Using Netbird to replace my Traefik

General Discussion
1

Good day all.

I am fairly new to exploring netbird and have some questions about how to do the setup and configuration to meet my desires.

I would like to leverage netbird’s new reverse proxy functionality to allow some of my services like immich for example to be publicly accessible by url to the “public” (do plan to lock this access down with some level of authentication for most of the services I want to expose as well), but I also would like to leverage netbird for my internal name resolution so that i can use it as an internal proxy as well like how i have Traefik configured today. For example, ideally would like to be able to access immich on immich.domain.tld regardless of if I’m in my LAN or in the wider world to allow for seamless connectivity regardless of if I’m home or not. And ideally in this configuration I would not need to be on the netbird VPN and would not need to leave my LAN for the access. I hope that all makes sense but if it doesn’t please let me know.

I do plan to do this on a self-hosted netbird in a VPS most likely as i may also want to serve up home media and if I understand correctly that sort of thing is not allowed in the managed version due to data throughput thresholds.

2
  1. Setup DNS globally to point to the public IP (either of the service itself, or the netbird proxy)
  2. Create a dns entry in NetBird to reference your machine if you are connected to NetBird
    image
    image1495×167 12.4 KB
  3. Create an local DNS server (if you have/need one) and all clients on the local net connect with that DNS server to get the service locally.
  4. Make the NetBird DNS and local LAN point to a reverse proxy that manages a certificate while having NetBird proxy point to the service directly.
3

Gotcha okay so I would still need to have an internal reverse proxy configured. Good to know.

4

Just to make sure I have a good handle on the full flow here while i look into setting things up.

Lets assume I have a service (immich) hosted on my internal network at 172.16.0.30

For WAN level DNS I would have say cloudflare point *.mydomain.tld to the IP of my Netbird proxy host.

I would have a NetBird DNS entry pointing immich.mydomain.tld at 172.16.0.30 with a Netbird client somewhere in my network ensuring that IP is accessible to my Netbird network.

I would have an internal reverse proxy like traefik configured on say 172.16.0.50

My internal DNS, however i decide to manage that, would redirect *.mydomain.tld to 172.16.0.50 to allow local access to services

Have a Netbird DNS entry doing the same as my internal DNS.

And have Netbird Proxy point directly at the service itself, ie. immich.mydomain.tld at 172.16.0.30 for it and any other services i would want to allow to be “publicly” accessible.

5

Correct, that is more or less how you’d do it.