Netbird running from container not working

General Discussion
1

Hi,
I have had hit-and-miss results from trying to run docker from a docker container.
Each time the docker compose file is downloaded and run, it adds that instant using a permanent key.
It kinda worked, initially. But now non of the sites/clients can connect.
I have some sites running native netbird without an issue. So I don’t expect it is my server.

I was wondering if anyone else had issues like this.

docker compose example

netbird:
image: netbirdio/netbird:latest
restart: always
hostname: netbird
network_mode: “host”
environment:
- NB_SETUP_KEY=***
- NB_MANAGEMENT_URL=https://:443
- NB_ADMIN_URL=https://:443
- NB_LOG_LEVEL=warn
- NB_HOSTNAME=${CATCHER_HOSTNAME:?Error CATCHER_HOSTNAME is not set in .env}
- NB_ALLOW_SERVER_SSH=true
privileged: true
volumes:
- ./netbird-client-data:/var/lib/netbird
- ./netbird-client-data:/etc/netbird
logging:
driver: “json-file”
options:
max-size: “5m”

that produces logs like this:

docker compose up netbird

Attaching to netbird-1
netbird-1 | 2025-08-28T01:08:18+00:00 INFO /usr/local/bin/netbird-entrypoint.sh:96: registered new service process ‘netbird service run’, currently running: ‘7’
netbird-1 | 2025-08-28T01:08:18+00:00 INFO /usr/local/bin/netbird-entrypoint.sh:41: waiting for log line ‘started daemon server’ for 5 seconds…
netbird-1 | 2025-08-28T01:08:19Z ERRO shared/relay/client/dialer/quic/quic.go:65: failed to dial to Relay server via QUIC ':443’: CRYPTO_ERROR 0x178 (remote): tls: no application protocol
netbird-1 | 2025-08-28T01:08:19Z ERRO [relay: rels://:443] shared/relay/client/dialer/race_dialer.go:79: failed to dial via quic: CRYPTO_ERROR 0x178 (remote): tls: no application protocol
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z ERRO [relay: rels://:443] shared/relay/client/client.go:461: peer not found: sha-K/R3mMdg2jBj2Efytv1J6BKYzxsxRihsgVB8pMfwIjk=
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z ERRO [relay: rels://:443] shared/relay/client/client.go:461: peer not found: sha-6p4i4ZHZ4AcAcg7OA8fZBax94bY8HX3tUWNHF9KyjVg=
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:23+00:00 WARN /usr/local/bin/netbird-entrypoint.sh:71: log line containing ‘started daemon server’ not found after 5 seconds
netbird-1 | 2025-08-28T01:08:23+00:00 WARN /usr/local/bin/netbird-entrypoint.sh:72: daemon failed to start, exiting…
netbird-1 | 2025-08-28T01:08:23+00:00 INFO /usr/local/bin/netbird-entrypoint.sh:26: Shutting down NetBird daemon…
netbird-1 | 2025-08-28T01:08:23+00:00 INFO /usr/local/bin/netbird-entrypoint.sh:28: terminating service process IDs: ‘7’
netbird-1 | 2025-08-28T01:08:23Z WARN [relay: rels://***:443] shared/relay/client/client.go:585: relay connection was already marked as not running
netbird-1 | 2025-08-28T01:08:23Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_relay.go:124: failed to close relay connection: use of closed network connection
netbird-1 | 2025-08-28T01:08:23Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_relay.go:124: failed to close relay connection: use of closed network connection
netbird-1 | 2025-08-28T01:08:23Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_relay.go:124: failed to close relay connection: use of closed network connection
netbird-1 | 2025-08-28T01:08:23Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_relay.go:124: failed to close relay connection: use of closed network connection
netbird-1 | 2025-08-28T01:08:24Z ERRO client/iface/bind/udp_mux_universal.go:96: error while reading packet: shared socked stopped

2

One issue that does confuse me.
When using the docker compose method, the network device, “wt0” does not exist.
I was wondering if the docker container was not able to create that properly from inside the docker container? And that is why it was failing.

3

I have gone over the suggested setting on the docs site.
Everything looks correct.

Is anyone else trying to run netbird from a container? Is it working for you?

4

I did not see,
cap_add: - NET_ADMIN
In your config. Can you try it with your compose file structed similar to this

services:
    netbird:
        cap_add:
            - NET_ADMIN
        environment:
            - NB_SETUP_KEY=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
            - NB_MANAGEMENT_URL=https://netbird.s****.com
        volumes:
            - netbird-client:/etc/netbird
        image: netbirdio/netbird:latest
volumes:
    netbird-client:
        external:
            name: netbird-client
5

It seems that adding NB_ALLOW_SERVER_SSH=true doesnt change “ServerSSHAllowed”: from false to true in default.json. When I change it to true, manually, option to SSH to server was not grayed out anymore. However, I was not able to establish SSH connection to docker container as root user SSH is disabled. So if you really need to ssh to container you could try going in that direction, but am not sure it is worthed.