netbird
netbird copied to clipboard
Request failed with status code 401. Please refresh the page if the issue continues. token invalid
Using authentik as auth provider. and Traefik as the reverse proxy.
These lines appear in the management logs:
2024-03-02T18:37:27Z ERRO management/server/http/util/util.go:80: got a handler error: token invalid
2024-03-02T18:37:27Z ERRO management/server/telemetry/http_api_metrics.go:181: HTTP response 2291633713: GET /api/users status 401
2024-03-02T18:37:27Z INFO management/server/account.go:1590: overriding JWT Domain and DomainCategory claims since single account mode is enabled
2024-03-02T18:37:27Z ERRO management/server/http/middleware/auth_middleware.go:88: Error when validating JWT claims: unable to get authentik token, statusCode 400
I have a red box with a warning message
Request failed with status code 401. Please refresh the page if the issue continues.
token invalid
management.json
{
"Stuns": [
{
"Proto": "udp",
"URI": "stun:netbird.example.co.uk:3478",
"Username": "",
"Password": ""
}
],
"TURNConfig": {
"TimeBasedCredentials": false,
"CredentialsTTL": "12h0m0s",
"Secret": "secret",
"Turns": [
{
"Proto": "udp",
"URI": "turn:netbird.example.co.uk:3478",
"Username": "self",
"Password": "xxxx"
}
]
},
"Signal": {
"Proto": "http",
"URI": "netbird.example.co.uk:10000",
"Username": "",
"Password": ""
},
"Datadir": "/var/lib/netbird/",
"DataStoreEncryptionKey": "H9HtkneUWN6/KdVlnOBo+9MtqHz9BliKx0Kuc3KbJJc=",
"HttpConfig": {
"LetsEncryptDomain": "",
"AuthAudience": "xxxx",
"AuthIssuer": "https://authentik.example.co.uk/application/o/netbird/",
"AuthUserIDClaim": "",
"AuthKeysLocation": "https://authentik.example.co.uk/application/o/netbird/jwks/",
"OIDCConfigEndpoint": "https://authentik.example.co.uk/application/o/netbird/.well-known/openid-configuration",
"IdpSignKeyRefreshEnabled": true
},
"IdpManagerConfig": {
"ManagerType": "authentik",
"ClientConfig": {
"Issuer": "https://authentik.example.co.uk/application/o/netbird",
"TokenEndpoint": "https://authentik.example.co.uk/application/o/token/",
"ClientID": "xxxx",
"ClientSecret": "",
"GrantType": "client_credentials"
},
"ExtraConfig": {
"Password": "xxxxx",
"Username": "Netbird"
},
"Auth0ClientCredentials": null,
"AzureClientCredentials": null,
"KeycloakClientCredentials": null,
"ZitadelClientCredentials": null
},
"DeviceAuthorizationFlow": {
"Provider": "hosted",
"ProviderConfig": {
"ClientID": "xxxx",
"ClientSecret": "",
"Domain": "authentik.example.co.uk",
"Audience": "xxxx",
"TokenEndpoint": "https://authentik.example.co.uk/application/o/token/",
"DeviceAuthEndpoint": "https://authentik.example.co.uk/application/o/device/",
"AuthorizationEndpoint": "",
"Scope": "openid",
"UseIDToken": false,
"RedirectURLs": null
}
},
"PKCEAuthorizationFlow": {
"ProviderConfig": {
"ClientID": "xxxx",
"ClientSecret": "",
"Domain": "",
"Audience": "xxxx",
"TokenEndpoint": "https://authentik.example.co.uk/application/o/token/",
"DeviceAuthEndpoint": "",
"AuthorizationEndpoint": "https://authentik.example.co.uk/application/o/authorize/",
"Scope": "openid profile email offline_access api groups",
"UseIDToken": false,
"RedirectURLs": [
"http://localhost:53000"
]
}
},
"StoreConfig": {
"Engine": "sqlite"
},
"ReverseProxy": {
"TrustedHTTPProxies": null,
"TrustedHTTPProxiesCount": 0,
"TrustedPeers": null
}
}
Compose file
version: "3"
services:
#UI dashboard
dashboard:
image: wiretrustee/dashboard:latest
restart: unless-stopped
#ports:
# - 80:80
# - 443:443
environment:
# Endpoints
- NETBIRD_MGMT_API_ENDPOINT=https://netbird.example.co.uk:443
- NETBIRD_MGMT_GRPC_API_ENDPOINT=https://netbird.example.co.uk:443
# OIDC
- AUTH_AUDIENCE=xxxxx
- AUTH_CLIENT_ID=xxxxx
- AUTH_CLIENT_SECRET=
- AUTH_AUTHORITY=https://authentik.example.co.uk/application/o/netbird/
- USE_AUTH0=false
- AUTH_SUPPORTED_SCOPES=openid profile email offline_access api
- AUTH_REDIRECT_URI=
- AUTH_SILENT_REDIRECT_URI=
- NETBIRD_TOKEN_SOURCE=accessToken
labels:
- traefik.enable=true
- traefik.http.routers.netbird-dashboard.rule=Host(`netbird.example.co.uk`)
- traefik.http.services.netbird-dashboard.loadbalancer.server.port=80
# Signal
signal:
image: netbirdio/signal:latest
restart: unless-stopped
volumes:
- /mnt/user/appdata/netbird/signal:/var/lib/netbird
labels:
- traefik.enable=true
- traefik.http.routers.netbird-signal.rule=Host(`netbird.example.co.uk`) && PathPrefix(`/signalexchange.SignalExchange/`)
- traefik.http.services.netbird-signal.loadbalancer.server.port=80
- traefik.http.services.netbird-signal.loadbalancer.server.scheme=h2c
# Management
management:
image: netbirdio/management:latest
restart: unless-stopped
depends_on:
- dashboard
volumes:
- /mnt/user/appdata/netbird/management:/var/lib/netbird
- /mnt/user/appdata/netbird/management/management.json:/etc/netbird/management.json
command: [
"--port", "443",
"--log-file", "console",
"--disable-anonymous-metrics=false",
"--single-account-mode-domain=netbird.example.co.uk",
"--dns-domain=netbird.selfhosted"
]
labels:
- traefik.enable=true
- traefik.http.routers.netbird-api.rule=Host(`netbird.example.co.uk`) && PathPrefix(`/api`)
- traefik.http.routers.netbird-api.service=netbird-api
- traefik.http.services.netbird-api.loadbalancer.server.port=443
- traefik.http.routers.netbird-management.rule=Host(`netbird.example.co.uk`) && PathPrefix(`/management.ManagementService/`)
- traefik.http.routers.netbird-management.service=netbird-management
- traefik.http.services.netbird-management.loadbalancer.server.port=443
- traefik.http.services.netbird-management.loadbalancer.server.scheme=h2c
# Coturn
coturn:
image: coturn/coturn:latest
restart: unless-stopped
domainname: netbird.example.co.uk
volumes:
- ./turnserver.conf:/etc/turnserver.conf:ro
# - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
# - ./cert.pem:/etc/coturn/certs/cert.pem:ro
network_mode: host
command:
- -c /etc/turnserver.conf