Netbird running from container not working

jamiegau · August 28, 2025, 1:11am

Hi,
I have had hit-and-miss results from trying to run docker from a docker container.
Each time the docker compose file is downloaded and run, it adds that instant using a permanent key.
It kinda worked, initially. But now non of the sites/clients can connect.
I have some sites running native netbird without an issue. So I don’t expect it is my server.

I was wondering if anyone else had issues like this.

docker compose example

netbird:
image: netbirdio/netbird:latest
restart: always
hostname: netbird
network_mode: “host”
environment:
- NB_SETUP_KEY=***
- NB_MANAGEMENT_URL=https://:443
- NB_ADMIN_URL=https://:443
- NB_LOG_LEVEL=warn
- NB_HOSTNAME=${CATCHER_HOSTNAME:?Error CATCHER_HOSTNAME is not set in .env}
- NB_ALLOW_SERVER_SSH=true
privileged: true
volumes:
- ./netbird-client-data:/var/lib/netbird
- ./netbird-client-data:/etc/netbird
logging:
driver: “json-file”
options:
max-size: “5m”

that produces logs like this:

docker compose up netbird

Attaching to netbird-1
netbird-1 | 2025-08-28T01:08:18+00:00 INFO /usr/local/bin/netbird-entrypoint.sh:96: registered new service process ‘netbird service run’, currently running: ‘7’
netbird-1 | 2025-08-28T01:08:18+00:00 INFO /usr/local/bin/netbird-entrypoint.sh:41: waiting for log line ‘started daemon server’ for 5 seconds…
netbird-1 | 2025-08-28T01:08:19Z ERRO shared/relay/client/dialer/quic/quic.go:65: failed to dial to Relay server via QUIC ':443’: CRYPTO_ERROR 0x178 (remote): tls: no application protocol
netbird-1 | 2025-08-28T01:08:19Z ERRO [relay: rels://:443] shared/relay/client/dialer/race_dialer.go:79: failed to dial via quic: CRYPTO_ERROR 0x178 (remote): tls: no application protocol
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z ERRO [relay: rels://:443] shared/relay/client/client.go:461: peer not found: sha-K/R3mMdg2jBj2Efytv1J6BKYzxsxRihsgVB8pMfwIjk=
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z ERRO [relay: rels://:443] shared/relay/client/client.go:461: peer not found: sha-6p4i4ZHZ4AcAcg7OA8fZBax94bY8HX3tUWNHF9KyjVg=
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:20Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_ice.go:158: ICE Agent is not initialized yet
netbird-1 | 2025-08-28T01:08:23+00:00 WARN /usr/local/bin/netbird-entrypoint.sh:71: log line containing ‘started daemon server’ not found after 5 seconds
netbird-1 | 2025-08-28T01:08:23+00:00 WARN /usr/local/bin/netbird-entrypoint.sh:72: daemon failed to start, exiting…
netbird-1 | 2025-08-28T01:08:23+00:00 INFO /usr/local/bin/netbird-entrypoint.sh:26: Shutting down NetBird daemon…
netbird-1 | 2025-08-28T01:08:23+00:00 INFO /usr/local/bin/netbird-entrypoint.sh:28: terminating service process IDs: ‘7’
netbird-1 | 2025-08-28T01:08:23Z WARN [relay: rels://***:443] shared/relay/client/client.go:585: relay connection was already marked as not running
netbird-1 | 2025-08-28T01:08:23Z WARN [peer: v4tRfQZieHJDFgTK5q+93shKs+TMkUzi4n0tg1qZmiE=] client/internal/peer/worker_relay.go:124: failed to close relay connection: use of closed network connection
netbird-1 | 2025-08-28T01:08:23Z WARN [peer: TLgkUDUxVPQOVX/Yva/x8BLuXPWzX5OM9Mtu+oyqZnM=] client/internal/peer/worker_relay.go:124: failed to close relay connection: use of closed network connection
netbird-1 | 2025-08-28T01:08:23Z WARN [peer: xTODgweHojExMZoX/eGvoQGCtwJzx7BS6JppZ5w9z0o=] client/internal/peer/worker_relay.go:124: failed to close relay connection: use of closed network connection
netbird-1 | 2025-08-28T01:08:23Z WARN [peer: cXCNB8x+aX7OXKmZ4e57Kk2qjFyCL17P7yR3LEvyGRE=] client/internal/peer/worker_relay.go:124: failed to close relay connection: use of closed network connection
netbird-1 | 2025-08-28T01:08:24Z ERRO client/iface/bind/udp_mux_universal.go:96: error while reading packet: shared socked stopped

jamiegau · August 28, 2025, 3:58am

One issue that does confuse me.
When using the docker compose method, the network device, “wt0” does not exist.
I was wondering if the docker container was not able to create that properly from inside the docker container? And that is why it was failing.

jamiegau · September 2, 2025, 2:04am

I have gone over the suggested setting on the docs site.
Everything looks correct.

Is anyone else trying to run netbird from a container? Is it working for you?

SaavageBueno · September 22, 2025, 9:00am

I did not see,
cap_add: - NET_ADMIN
In your config. Can you try it with your compose file structed similar to this

services:
    netbird:
        cap_add:
            - NET_ADMIN
        environment:
            - NB_SETUP_KEY=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
            - NB_MANAGEMENT_URL=https://netbird.s****.com
        volumes:
            - netbird-client:/etc/netbird
        image: netbirdio/netbird:latest
volumes:
    netbird-client:
        external:
            name: netbird-client