Home

Figured I’d give Netbird a go, glad I did because I can self host extremely easily by using the new services feature.

You specify a subdomain, point to a peer, specify a protocol and port, and you are good. NetBird fetches you the certificate and your site goes live fast.

I can use my Immich with my mobile data now.

https://lemmy.fedioasis.cc/pictrs/image/6af03fdb-3e87-421b-8830-6c27972d3172.webp

Shout-out for pangolin. Betbird looks interesting too!

It’s great. And I hope it will last as it is as long as possible.

I applied to work for them. Insta-rejected :/

Must be amazing

Where is this hosted? What jurisdiction is netbird in?

I really wanted to keep it after deciding to switch from Tailscale, but it’s mobile app is draining my phone’s battery. It also disconnects without automatically reconnect. Now, I’m in the process of setting OpenZiti up.

How’s your experience with NetBird’s mobile app?

just curious, why move away from tailscale?

Most likely three causes: U, S and A.

What’s the advantage of this over cloudflare and a reverse proxy? It does the certificate management for you as well?

Didn’t downvote you, and I get what you are saying, but in another way I don’t. What makes every other country safer? Nothing that would happen here in the USA couldn’t happen or is happening in any other country. Oh, and this has nothing to do with people trash talking the US. I do it every day I’m awake. However, for those who go with this line of thought, I honestly want to know what you think Tailscale is going to do with your encrypted traffic? Because the day the world finds out that America has cracked strong ciphers, is the day you are going to see a lot of panic and movement on this planet. And I would certainly love to make that announcement. It’ll be my going out 15 minutes of fame.

Because the main reason I’m self-hosting is to have control over my data. This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers. Besides that, they’re on the Enshitification road, which made me to search for 100% self-hosted alternatives. And yes, I’m going for EU based companies when it’s a viable option.

Replaced a self hosted Wireguard/OVPN setup that was used to navigate corporate/public networks with Netbird a few months ago and haven’t looked back. Never having hosted Tailscale, I am impressed with the flexibility and routing an overlay VPN offers, particularly with Netbird’s management UI. The project itself seems well maintained and the team regularly adds new features, many of which I have not bothered to explore yet.
Give it a go I say.

This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers

You gave away your metadata getting on the internet today. I like controlling my data as well, however I realize that certain compromises just have to be made in order to continue to live in a global, civilized, society.

Netbird is a European company headquartered in Berlin. It’s fully FOSS and you can self-host the entire stack, unlike Tailscale which relies on a third party implementation.

There’s a script on their github that makes setup super easy.

That said, I’ve no idea where their servers are, if you opt to use their servers instead of hosting your own.

A lot of people are boycotting as many things from the U.S. as they can because of the warmongering paedophile, and his cadre of paedophiles.

It’s not exactly exciting to buy into products when you have that stinky orange mess breathing down your neck about how he’s going to invade your continent and annex countries.

It’s not exactly exciting to buy into products when you have that stinky orange mess breathing down your neck about how he’s going to invade your continent and annex countries.

He does like to spread fear and doubt. That’s one of his specialties. Yeah, countries enshitify too. LOL I can understand the sentiment you just expressed rather than the standard ‘Tailscale metadata’. But if you want to take care of stinky orange man, you and your country will have to stand up to him. I’m doing the best I can from this end. LOL

Streamlining mostly.

You can self host the Tailscale server via Headscale.

I’ve been looking at this. I’m currently hosting headacale which is super easy and nice. I might five this a try I just need to get over the hurdle of adapting this to work with podman like I have with headscale.

I’ve been using Pangolin since it came out … to make my services available without opening ports, but I also use Netbird for VPN access.

Is their DNS forwarding “resources” stable? Last I heard it was in beta only … if I can eliminate one more piece of software that I have to admin and maintain, that’d be great.

This is interesting. I’m excited to hear more about NetBird.

if you’re only hosting Immich for yourself, it might be better to look into setting up internal VPN only access to it for remote connection.

It seems similar in purpose to pangolin, how do they differ?

Had the same question since I am running pangolin

https://netbird.io/knowledge-hub/netbird-vs-pangolin

Network architecture

Independence since no cloud flare

I just looked it up and pangolin is based in the us. Since it’s selfhosted the impact is little but if a government turns bad (and theirs has) it poses a risk. Even if it’s open source I don’t read the code and verify every update. Hmm

While I agree with You that there is always a compromise regarding privacy and participation. But you can always take steps to reduce that delta between reality and ideal by optimizing things.

