Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

relay component can't work when I deploy netbird server, the container logs reported error info "failed to bind server: valid TLS config is required for QUIC listener" #3200

Open
coldwlan opened this issue Jan 17, 2025 · 2 comments
Open

relay component can't work when I deploy netbird server, the container logs reported error info "failed to bind server: valid TLS config is required for QUIC listener" #3200

coldwlan opened this issue Jan 17, 2025 · 2 comments
Labels
triage-needed

Comments

@coldwlan
Copy link

relay component can't work when I deploy netbird server, the container logs reported error info "failed to bind server: valid TLS config is required for QUIC listener"

netbird 0.35.2

2025-01-17T08:25:00Z INFO relay/cmd/root.go:124: running metrics server: :9090/metrics
2025-01-17T08:25:00Z INFO relay/cmd/root.go:149: server will be available on: rel://netbird.selfhostdomain.xyz:33080
2025-01-17T08:25:00Z FATL relay/cmd/root.go:152: failed to bind server: valid TLS config is required for QUIC listener

Image

version: "3.4"
services:
  # Caddy reverse proxy
  # caddy:
  #   image: caddy
  #   restart: unless-stopped
  #   networks: [ netbird ]
  #   ports:
  #     - '443:443'
  #     - '443:443/udp'
  #     - '80:80'
  #     - '8080:8080'
  #   volumes:
  #     - netbird_caddy_data:/data
  #     - /home/docker-compose/netbird/Caddyfile:/etc/caddy/Caddyfile
  #   logging:
  #     driver: "json-file"
  #     options:
  #       max-size: "500m"
  #       max-file: "2"
  # UI dashboard
  dashboard:
    image: netbirdio/dashboard:latest
    restart: unless-stopped
    networks: [netbird]
    ports:
      - '8011:80'
    # env_file:
    #   - /home/docker-compose/netbird/dashboard.env
    environment:
      # Endpoints
      - NETBIRD_MGMT_API_ENDPOINT=https://netbird.selfhostdomain.xyz
      - NETBIRD_MGMT_GRPC_API_ENDPOINT=https://netbird.selfhostdomain.xyz
      # OIDC
      - AUTH_AUDIENCE=301373031794671620
      - AUTH_CLIENT_ID=301373031794671620
      - AUTH_AUTHORITY=https://netbird.selfhostdomain.xyz
      - USE_AUTH0=false
      - AUTH_SUPPORTED_SCOPES=openid profile email offline_access
      - AUTH_REDIRECT_URI=/nb-auth
      - AUTH_SILENT_REDIRECT_URI=/nb-silent-auth
      # SSL
      - NGINX_SSL_PORT=443
      # Letsencrypt
      - LETSENCRYPT_DOMAIN=none
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Signal
  signal:
    image: netbirdio/signal:latest
    restart: unless-stopped
    networks: [netbird]
    ports:
      - '10000:10000'
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Relay
  relay:
    image: netbirdio/relay:latest
    restart: unless-stopped
    networks: [netbird]
    # env_file:
    #   - /home/docker-compose/netbird/relay.env
    ports:
      - '33080:33080'
    environment:
      - NB_LOG_LEVEL=info
      - NB_LISTEN_ADDRESS=:33080
      - NB_EXPOSED_ADDRESS=rel://netbird.selfhostdomain.xyz:33080
      - NB_AUTH_SECRET=J1JalNtzoPrvb5LKd1nSgzaFCM0TGGPboi6CcRc9Ad8
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Management
  management:
    image: netbirdio/management:latest
    restart: unless-stopped
    networks: [netbird]
    ports:
      - '8012:80'
    volumes:
      - netbird_management:/var/lib/netbird
      - /home/docker-compose/netbird/management.json:/etc/netbird/management.json
    command: [
      "--port", "80",
      "--log-file", "console",
      "--log-level", "info",
      "--disable-anonymous-metrics=false",
      "--single-account-mode-domain=netbird.selfhosted",
      "--dns-domain=netbird.selfhosted",
      "--idp-sign-key-refresh-enabled",
    ]
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Coturn, AKA relay server
  coturn:
    image: coturn/coturn
    restart: unless-stopped
    #domainname: netbird.relay.selfhosted
    volumes:
      - /home/docker-compose/netbird/turnserver.conf:/etc/turnserver.conf:ro
      # - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
      # - ./cert.pem:/etc/coturn/certs/cert.pem:ro
    network_mode: host
    command:
      - -c /etc/turnserver.conf
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Zitadel - identity provider
  zitadel:
    restart: 'always'
    networks: [netbird]
    ports:
      - '8080:8080'
    image: 'ghcr.io/zitadel/zitadel:v2.64.1'
    command: 'start-from-init --masterkeyFromEnv --tlsMode external'
    # env_file:
    #   - /home/docker-compose/netbird/zitadel.env
    environment:
      - ZITADEL_LOG_LEVEL=debug
      - ZITADEL_MASTERKEY=+kNxvUYQ77V6cUIAumuPHnDAdLUkg5vU
      - ZITADEL_EXTERNALSECURE=true
      - ZITADEL_TLS_ENABLED="false"
      - ZITADEL_EXTERNALPORT=443
      - ZITADEL_EXTERNALDOMAIN=netbird.selfhostdomain.xyz
      - ZITADEL_FIRSTINSTANCE_PATPATH=/machinekey/zitadel-admin-sa.token
      - ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa
      - ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin
      - ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_SCOPES=openid
      - ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE=2025-01-06T02:21:16Z
      - ZITADEL_DATABASE_POSTGRES_HOST=zdb
      - ZITADEL_DATABASE_POSTGRES_PORT=5432
      - ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
      - ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
      - ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=J5AFUdsbRhLdZgu82JnzSOx6UcH5dPztvFTI5PcKgYw@
      - ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
      - ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root
      - ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=UGP2EYA/gopBBGtAmzN7tkuI3kQqxXTidqz4713WS54@
      - ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
    depends_on:
      zdb:
        condition: 'service_healthy'
    volumes:
      - /home/docker-compose/netbird/machinekey:/machinekey
      - netbird_zitadel_certs:/zdb-certs:ro
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Postgres for Zitadel
  zdb:
    restart: 'always'
    networks: [netbird]
    image: 'postgres:16-alpine'
    # env_file:
    #   - /home/docker-compose/netbird/zdb.env
    environment:
      - POSTGRES_USER=root
      - POSTGRES_PASSWORD=UGP2EYA/gopBBGtAmzN7tkuI3kQqxXTidqz4713WS54@
    volumes:
      - netbird_zdb_data:/var/lib/postgresql/data:rw
    healthcheck:
      test: ["CMD-SHELL", "pg_isready", "-d", "db_prod"]
      interval: 5s
      timeout: 60s
      retries: 10
      start_period: 5s
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
volumes:
  netbird_zdb_data:
  netbird_management:
  # netbird_caddy_data:
  netbird_zitadel_certs:

networks:
  netbird:

Image
@HekSahiti
Copy link

@coldwlan this is resolved in 0.36.2 (#3202)

@Marcus1Pierce
Copy link

@coldwlan If you read this

Added initial support for the QUIC protocol in the client and relay server, improving connection reliability and performance. For self-hosted admins that want to try this out, you should ensure that the relay server has TLS certificates configured and that the main listening port is available in both, TCP and UDP.

I think the relay server must use TLS certificates and support both TCP and UDP ports.

Correct Me If I'm Wrong

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage-needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@HekSahiti @Marcus1Pierce @coldwlan and others