HI, I have been battling this for several day now, but I cannot access my immich, vaultwarden server pages through netbird cloud account.
vaultwarden/immich dockers are sitting on nginx each with their own subdomains (vw.domain dot com and immich.domain dot com). I can access them through my local network, and from outside of my network, once I open ports 80, 443 and 2283. Since I am not confident in my web server hardening skills, I decided to try netbird (non-docker).
I installed it with set up key on my web server (dedicated debian machine). It is running there fine. It showed up as peer (server). Then I installed netbird on my phone, that also showed up as peer on my netbird dashboard. So now my server netbird status, and my phone app is reporting that they are connected to each other. Thinking that I have 2 things originating from the same internal ip address (server), I created 1 policy for:
phone to (and back) server on tcp ports 80 and 443 for vaultwarden access
phone to (and back) server on tcp port 2283 for immich access.
Now, here is where things get complicated for me, since I have docker, nginx, netbird, my ubiquiti at play. So my problem is that if I punch in vw.domain dot com on my phone while I am connected to netbird, connection times out, same goes with immich url.
I tried those policies separately, I tried stopping vw docker, and try connecting to immich. No change.
All the duckduckgoing only gives me answers to npm, ssh, proxmox connectivity, but nothing specific to website access. As brilliant as TechHub’s videos are, the one with immich demonstrates him adding his immich server to an existing netbird set up, it looked super simple, and worked, yet, mine doesn’t.
Any pointers, would be greatly appreciated.
I don’t know why you’re using 2283 for Immich if you’re using a proxy in front of it (I just use 443 for both vaultwarden and Immich), so I won’t comment on that.
But to be able to reach https://immich.<domain>, you need to have a DNS record configured for it.
The easiest thing to try would be to go to DNS > Zones, click Add Zone, put in , select whatever groups you want this DNS zone used for, click Add Zone. It should automatically pop up another dialog asking you to add a record, so click Add Record. Put in * in the hostname box, then the NetBird IP of whatever machine is running Vaultwarden and Immich in the IPv4 Address box, and click Add Record. Maybe disconnect /r econnect NetBird on your phone or give it a couple minutes, I don’t know how long it takes to propogate down, then see if it works.
What I personally do is that I have a couple of Raspberry Pi 4’s running pihole as Peers, and I run local DNS for them on my LAN so that I can reach things without having to mess with host files or go out over the internet. So I just added a Network in NetBird, with my Trusted VLAN subnet as a Resource and the piholes as Routing Peers. Then under DNS Servers, I added Quad9 as a catchall DNS Server and added the LAN IPs of my piholes as a second Local DNS server, but only for my domain. This way, if I’m connected to NetBird and issue a request for any subdomain under my domain, it routes to my local subnet and asks my pihole for the DNS record, and the pihole returns the LAN address. So I’m more or less inside my LAn even when I’m not.
Obviously the setup I’m using won’t be an option unless you have a pihole or some other piece of hardware to run a DNS server on (or you’re able to add your router as a NetBird peer), so try the simpler setup with a DNS Record in NetBird and see if that works.
Yeah, forgot about this post.
Eventually I figured it out.
It was DNS, had to enter DNS server in nginx available sites for immich and VW. Have been using netbird for more than a month now, works great.