${{ content_synopsis }} This image will run netbird from a single image (not multiple) rootless and distroless for more security. Due to the nature of a single image and not multiple, you see in the compose.yml example that an entrypoint: has been defined for each service. This image also needs some environment variables present in your .env file. This image's defaults (management.json) as well as the example .env are to be used with Keycloak as your IdP and Traefik as your reverse proxy. You can however provide your own management.json file and use any IdP you like and use a different reverse proxy.
The init binary management will replace all variables in the format ${VARIABLE} with all environment variables present in the service.
${{ content_uvp }} Good question! Because ...
If you value security, simplicity and optimizations to the extreme, then this image might be for you.
${{ content_comparison }}
${{ title_volumes }}
- ${{ json_root }}/etc - Directory of your management.json config
- ${{ json_root }}/var - Directory of dynamic data from different init systems (relay, signal, management)
# postgres settings
POSTGRES_PASSWORD=netbird
# netbird settings
NETBIRD_RELAY_SECRET=eHAzbWY5NHBRNmwzc1RTcQ==
NETBIRD_DATASTORE_ENCRYPTION_KEY=eHAzbWY5NHBRNmwzc1RTcUNOMzRBcnhSajhsbUxsbWc=
NETBIRD_FQDN=netbird.domain.com
# Keycloak settings
KEYCLOAK_FQDN=keycloak.domain.com
KEYCLOAK_REALM=netbird
KEYCLOAK_CLIENT_SECRET=wDMyEH0vIeUL0QGXtHyKIYw4D3gnJl7D
# STUN/TURN configuration
STUN_FQDN_AND_PORT=turn.domain.com:5349
TURN_FQDN_AND_PORT=turn.domain.com:5349
TURN_SECRET=Ywmpd2lvg9FYsbecfbgLI8uJaHO0DfX9${{ content_compose }}
${{ content_defaults }}
${{ content_environment }}
${{ content_source }}
${{ content_parent }}
${{ content_built }}
${{ content_tips }}