Netbird - Update to add Relays
Netbird has put out an update with version 0.29.0 of ther amazing open source Wireguard server software that adds a new feature called "Relays".
Here's a link to their release notes on version 0.29.0 https://github.com/netbirdio/netbird/releases/tag/v0.29.0
Note, that at this point, they've also released 0.29.1 and 0.29.2 in rapid succession as they bring updates to these new features and functionalities.
This new addition brings the creation of peer-to-peer networks (devices connected directly to each other) out of the Turn server realm, and into the websockets realm. This isn't a terribly difficult update, so if you're running a version older than 0.29.0, let's go through the update process together, and we'll be on our way to having a great updated server.
The new "relay" sections of the docker-compose.yml and the manifest.json will be needing a few variables replaced with your server information.
- Your domain name (the name or ip address you use to reach the Netbird server from your client machines)
- A Port number (specifically port 33080)
- A new secure key that we'll generate down below using our command line.
First, log into your netbird server with the command line utility (terminal). You may do this via SSH if it's a remote server like mine is.
My base level "netbird" directory is inside of a parent level "docker" directory. So I went to docker/netbird/infrastructure_files/artifacts with the command
cd docker/netbird/infrastructure_files/artifacts
You would modify this path if needed. Many people may not have the parent level "docker" folder. If you don't, then you can likely just do:
cd netbird/infrastructure_files/artifacts
Once in this folder, we can view the files inside by doing the command:
ls
We need to update two of the files in this location.
- docker-compose.yml
- manifest.json
Let's do the docker-compose.yml file first. Using the nano editor, we'll open this file, and then using the arrow keys move almost to the end of the file.
nano docker-compose.yml
I stopped and added my change just above the #Coturn section. Place your cursor above the line that says
# Coturn
and copy the following code snippet, then paste it into your docker-compose.yml file.
# relay
relay:
image: netbirdio/relay:latest
restart: unless-stopped
environment:
- NB_LOG_LEVEL=info
- NB_LISTEN_ADDRESS=:<new-port> # this port should be 33080 by default
- NB_EXPOSED_ADDRESS=<your-netbird-domain>:<new-port> # this port should be 33080 by default
- NB_AUTH_SECRET=<new-auth-key>
ports:
- 33080:33080
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
Once pasted in, your docker-compose.yml should look something like this:
# relay
relay:
image: netbirdio/relay:latest
restart: unless-stopped
environment:
- NB_LOG_LEVEL=info
- NB_LISTEN_ADDRESS=:<new-port> # this port should be 33080 by default
- NB_EXPOSED_ADDRESS=<your-netbird-domain>:<new-port> # this port should be 33080 by default
- NB_AUTH_SECRET=<new-auth-key>
ports:
- 33080:33080
logging:
driver: "json-file"
options:
max-size: "500m"
max-file: "2"
# Coturn
coturn:
image: coturn/coturn:latest
restart: unless-stopped
domainname: netbird.sysmainit.com
volumes:
Now, replace the placeholders surrounded by less than "<" and greater than ">" signs:
This one needs to be entered in two places, so pay attention.<new-port>
<your-netbird-domain>
To generate a new auth key, we'll save our changes with CTRL + O, then press Enter to confirm, and exit the nano editor with CTRL + X.
Now, use the command:openssl rand -base64 32 | sed 's/=//g'
Now copy the newly generated key, and replace <new-auth-key>
back in the docker-compose.yml file. Store this key somewhere safe, as we'll need it again in our management.json file in just a minute.
Once you've replaced all the values, save the file with CTRL + O, then press Enter to confirm, and exit the editor with CTRL + X.
Next, we need to update our manifest.json file. Again, we'll use the nano editor to do this.
nano manifest.json
Now we'll add the snipped:
"Relay": {
"Addresses": ["rel://<DOMAIN>:<PORT>"],
"CredentialsTTL": "24h",
"Secret": "<AUTH_SECRET>"
},
Again, arrow down to the section just above the reverse proxy section, almost to the end of the file. Once updated with the new snippet, your manifest should look something like this:
"StoreConfig": {
"Engine": "sqlite"
},
"Relay": {
"Addresses": ["rel://<DOMAIN>:<PORT>"],
"CredentialsTTL": "24h",
"Secret": "<AUTH_KEY>"
},
"ReverseProxy": {
"TrustedHTTPProxies": [],
Replace <DOMAIN>, <PORT>, and <AUTH_KEY> with the values you used in the docker-compose.yml file.
Save your changes with CTRL + O, then press Enter to confirm, and exit the nano editor with CTRL + X.
Now do the command:
docker compose pull
Followed by the command to re-create your containers:
docker compose up -d --force-recreate
Be patient as each command completes. Once done, wait about 30 seconds to 2 minutes, then try to login to your netbird web management system. If all went well, you're now running the latest version of Netbird with Realy support.
Well done!