extra settings
# -------------------------------------------
# Disable anonymous metrics collection, see more information at https://netbird.io/docs/FAQ/metrics-collection
NETBIRD_DISABLE_ANONYMOUS_METRICS=false
# DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
NETBIRD_MGMT_DNS_DOMAIN=iot.ttscontrols.com
I installed NetBird self hosted server (latest version from Github) on to both Debian 12 and Ubuntu 22.04 / 24.04 DigitalOcean droplets. Followed the advanced self hosting documentation to the letter, and for the life of me, can't get authentication to work. When accessing Netbird from the public URL, I get redirected to Auth0 correctly, and if I create a user, the user gets authenticated, but I only have access to the /peers page. I get the following errors upon login:
I can logout without error.
I have a couple of questions: 1) What could be causing the above errors? 2) With Auth0, there is no "admin" user configured during the Netbird install / initialization / first run.
I am sure I am missing something with regards to #2, but documentation has no information regarding adding an admin user or associating admin roles to any other user. I thought there might be a script to kick off a onboarding / admin configuration but, so far I am stumped.
Any help would be appreciated. Happy to provide admin access to the server if needed. This is just a testbed for now.
Configuration files are below. This is currently running on a fresh Debian 12 install on DigitalOcean. 1 core 2GB ram,
Thanks in advance. Rob.
My Auth0 "setup.env" config is below:
docker-compose.yml:
management.json: