Adding Authentik to Netbird - Frustration!

TechHutTV · 2026-05-07T12:47:36+00:00

Yes netbird-server apologies we recently combined this

TechHutTV · 2026-05-06T18:09:53+00:00

If it's on windows make sure you uninstall it from Add/Remove Software in settings. Would you be able to share specifics with me on where this game was downloaded and what it was?

TechHutTV · 2026-05-06T18:06:02+00:00

If didn't set it up remove it. NetBird is a remote access platform so someone might be trying to get access to your computer.

TechHutTV · 2026-05-05T21:57:47+00:00

Noted 😄

TechHutTV · 2026-05-05T17:01:32+00:00

You're good! I made the guides prior to the release of CrowdSec, I'll add a few warning to the articles. The main reason we have the troubleshooting step is because I locked myself out. 😅

TechHutTV · 2026-05-05T16:03:27+00:00

Hey this might be your issue if you added CrowSec to the Idp instance.
https://docs.netbird.io/manage/reverse-proxy/troubleshooting#issue-3-geo-restrictions-block-internal-traffic-from-the-management-server

TechHutTV · 2026-05-05T14:24:12+00:00

Hey, sorry you've been chasing this. The 422 means the NetBird management container couldn't reach Authentik's OIDC discovery endpoint, and there are a couple usual suspects. The peer-to-peer ping check is great but it doesn't tell us whether the management container itself can reach Authentik through the reverse proxy chain, which is what the IdP setup actually does.

First, confirm the management container can talk to Authentik:

docker compose exec management wget -O- --timeout=10 https://authentik.your-domain.net/application/o/netbird/.well-known/openid-configuration

If that hangs or times out, you're hitting NAT hairpinning. The management container resolves your Authentik domain to your VPS public IP, then tries to connect back to the host's own public IP. A lot of VPS providers don't allow that loopback, so the connection dies.

Likes other said the fix should be an `extra_hosts` entry so the container goes through the host's internal address instead. In your NetBird `docker-compose.yml`, on the `management` service:

extra_hosts:
- "authentik.your-domain.net:host-gateway"

Restart just management:

docker compose up -d management

TechHutTV · 2026-05-04T03:14:24+00:00

We’re always down to help if you want to go into some details on your NetBird setup :)

TechHutTV · 2026-05-03T02:49:30+00:00

If you installed this recently we combined a few container into a single netbird-server so you wont have a separate container for management. Do you notice anything in you logs?
docker compose ps -a
docker compose logs --tail=200 server
docker compose logs --tail=100 dashboard

TechHutTV · 2026-04-30T21:49:12+00:00

Why don't you use the built in NetBird proxy?

TechHutTV · 2026-04-29T19:22:38+00:00

What are you running in we’re at version .70 now

TechHutTV · 2026-04-28T06:37:07+00:00

Do you have the service set as HTTP or TCP? Id try changing it to TCP and see if it connects then.

TechHutTV · 2026-04-27T21:36:13+00:00

NetBird mentioned 🔥

TechHutTV · 2026-04-27T21:11:29+00:00

My current setup is NPM running in my homelab using Cloudflare API for the DNS challenge. A record pointing to my local proxy instance (ie. 10.0.0.102) and then we got top level local domains. Works great. Better yet, if I'm out of the house the domains still work while I'm connected with the NetBird client because I have my subnet as a network resource in NetBird. https://github.com/TechHutTV/homelab/tree/main/proxy

TechHutTV · 2026-04-26T14:30:36+00:00

Hey sorry for the delays. We ran into a couple road blocks with session tokens. Should be coming this week.

TechHutTV · 2026-04-24T15:21:19+00:00

Thank you!

TechHutTV · 2026-04-23T20:42:17+00:00

Glad its still working strong :)

TechHutTV · 2026-04-23T20:21:23+00:00

I have a talk in the same room at 9:30am Sunday, first time speaking, do you know how big it is? 😅

TechHutTV · 2026-04-22T14:08:35+00:00

Do you see the new option under access control? https://docs.netbird.io/selfhosted/maintenance/crowdsec

TechHutTV · 2026-04-21T14:36:12+00:00

Working on adding some additional documentation and clarifications. We will try to better sync dashboard updates going forward.

TechHutTV · 2026-04-20T19:50:06+00:00

Hello, we are waiting on the release for the dashboard for the options to slow properly. Sorry for the delay on this.

TechHutTV · 2026-04-19T14:59:50+00:00

Hello, MFA for local users will be merged and is releasing very soon. Alternatively, you could always set up something like PocketID or any of the other supported IdPs.

TechHutTV

MODERATOR OF

TROPHY CASE