I know about Netbird (Tomz has great videos about it), and I know a little about Traefik and self-signed certificates. An amazing video about Traefik with local self-signed certificates was made by Techno Tim a while back.
I was wondering if it is possible to combine Techno Tim’s Traefik/self signed certificate setup with Netbird. Does Netbird allow me to configure DNS records that can be resolved to my server address?
If you watched the video, the question might be clearer: Can I replace Techno Tim’s use of Pi Hole with Netbird so that I can combine it?
Does anyone have such a setup? I would like to know more about it. Thanks in advance!
Have you tested for the purpose of self-signed certificates?
So if I set up self-signed certificates with Treafik and point Netbird’s local DNS to Treafik, which in turn points to different systems/VMs on my server, everything should work?
As long as the DNS properly resolves the proper name the browser will send that Server Name Indication to the reverse proxy and serve up the certificate.
Okay, that sounds very interesting. You might even want to make a video about it. Just think how amazing this is for homelab people. Unlimited Netbird users (self-hosted, just a $5 VPS) and then locally signed certificates. I like Tailscale, but the pricing model is not something I can’t afford for just homelab “fun” stuff. It is not that I make money with my homelab.
The only thing I am not yet happy with Netbird is that there is no option like Tailscale Lock (advanced node signing to remove further trust from the control server) and a BSD client is still missing (and with it a pfSense plugin). But the BSD client seems to be on the way, the GitHub issue is going well.
I am considering running all my homelab applications in different isolated Proxmox VMs. Like one VM for personal stuff, one for Linux ISO consumption, one for work, etc. Where would you run Traefik?
I am considering installing Traefik in the personal VM because that is where most of my Docker containers would run and with Traefik in the same VM, integration is much easier due to its labeling feature. Also, the personal VM would be quite trustworthy since it would only run my personal stuff like password manager, image backup, etc.
The alternative would be a VM for Traefik only. With a dedicated Traefik VM I could shut down my personal VM without affecting my other VMs.
To check the Netbird setup again after explaining the VM structure: You would say that using Netbird’s local DNS on my phone/laptop is able to resolve the Traefik VM so that my client can connect there via Netbird? Then Traefik would resolve the IP address of my other VM and bounce me there? Or would I have to install Netbird in all VMs and Traefik would not redirect me there, but just tell me the VM address so that my client would then create a new Netbird connection directly to that VM?
I run HAProxy on pfsense and then I use Tailscale to redirect DNS requests for internal domains to HAProxy for those services. The same could be done with Traefik and Netbird.