Netbird is king.
from Cantaloupe@lemmy.fedioasis.cc to selfhosted@lemmy.world on 06 Mar 10:15
https://lemmy.fedioasis.cc/post/36949
from Cantaloupe@lemmy.fedioasis.cc to selfhosted@lemmy.world on 06 Mar 10:15
https://lemmy.fedioasis.cc/post/36949
Figured I’d give Netbird a go, glad I did because I can self host extremely easily by using the new services feature.
You specify a subdomain, point to a peer, specify a protocol and port, and you are good. NetBird fetches you the certificate and your site goes live fast.
I can use my Immich with my mobile data now.
Edit: Note that I choose to self host NetBird, and haven’t really used the service they provide all that much.
threaded - newest
Shout-out for pangolin. Betbird looks interesting too!
I just looked it up and pangolin is based in the us. Since it’s selfhosted the impact is little but if a government turns bad (and theirs has) it poses a risk. Even if it’s open source I don’t read the code and verify every update. Hmm
It’s great. And I hope it will last as it is as long as possible.
I applied to work for them. Insta-rejected :/
Must be amazing
Where is this hosted? What jurisdiction is netbird in?
Netbird is a European company headquartered in Berlin. It’s fully FOSS and you can self-host the entire stack, unlike Tailscale which relies on a third party implementation.
There’s a script on their github that makes setup super easy.
That said, I’ve no idea where their servers are, if you opt to use their servers instead of hosting your own.
Edit: oh yeah, they also have a YouTube channel with updates and guides.
It seems similar in purpose to pangolin, how do they differ?
Had the same question since I am running pangolin
netbird.io/knowledge-hub/netbird-vs-pangolin
Network architecture
Never used Pangolin, so I’ve no idea. Sorry.
I really wanted to keep it after deciding to switch from Tailscale, but it’s mobile app is draining my phone’s battery. It also disconnects without automatically reconnect. Now, I’m in the process of setting OpenZiti up.
How’s your experience with NetBird’s mobile app?
just curious, why move away from tailscale?
.
Didn’t downvote you, and I get what you are saying, but in another way I don’t. What makes every other country safer? Nothing that would happen here in the USA couldn’t happen or is happening in any other country. Oh, and this has nothing to do with people trash talking the US. I do it every day I’m awake. However, for those who go with this line of thought, I honestly want to know what you think Tailscale is going to do with your encrypted traffic? Because the day the world finds out that America has cracked strong ciphers, is the day you are going to see a lot of panic and movement on this planet. And I would certainly love to make that announcement. It’ll be my going out 15 minutes of fame.
A lot of people are boycotting as many things from the U.S. as they can because of the warmongering paedophile, and his cadre of paedo crooks.
It’s not exactly exciting to buy into products when you have that stinky orange mess breathing down your neck about how he’s going to invade your continent and annex countries.
He does like to spread fear and doubt. That’s one of his specialties. Yeah, countries enshitify too. LOL I can understand the sentiment you just expressed rather than the standard ‘Tailscale metadata’. But if you want to take care of stinky orange man, you and your country will have to stand up to him. I’m doing the best I can from this end. LOL
Absolutely necessary to do more than voting with your wallet. Fascism is on the rise everywhere and we as societies need to actively engage with it and provide working alternative structures to prevent people to be drawn towards it.
.
I am one of them. I am from Italy and simply do not want to support any US-based company any more, independently from their own stance on anything.
Aye, same. I’m Swedish. Not thrilled about the U.S. threatening to invade Greenland, or kidnapping heads of state. Denmark has been sucking up to the U.S. a lot through the years which goes to show that you can’t trust the U.S., ever.
You are comparing something that could happen, to something that is already happening, though. Of course people will take stance.
Because the main reason I’m self-hosting is to have control over my data. This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers. Besides that, they’re on the Enshitification road, which made me to search for 100% self-hosted alternatives. And yes, I’m going for EU based companies when it’s a viable option.
You gave away your metadata getting on the internet today. I like controlling my data as well, however I realize that certain compromises just have to be made in order to continue to live in a global, civilized, society.
While I agree with You that there is always a compromise regarding privacy and participation. But you can always take steps to reduce that delta between reality and ideal by optimizing things.
You can self host the Tailscale server via Headscale.
There is an alternative unofficial app available on F-Droid called JetBird.
It is as valid as the official one.
To reduce battery usage, you may want to try Netbird’s Lazy Connections feature.
What’s the advantage of this over cloudflare and a reverse proxy? It does the certificate management for you as well?
Streamlining mostly.
Independence since no cloud flare
Not routing all your unencrypted traffic through a company located in an dictatorship
So? It’s just a reverse proxy?
Then it doesnt solve the purpose of Cloudflare which also has WAF.
And that can (for example) be done with CrowdSec.
Crowdsec is OSS, but probably not fully autonomous because it needs the hivemind to really work it’s intended purpose.
