Figured I’d give Netbird a go, glad I did because I can self host extremely easily by using the new services feature.
You specify a subdomain, point to a peer, specify a protocol and port, and you are good. NetBird fetches you the certificate and your site goes live fast.
I can use my Immich with my mobile data now.
You must log in or # to comment.
I am currently using Traefik with rathole to expose services which do not have a public available port. It seems netbird has a nice gui, but is not able Todo advanced reverse prox configs based on path, headers, etc…
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol SSL Secure Sockets Layer, for transparent encryption VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
6 acronyms in this thread; the most compressed thread commented on today has 17 acronyms.
[Thread #143 for this comm, first seen 7th Mar 2026, 07:40] [FAQ] [Full list] [Contact] [Source code]
I love to hear about a Canadian alternative.
I’ve been using Pangolin since it came out … to make my services available without opening ports, but I also use Netbird for VPN access.
Is their DNS forwarding “resources” stable? Last I heard it was in beta only … if I can eliminate one more piece of software that I have to admin and maintain, that’d be great.
I tested pangolin to replace wireguard on my VPS but the problem with pangolin is that is not designed to allow external devices like a mobiles is more about to connect sites.
Tried netbird and is a great piece of software tons of options and with the new added reverse proxy is the perfect replacement for wireguard my only turn down was that exposing services unlike pangolin that let you have link like service1.domain.com in netbird is service1.proxy.example.com.
Where is this hosted? What jurisdiction is netbird in?
Netbird is a European company headquartered in Berlin. It’s fully FOSS and you can self-host the entire stack, unlike Tailscale which relies on a third party implementation.
There’s a script on their github that makes setup super easy.
That said, I’ve no idea where their servers are, if you opt to use their servers instead of hosting your own.
Edit: oh yeah, they also have a YouTube channel with updates and guides.
It seems similar in purpose to pangolin, how do they differ?
Had the same question since I am running pangolin
https://netbird.io/knowledge-hub/netbird-vs-pangolin
Network architecture
What’s the advantage of this over cloudflare and a reverse proxy? It does the certificate management for you as well?
Not routing all your unencrypted traffic through a company located in an dictatorship
So? It’s just a reverse proxy?
Then it doesnt solve the purpose of Cloudflare which also has WAF.
And that can (for example) be done with CrowdSec.
Crowdsec is OSS, but probably not fully autonomous because it needs the hivemind to really work it’s intended purpose.
Other than that it’s a fancy fail2ban.Thus I need to ask: What does Netbird better?
Independence since no cloud flare
Streamlining mostly.
I’ve been looking at this. I’m currently hosting headacale which is super easy and nice. I might give this a try I just need to get over the hurdle of adapting this to work with podman like I have with headscale. Anybody else running this via podman quadlets?
This is interesting. I’m excited to hear more about NetBird.
if you’re only hosting Immich for yourself, it might be better to look into setting up internal VPN only access to it for remote connection.
Netbird is an relay VPN at heart. The machines you connect called “peers” communicate with eachother like it’s one network. I could access my servers from anywhere else and it would connect provided I have the client on and connected.
When you register a peer by installing the client, the device gets a NetBird IP and domain that other peers in the network can access. The communication between the peers is end to end encrypted and if you access them with the provided Netbird IP or domain via HTTP, the packets in wireshark can not be read. From my testing it seems to be quite good.
The reverse proxy service feature is the way you can make something openly accessable without the end user needing to install a client. You specify the protocol, destination and port and you are set. The only downside is you need two domains, one for management and the other for proxying. You also need to set CNAME records right for the SSL certs to work.
My friend who has little self hosting experience was able to quickly get his Jellyfin up within a few minutes. NetBird deals with the cert for you in the background when you make the service. After a few seconds, the service is live and accessable
Is it identical to Tailscale?
Sounds like those solutions.
Essentially a reverse proxy and vpn client.
Replaced a self hosted Wireguard/OVPN setup that was used to navigate corporate/public networks with Netbird a few months ago and haven’t looked back. Never having hosted Tailscale, I am impressed with the flexibility and routing an overlay VPN offers, particularly with Netbird’s management UI. The project itself seems well maintained and the team regularly adds new features, many of which I have not bothered to explore yet.
Give it a go I say.It’s great. And I hope it will last as it is as long as possible.
Shout-out for pangolin. Betbird looks interesting too!
I just looked it up and pangolin is based in the us. Since it’s selfhosted the impact is little but if a government turns bad (and theirs has) it poses a risk. Even if it’s open source I don’t read the code and verify every update. Hmm
I applied to work for them. Insta-rejected :/
Must be amazing
I really wanted to keep it after deciding to switch from Tailscale, but it’s mobile app is draining my phone’s battery. It also disconnects without automatically reconnect. Now, I’m in the process of setting OpenZiti up.
How’s your experience with NetBird’s mobile app?
just curious, why move away from tailscale?
Because the main reason I’m self-hosting is to have control over my data. This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers. Besides that, they’re on the Enshitification road, which made me to search for 100% self-hosted alternatives. And yes, I’m going for EU based companies when it’s a viable option.
You can self host the Tailscale server via Headscale.
This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers
You gave away your metadata getting on the internet today. I like controlling my data as well, however I realize that certain compromises just have to be made in order to continue to live in a global, civilized, society.
While I agree with You that there is always a compromise regarding privacy and participation. But you can always take steps to reduce that delta between reality and ideal by optimizing things.
Most likely three causes: U, S and A.
Didn’t downvote you, and I get what you are saying, but in another way I don’t. What makes every other country safer? Nothing that would happen here in the USA couldn’t happen or is happening in any other country. Oh, and this has nothing to do with people trash talking the US. I do it every day I’m awake. However, for those who go with this line of thought, I honestly want to know what you think Tailscale is going to do with your encrypted traffic? Because the day the world finds out that America has cracked strong ciphers, is the day you are going to see a lot of panic and movement on this planet. And I would certainly love to make that announcement. It’ll be my going out 15 minutes of fame.
A lot of people are boycotting as many things from the U.S. as they can because of the warmongering paedophile, and his cadre of paedo crooks.
It’s not exactly exciting to buy into products when you have that stinky orange mess breathing down your neck about how he’s going to invade your continent and annex countries.
I am one of them. I am from Italy and simply do not want to support any US-based company any more, independently from their own stance on anything.
It’s not exactly exciting to buy into products when you have that stinky orange mess breathing down your neck about how he’s going to invade your continent and annex countries.
He does like to spread fear and doubt. That’s one of his specialties. Yeah, countries enshitify too. LOL I can understand the sentiment you just expressed rather than the standard ‘Tailscale metadata’. But if you want to take care of stinky orange man, you and your country will have to stand up to him. I’m doing the best I can from this end. LOL
Absolutely necessary to do more than voting with your wallet. Fascism is on the rise everywhere and we as societies need to actively engage with it and provide working alternative structures to prevent people to be drawn towards it.
