Posted 5 days ago by Vanessa

Netbird is a modern, open-source VPN solution that simplifies secure networking between devices. Unlike traditional VPN setups, Netbird creates peer-to-peer connections using WireGuard under the hood, making it faster and more efficient. In this guide, we’ll walk through setting up Netbird on a Ramnode VPS running Ubuntu 24.04 or higher.

Why Netbird on Ramnode?

Ramnode offers reliable, affordable VPS hosting with excellent performance characteristics that make it ideal for running network infrastructure like Netbird. Their Ubuntu 24+ images come with modern kernel support that works seamlessly with WireGuard and Netbird’s requirements.

Prerequisites

Before we begin, ensure you have:

  • A Ramnode VPS with Ubuntu 24.04 or higher
  • Root or sudo access to your VPS
  • A domain name (optional but recommended for easier management)
  • Basic familiarity with Linux command line

Initial VPS Setup

First, connect to your Ramnode VPS via SSH:

ssh root@your-vps-ip

Update your system packages:

apt update && apt upgrade -y

Install essential packages:

apt install -y curl wget gnupg lsb-release software-properties-common ufw

Configure Firewall

Set up UFW (Uncomplicated Firewall) to secure your VPS:

# Enable UFW
ufw --force enable

# Allow SSH (adjust port if you've changed it)
ufw allow 22/tcp

# Allow Netbird's default ports
ufw allow 33073/udp  # Management service
ufw allow 51820/udp  # WireGuard (if using relay)
ufw allow 80/tcp     # HTTP (for Let's Encrypt)
ufw allow 443/tcp    # HTTPS

# Check firewall status
ufw status verbose

Install Docker and Docker Compose

Netbird runs best in containers, so we’ll use Docker:

# Add Docker's official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

# Add Docker repository
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

# Update package index
apt update

# Install Docker
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Start and enable Docker
systemctl start docker
systemctl enable docker

# Add current user to docker group (if not root)
usermod -aG docker $USER

Set Up Domain (Optional but Recommended)

If you have a domain, point it to your VPS IP address:

# Example DNS records to create:
# A record: netbird.yourdomain.com -> YOUR_VPS_IP
# A record: signal.yourdomain.com -> YOUR_VPS_IP  
# A record: management.yourdomain.com -> YOUR_VPS_IP

Download and Configure Netbird

Create a directory for Netbird:

mkdir -p /opt/netbird
cd /opt/netbird

Download the Netbird infrastructure setup:

# Download the latest docker-compose file
curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/docker-compose.yml.tmpl -o docker-compose.yml.tmpl

# Download the setup script
curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/setup.sh -o setup.sh
chmod +x setup.sh

Configure Environment Variables

Create the environment configuration:

# Run the setup script
./setup.sh

# Or manually create .env file if you prefer custom configuration
cat > .env << EOF
NETBIRD_DOMAIN=your-domain.com
NETBIRD_MGMT_API_ENDPOINT=https://management.your-domain.com
NETBIRD_MGMT_GRPC_API_ENDPOINT=https://management.your-domain.com
NETBIRD_SIGNAL_ENDPOINT=https://signal.your-domain.com

# If you don't have a domain, use your VPS IP:
# NETBIRD_DOMAIN=YOUR_VPS_IP
# NETBIRD_MGMT_API_ENDPOINT=https://YOUR_VPS_IP:443
# NETBIRD_MGMT_GRPC_API_ENDPOINT=https://YOUR_VPS_IP:443  
# NETBIRD_SIGNAL_ENDPOINT=https://YOUR_VPS_IP:10000

# Authentication (you can change this later)
NETBIRD_AUTH_OIDC_AUDIENCE=netbird
NETBIRD_AUTH_AUDIENCE=netbird

# Generate a random JWT token
NETBIRD_IDP_MGMT_CLIENT_SECRET=$(openssl rand -base64 32)
NETBIRD_MGMT_IDP_MGMTENDPOINT=https://management.your-domain.com

# SSL Configuration
NETBIRD_LETSENCRYPT_EMAIL=your-email@domain.com
LETSENCRYPT_EMAIL=your-email@domain.com
EOF

Start Netbird Services

Launch the Netbird infrastructure:

# Generate the final docker-compose.yml from template
envsubst < docker-compose.yml.tmpl > docker-compose.yml

# Start all services
docker compose up -d

# Check service status
docker compose ps

# View logs if needed
docker compose logs -f

Verify Installation

Check that all services are running:

# Check container status
docker compose ps

# Test management API (replace with your domain/IP)
curl -k https://management.your-domain.com/api/status

# Check signal server
curl -k https://signal.your-domain.com/

Access Netbird Dashboard

Open your web browser and navigate to:

  • https://management.your-domain.com (or https://YOUR_VPS_IP if using IP)

You should see the Netbird management interface where you can:

  • Create your first account
  • Add devices to your network
  • Configure access policies
  • Monitor connected peers

Connect Your First Device

To connect a device to your Netbird network:

  1. Download the Netbird client for your operating system from the official website
  2. Install and run the client
  3. Use the management URL to authenticate and join your network

For Linux clients:

# Install Netbird client
curl -fsSL https://pkgs.netbird.io/install.sh | sh

# Login to your instance
netbird login --management-url https://management.your-domain.com

# Check status
netbird status

Troubleshooting Common Issues

Port Conflicts

If you encounter port conflicts, check what’s using the ports:

netstat -tulpn | grep :443
netstat -tulpn | grep :33073

SSL Certificate Issues

If Let’s Encrypt certificates fail:

# Check logs
docker compose logs caddy

# Ensure your domain points to the VPS IP
dig management.your-domain.com

Container Startup Problems

# Restart all services
docker compose down
docker compose up -d

# Check individual service logs
docker compose logs management
docker compose logs signal

Security Considerations

  1. Regular Updates: Keep your system and Docker images updated
  2. Firewall Rules: Only open necessary ports
  3. SSL Certificates: Always use HTTPS in production
  4. Access Control: Configure proper access policies in Netbird
  5. Monitoring: Set up log monitoring for security events

Performance Optimization for Ramnode

Ramnode VPS instances perform well with Netbird, but consider these optimizations:

# Increase file descriptor limits
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf

# Optimize network settings for better performance
echo 'net.core.default_qdisc=fq' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_congestion_control=bbr' >> /etc/sysctl.conf
sysctl -p

Maintenance and Monitoring

Set up a simple monitoring script:

cat > /opt/netbird/health-check.sh << 'EOF'
#!/bin/bash
cd /opt/netbird

# Check if containers are running
if ! docker compose ps | grep -q "Up"; then
    echo "$(date): Some Netbird containers are down" >> /var/log/netbird-health.log
    docker compose up -d
fi

# Check disk space
if [ $(df / | awk 'NR==2{print $5}' | sed 's/%//') -gt 85 ]; then
    echo "$(date): Disk space is running low" >> /var/log/netbird-health.log
fi
EOF

chmod +x /opt/netbird/health-check.sh

# Add to crontab for regular checks
echo "*/5 * * * * /opt/netbird/health-check.sh" | crontab -

Conclusion

You now have a fully functional Netbird instance running on your Ramnode VPS with Ubuntu 24+. This setup provides you with a secure, self-hosted VPN solution that you can use to connect all your devices securely. The peer-to-peer nature of Netbird means that once devices authenticate, they can communicate directly without routing all traffic through your VPS, making it both efficient and cost-effective.

Remember to regularly update your system and monitor the health of your Netbird instance. With proper maintenance, this setup will provide reliable secure networking for all your devices.

For additional configuration options and advanced features, consult the official Netbird documentation at https://docs.netbird.io/.