Other than that it’s a fancy fail2ban.
Thus I need to ask: What does Netbird better?
Replaced a self hosted Wireguard/OVPN setup that was used to navigate corporate/public networks with Netbird a few months ago and haven’t looked back. Never having hosted Tailscale, I am impressed with the flexibility and routing an overlay VPN offers, particularly with Netbird’s management UI. The project itself seems well maintained and the team regularly adds new features, many of which I have not bothered to explore yet.
Give it a go I say.
I’ve been looking at this. I’m currently hosting headacale which is super easy and nice. I might give this a try I just need to get over the hurdle of adapting this to work with podman like I have with headscale. Anybody else running this via podman quadlets?
I’ve been using Pangolin since it came out … to make my services available without opening ports, but I also use Netbird for VPN access.
Is their DNS forwarding “resources” stable? Last I heard it was in beta only … if I can eliminate one more piece of software that I have to admin and maintain, that’d be great.
I tested pangolin to replace wireguard on my VPS but the problem with pangolin is that is not designed to allow external devices like a mobiles is more about to connect sites.
Tried netbird and is a great piece of software tons of options and with the new added reverse proxy is the perfect replacement for wireguard my only turn down was that exposing services unlike pangolin that let you have link like service1.domain.com in netbird is service1.proxy.example.com.
I use both. Pangolin for anything that absolutely requires an external connection, netbird for internal.
Thats an interesting limitation, so netbird has to use the “site” as part of the URL for resources? can you pick the name? or is it dynamicaly generated?
Yes, you can pick the name.
This is interesting. I’m excited to hear more about NetBird.
if you’re only hosting Immich for yourself, it might be better to look into setting up internal VPN only access to it for remote connection.
Netbird is an relay VPN at heart. The machines you connect called “peers” communicate with eachother like it’s one network. I could access my servers from anywhere else and it would connect provided I have the client on and connected.
When you register a peer by installing the client, the device gets a NetBird IP and domain that other peers in the network can access. The communication between the peers is end to end encrypted and if you access them with the provided Netbird IP or domain via HTTP, the packets in wireshark can not be read. From my testing it seems to be quite good.
The reverse proxy service feature is the way you can make something openly accessable without the end user needing to install a client. You specify the protocol, destination and port and you are set. The only downside is you need two domains, one for management and the other for proxying. You also need to set CNAME records right for the SSL certs to work.
My friend who has little self hosting experience was able to quickly get his Jellyfin up within a few minutes. NetBird deals with the cert for you in the background when you make the service. After a few seconds, the service is live and accessable
Is it identical to Tailscale?
Sounds like those solutions.
Essentially a reverse proxy and vpn client.
Deflect is also a good alternative. It’s based in Montreal, Quebec. It’s what a lot of Canadian instances in the fediverse are moving too (see here).
I love to hear about a Canadian alternative.
Detect is way too expensive because of the amount of unique visitors you get. When you federate and post, you’ll see your unique visitors climb fast.
Lemmy.ca gets it free I think because they are a non profit and deflect is being generous.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
8 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #143 for this comm, first seen 7th Mar 2026, 07:40] [FAQ] [Full list] [Contact] [Source code]
I am currently using Traefik with rathole to expose services which do not have a public available port. It seems netbird has a nice gui, but is not able Todo advanced reverse prox configs based on path, headers, etc…
I’m an oldhead on hosting. I have an semi-old server running in a cabinet in my office space at home, which runs an nginx reverse proxy. My DNS records are maintained on the side of the webhost where I have my domain (and email inbox) registered. These records point directly to my WAN IP, so a lookup of my domain would instantly show my public IP.
I host a couple of services on that server, some for myself, some for friends. One of them is a Jellyfin instance.
I’m a bit lost in the technobabble, would Netbird help me hide my IP from a lookup, and solve things like DDoS protection / AI scraping, without me needing all kinds of wireguard apps etc?
I know its superficial, but I find it important that when I’m visiting my dad’s, I can watch a film on the Chromecast from my server, so putting a vpn in front of that would mean to screw with that.
I don’t think so in your case. From their docs these features are only available for self hosted instances, so you’d have to host Traefik instead of Nginx and end up with a similar config as your current one.
Netbird/Tailscale are at their heart private LAN that you control that routes over the internet. They have some features on top to make DNS/TLS/Services/Tunneling easier. OP is using a service to allow external access to a host on their LAN.
If you wanted to hide your home IP you could either use something like Defelct or Cloudflare as a reverse proxy, or host your own reverse proxy on a cloud provider (either Nginx like you currently are, or Netbird’s reverse proxy UI) and proxy it back to your local server over something like Netbird/Tailscale.
DDOS/Scraping protection would depend on the method you choose.
lmao
<img alt="" src="https://lemmy.fedioasis.cc/pictrs/image/2040f130-08e0-44a2-ae7d-5032a0cbe494.webp">