Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

relay component can't work when I deploy netbird server, the container logs reported error info "failed to bind server: valid TLS config is required for QUIC listener" #3200

Open
coldwlan opened this issue Jan 17, 2025 · 1 comment
Open

relay component can't work when I deploy netbird server, the container logs reported error info "failed to bind server: valid TLS config is required for QUIC listener" #3200

coldwlan opened this issue Jan 17, 2025 · 1 comment
Labels
triage-needed

Comments

@coldwlan
Copy link

relay component can't work when I deploy netbird server, the container logs reported error info "failed to bind server: valid TLS config is required for QUIC listener"

netbird 0.35.2

2025-01-17T08:25:00Z INFO relay/cmd/root.go:124: running metrics server: :9090/metrics
2025-01-17T08:25:00Z INFO relay/cmd/root.go:149: server will be available on: rel://netbird.selfhostdomain.xyz:33080
2025-01-17T08:25:00Z FATL relay/cmd/root.go:152: failed to bind server: valid TLS config is required for QUIC listener

Image

version: "3.4"
services:
  # Caddy reverse proxy
  # caddy:
  #   image: caddy
  #   restart: unless-stopped
  #   networks: [ netbird ]
  #   ports:
  #     - '443:443'
  #     - '443:443/udp'
  #     - '80:80'
  #     - '8080:8080'
  #   volumes:
  #     - netbird_caddy_data:/data
  #     - /home/docker-compose/netbird/Caddyfile:/etc/caddy/Caddyfile
  #   logging:
  #     driver: "json-file"
  #     options:
  #       max-size: "500m"
  #       max-file: "2"
  # UI dashboard
  dashboard:
    image: netbirdio/dashboard:latest
    restart: unless-stopped
    networks: [netbird]
    ports:
      - '8011:80'
    # env_file:
    #   - /home/docker-compose/netbird/dashboard.env
    environment:
      # Endpoints
      - NETBIRD_MGMT_API_ENDPOINT=https://netbird.selfhostdomain.xyz
      - NETBIRD_MGMT_GRPC_API_ENDPOINT=https://netbird.selfhostdomain.xyz
      # OIDC
      - AUTH_AUDIENCE=301373031794671620
      - AUTH_CLIENT_ID=301373031794671620
      - AUTH_AUTHORITY=https://netbird.selfhostdomain.xyz
      - USE_AUTH0=false
      - AUTH_SUPPORTED_SCOPES=openid profile email offline_access
      - AUTH_REDIRECT_URI=/nb-auth
      - AUTH_SILENT_REDIRECT_URI=/nb-silent-auth
      # SSL
      - NGINX_SSL_PORT=443
      # Letsencrypt
      - LETSENCRYPT_DOMAIN=none
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Signal
  signal:
    image: netbirdio/signal:latest
    restart: unless-stopped
    networks: [netbird]
    ports:
      - '10000:10000'
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Relay
  relay:
    image: netbirdio/relay:latest
    restart: unless-stopped
    networks: [netbird]
    # env_file:
    #   - /home/docker-compose/netbird/relay.env
    ports:
      - '33080:33080'
    environment:
      - NB_LOG_LEVEL=info
      - NB_LISTEN_ADDRESS=:33080
      - NB_EXPOSED_ADDRESS=rel://netbird.selfhostdomain.xyz:33080
      - NB_AUTH_SECRET=J1JalNtzoPrvb5LKd1nSgzaFCM0TGGPboi6CcRc9Ad8
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Management
  management:
    image: netbirdio/management:latest
    restart: unless-stopped
    networks: [netbird]
    ports:
      - '8012:80'
    volumes:
      - netbird_management:/var/lib/netbird
      - /home/docker-compose/netbird/management.json:/etc/netbird/management.json
    command: [
      "--port", "80",
      "--log-file", "console",
      "--log-level", "info",
      "--disable-anonymous-metrics=false",
      "--single-account-mode-domain=netbird.selfhosted",
      "--dns-domain=netbird.selfhosted",
      "--idp-sign-key-refresh-enabled",
    ]
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Coturn, AKA relay server
  coturn:
    image: coturn/coturn
    restart: unless-stopped
    #domainname: netbird.relay.selfhosted
    volumes:
      - /home/docker-compose/netbird/turnserver.conf:/etc/turnserver.conf:ro
      # - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
      # - ./cert.pem:/etc/coturn/certs/cert.pem:ro
    network_mode: host
    command:
      - -c /etc/turnserver.conf
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Zitadel - identity provider
  zitadel:
    restart: 'always'
    networks: [netbird]
    ports:
      - '8080:8080'
    image: 'ghcr.io/zitadel/zitadel:v2.64.1'
    command: 'start-from-init --masterkeyFromEnv --tlsMode external'
    # env_file:
    #   - /home/docker-compose/netbird/zitadel.env
    environment:
      - ZITADEL_LOG_LEVEL=debug
      - ZITADEL_MASTERKEY=+kNxvUYQ77V6cUIAumuPHnDAdLUkg5vU
      - ZITADEL_EXTERNALSECURE=true
      - ZITADEL_TLS_ENABLED="false"
      - ZITADEL_EXTERNALPORT=443
      - ZITADEL_EXTERNALDOMAIN=netbird.selfhostdomain.xyz
      - ZITADEL_FIRSTINSTANCE_PATPATH=/machinekey/zitadel-admin-sa.token
      - ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa
      - ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin
      - ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_SCOPES=openid
      - ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE=2025-01-06T02:21:16Z
      - ZITADEL_DATABASE_POSTGRES_HOST=zdb
      - ZITADEL_DATABASE_POSTGRES_PORT=5432
      - ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
      - ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
      - ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=J5AFUdsbRhLdZgu82JnzSOx6UcH5dPztvFTI5PcKgYw@
      - ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
      - ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root
      - ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=UGP2EYA/gopBBGtAmzN7tkuI3kQqxXTidqz4713WS54@
      - ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
    depends_on:
      zdb:
        condition: 'service_healthy'
    volumes:
      - /home/docker-compose/netbird/machinekey:/machinekey
      - netbird_zitadel_certs:/zdb-certs:ro
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
  # Postgres for Zitadel
  zdb:
    restart: 'always'
    networks: [netbird]
    image: 'postgres:16-alpine'
    # env_file:
    #   - /home/docker-compose/netbird/zdb.env
    environment:
      - POSTGRES_USER=root
      - POSTGRES_PASSWORD=UGP2EYA/gopBBGtAmzN7tkuI3kQqxXTidqz4713WS54@
    volumes:
      - netbird_zdb_data:/var/lib/postgresql/data:rw
    healthcheck:
      test: ["CMD-SHELL", "pg_isready", "-d", "db_prod"]
      interval: 5s
      timeout: 60s
      retries: 10
      start_period: 5s
    logging:
      driver: "json-file"
      options:
        max-size: "500m"
        max-file: "2"
volumes:
  netbird_zdb_data:
  netbird_management:
  # netbird_caddy_data:
  netbird_zitadel_certs:

networks:
  netbird:

Image
@HekSahiti
Copy link

@coldwlan this is resolved in 0.36.2 (#3202)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage-needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HekSahiti @coldwlan