Skip to main content

Netbird - Update to add Relays

Netbird has put out an update with version 0.29.0 of ther amazing open source Wireguard server software that adds a new feature called "Relays". 

This new addition brings the creation of peer-to-peer networks (devices connected directly to each other) out of the Turn server realm, and into the websockets realm.  This isn't a terribly difficult update, so if you're running a version older than 0.29.0, let's go through the update process together, and we'll be on our way to having a great updated server.

The new "relay" sections of the docker-compose.yml and the manifest.json will be needing a few variables replaced with your server information.

  • Your domain name (the name or ip address you use to reach the Netbird server from your client machines)
  • A Port number (specifically port 33080)
  • A new secure key that we'll generate down below using our command line.

First, log into your netbird server with the command line utility (terminal).  You may do this via SSH if it's a remote server like mine is.

Next, we'll navigate to the correct folder. You setup may differ slightly from their ideal setup, and even my setup, but as long as you can find your base level "netbird" folder, you'll be able to get to these files.

My base level "netbird" directory is inside of a parent level "docker" directory.  So I went to docker/netbird/infrastructure_files/artifacts with the command

cd   docker/netbird/infrastructure_files/artifacts

You would modify this path if needed.  Many people may not have the parent level "docker" folder. If you don't, then you can likely just do:

cd netbird/infrastructure_files/artifacts

Once in this folder, we can view the files inside by doing the command:

ls

We need to update two of the files in this location. 

  1. docker-compose.yml
  2. manifest.json

Let's do the docker-compose.yml file first.  Using the nano editor, we'll open this file, and then using the arrow keys move almost to the end of the file.

nano docker-compose.yml

I stopped and added my change just above the #Coturn section.  Place your cursor above the line that says

# Coturn

and copy the following code snippet, then paste it into your docker-compose.yml file.

# relay
  relay:
    image: netbirdio/relay:latest
    restart: unless-stopped
    environment:
    - NB_LOG_LEVEL=info
    - NB_LISTEN_ADDRESS=:<new-port> # this port should be 33080 by default
    - NB_EXPOSED_ADDRESS=<your-netbird-domain>:<new-port>  # this port should be 33080 by default
    - NB_AUTH_SECRET=<new-auth-key>
    ports:
      - 33080:33080
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"

Once pasted in, your docker-compose.yml should look something like this:

# relay
  relay:
    image: netbirdio/relay:latest
    restart: unless-stopped
    environment:
    - NB_LOG_LEVEL=info
    - NB_LISTEN_ADDRESS=:<new-port> # this port should be 33080 by default
    - NB_EXPOSED_ADDRESS=<your-netbird-domain>:<new-port>  # this port should be 33080 by default
    - NB_AUTH_SECRET=<new-auth-key>
    ports:
      - 33080:33080
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"

  # Coturn
  coturn:
    image: coturn/coturn:latest
    restart: unless-stopped
    domainname: netbird.sysmainit.com
    volumes:

Now, replace the placeholders surrounded by less than "<" and greater than ">" signs:

This one needs to be entered in two places, so pay attention.
<new-port> 

<your-netbird-domain>

To generate a new auth key, we'll save our changes with CTRL + O, then press Enter to confirm, and exit the nano editor with CTRL + X. 

Now, use the command:
openssl rand -base64 32 | sed 's/=//g'

Now copy the newly generated key, and replace <new-auth-key> back in the docker-compose.yml file.  Store this key somewhere safe, as we'll need it again in our management.json file in just a minute.

Once you've replaced all the values, save the file with CTRL + O, then press Enter to confirm, and exit the editor with CTRL + X.

Next, we need to update our manifest.json file.  Again, we'll use the nano editor to do this.

nano manifest.json

Now we'll add the snipped:

    "Relay": {
        "Addresses": ["rel://<DOMAIN>:<PORT>"],
        "CredentialsTTL": "24h",
        "Secret": "<AUTH_SECRET>"
    },

Again, arrow down to the section just above the reverse proxy section, almost to the end of the file.  Once updated with the new snippet, your manifest should look something like this:

   "StoreConfig": {
        "Engine": "sqlite"
    },
    "Relay": {
        "Addresses": ["rel://<DOMAIN>:<PORT>"],
        "CredentialsTTL": "24h",
        "Secret": "<AUTH_KEY>"
    },
    "ReverseProxy": {
        "TrustedHTTPProxies": [],

Replace <DOMAIN>, <PORT>, and <AUTH_KEY> with the values you used in the docker-compose.yml file.

Save your changes with CTRL + O, then press Enter to confirm, and exit the nano editor with CTRL + X.

Now do the command:

docker compose pull

Followed by the command to re-create your containers:

docker compose up -d --force-recreate

Be patient as each command completes.  Once done, wait about 30 seconds to 2 minutes, then try to login to your netbird web management system.  If all went well, you're now running the latest version of Netbird with Realy support.

Well done!