Absolutely necessary to do more than voting with your wallet. Fascism is on the rise everywhere and we as societies need to actively engage with it and provide working alternative structures to prevent people to be drawn towards it.

I tested pangolin to replace wireguard on my VPS but the problem with pangolin is that is not designed to allow external devices like a mobiles is more about to connect sites.

Tried netbird and is a great piece of software tons of options and with the new added reverse proxy is the perfect replacement for wireguard my only turn down was that exposing services unlike pangolin that let you have link like service1.domain.com in netbird is service1.proxy.example.com.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #143 for this comm, first seen 7th Mar 2026, 07:40] [FAQ] [Full list] [Contact] [Source code]

Netbird is a proxy VPN at heart. The machines you connect called “peers” communicate with eachother like it’s one network. I could access my servers from anywhere else and it would connect provided I have the client on and connected.

When you register a peer by installing the client, the device gets a NetBird IP and domain that other peers in the network can access. The communication between the peers is end to end encrypted and if you access them with the provided Netbird IP or domain via HTTP, the packets in wireshark can not be read. From my testing it seems to be quite good.

The reverse proxy service feature is the way you can make something openly accessable without the end user needing to install a client. You specify the protocol, destination and port and you are set. The only downside is you need two domains, one for management and the other for proxying. You also need to set CNAME records right for the SSL certs to work.

My friend who has little self hosting experience was able to quickly get his Jellyfin up within a few minutes. NetBird deals with the cert for you in the background when you make the service. After a few seconds, the service is live and accessable

Not routing all your unencrypted traffic through a company located in an dictatorship

Is it identical to Tailscale?

I am one of them. I am from Italy and simply do not want to support any US-based company any more, independently from their own stance on anything.

I am currently using Traefik with rathole to expose services which do not have a public available port. It seems netbird has a nice gui, but is not able Todo advanced reverse prox configs based on path, headers, etc…

So? It’s just a reverse proxy?

Then it doesnt solve the purpose of Cloudflare which also has WAF.
And that can (for example) be done with CrowdSec.
Crowdsec is OSS, but probably not fully autonomous because it needs the hivemind to really work it’s intended purpose.
Other than that it’s a fancy fail2ban.

Thus I need to ask: What does Netbird better?

Sounds like those solutions.
Essentially a reverse proxy and vpn client.

I use both. Pangolin for anything that absolutely requires an external connection, netbird for internal.

Never used Pangolin, so I’ve no idea. Sorry.

Aye, same. I’m Swedish. Not thrilled about the U.S. threatening to invade Greenland, or kidnapping heads of state. Denmark has been sucking up to the U.S. a lot through the years which goes to show that you can’t trust the U.S., ever.

Yeah, and looking at the history, unfortunately the end game is always violence. But we are nowhere near that yet, so sadly things are going to go where they are going for a while still.

I’m an oldhead on hosting. I have an semi-old server running in a cabinet in my office space at home, which runs an nginx reverse proxy. My DNS records are maintained on the side of the webhost where I have my domain (and email inbox) registered. These records point directly to my WAN IP, so a lookup of my domain would instantly show my public IP.

I host a couple of services on that server, some for myself, some for friends. One of them is a Jellyfin instance.

I’m a bit lost in the technobabble, would Netbird help me hide my IP from a lookup, and solve things like DDoS protection / AI scraping, without me needing all kinds of wireguard apps etc?

I know its superficial, but I find it important that when I’m visiting my dad’s, I can watch a film on the Chromecast from my server, so putting a vpn in front of that would mean to screw with that.

You are comparing something that could happen, to something that is already happening, though. Of course people will take stance.

Thats an interesting limitation, so netbird has to use the “site” as part of the URL for resources? can you pick the name? or is it dynamicaly generated?

Yes, you can pick the name.

lmao

https://lemmy.fedioasis.cc/pictrs/image/2040f130-08e0-44a2-ae7d-5032a0cbe494.webp

I don’t think so in your case. From their docs these features are only available for self hosted instances, so you’d have to host Traefik instead of Nginx and end up with a similar config as your current one.

If you wanted to hide your home IP you could either use something like Defelct or Cloudflare as a reverse proxy, or host your own reverse proxy on a cloud provider (either Nginx like you currently are, or Netbird’s reverse proxy UI) and proxy it back to your local server over something like Netbird/Tailscale.

DDOS/Scraping protection would depend on the method you choose.