Migrate to new Version without migrate the IDP

D11 · April 10, 2026, 7:58pm

Describe the problem

I tried to migrate from external IDP with traefik (authentik) to the internal with the guide Migration Guide: External IdP to Embedded IdP - NetBird Docs

I tried it several times the migration script was successful every time and I changed the values in the docker-compose file but every time got unauthenticated (browser cache deleted). I tried to debug this with github issues, gemini chatgbt etc.

I have only 2 users so my main question is can I migrate the clients without touching them and just install a new netbird same url ? I tried it with a copy of the store.db . But this was not working.

Here are 2 of the problem I run into:

After migration in the dashboard Logs

[10/Apr/2026:18:46:50 +0000] “GET /$NETBIRD_MGMT_API_ENDPOINT/api/instance HTTP/1.1” 404 2419

Here was the $ Variable in the url I grep the whole folder with “grep -R NETBIRD_MGMT_API_ENDPOINT *” but everywhere was the correct url set.

I corrected it with docker exec -it netbird-dashboard-1 sed -i 's|\$NETBIRD_MGMT_API_ENDPOINT|https://server.domain.de|g' /usr/share/nginx/html/_next/static/chunks/bda14900bb28840a.js
and then the path was correct in my browser but still not working.

management-1 | 2026-04-09T20:44:47.987Z ERRO [context: HTTP, requestID: d7c0vfrqqubc739os950] shared/auth/jwt/validator.go:158: getPublicKey error: unable to find appropriate key

management-1 | 2026-04-09T20:44:47.988Z ERRO [context: HTTP, requestID: d7c0vfrqqubc739os950] shared/auth/jwt/validator.go:225: token could not be parsed: token is unverifiable: error while executing keyfunc: unable to find appropriate key

management-1 | 2026-04-09T20:44:47.988Z ERRO [context: HTTP, requestID: d7c0vfrqqubc739os950] management/server/http/middleware/auth_middleware.g

I was never able to fix this .. I reused the authentik provider guide to check all settings bit no idear why this hapened.

NetBird version

netbird version v0.68.1

Additional context

for small instances it is often more easy to just migrate the clients and recreate the user then to run the migration guide.

Xeravax · April 25, 2026, 10:47am

At this rate it would probably be easier to migrate your users. As the amount of effort to fix the issue far exeeds the time you should spend on a very small instance. However, for bigger instances where this is not possible. You need to migrate the IDP, otherwise NetBird doesn’t know who’s who.

D11 · April 27, 2026, 8:09pm

from user perspective yes but my agents are at my families pcs / synologys / ugreen nas. So I would have to change the machines. My machines are all installed with setup key so i have no user connection. is it possible to migrate the machines with sql ? Because everything is in a database.

D11 · April 27, 2026, 9:14pm

I tried the migration again with the 0.70 Migrator version and it finaly worked