sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 07:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Quick Fixes and Docker Rootless (#572)

Browse Source
This commit is contained in:
Brandon Hopkins
2026-01-23 14:00:30 -08:00
committed by GitHub
parent f12b83dabe
commit 6db8d0e162
1 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/pages/get-started/install/docker.mdx
View File

@@ -23,7 +23,7 @@ See [Docker example](/use-cases/examples#net-bird-client-in-docker) for details.
### Troubleshooting
1. If you are using self-hosted version and haven't specified `--management-url`, the client app will use the default URL
which is ```https://api.wiretrustee.com:33073```.
which is ```https://api.netbird.io:443```.
2. If you have specified a wrong `--management-url` (e.g., just by mistake when self-hosting)
to override it you can do the following:
@@ -39,8 +39,8 @@ To override it see the solution #1 above.
If you prefer to run NetBird as a Docker compose stack below is an example. Configure to your specific needs.
```yaml
services:
netbird:
container_name: netbird
netbird-client:
container_name: netbird-client
hostname: <HOSTNAME>
cap_add:
- NET_ADMIN
@@ -66,9 +66,8 @@ In case you are activating a server peer, you can use a [setup key](/manage/peer
```bash
docker run --network host --privileged --rm -d -e NB_SETUP_KEY=<SETUP KEY> -v netbird-client:/var/lib/netbird netbirdio/netbird:<TAG>
```
> TAG > 0.6.0 version
> You could also omit the `--setup-key` property. In this case, the tool will prompt for the key.
You could also omit the `--setup-key` property. In this case, the tool will prompt for the key.
2. Check connection status:
```bash
@@ -80,3 +79,16 @@ docker run --network host --privileged --rm -d -e NB_SETUP_KEY=<SETUP KEY> -v ne
````bash
sudo ifconfig utun100
````
## Rootless Image
In come cases you may want to run our [rootless image](https://hub.docker.com/layers/netbirdio/netbird/rootless-latest). Rootless mode operates within a user namespace, reducing the attack surface compared to standard rootful Docker. The rootless mode leverages netstack from the gVisor Go package, enabling the WireGuard stack to run entirely in userspace, circumventing the need for kernel-level access.
```bash
docker run --rm --name PEER_NAME --hostname PEER_NAME -d \
-e NB_SETUP_KEY=<YOUR_SETUP_KEY> \
-v netbird-client:/var/lib/netbird \
netbirdio/netbird:rootless-latest
```
`rootless` is well supported and works without any privileges. However, it will only be useful for inbound access or as routing peer (no outbound connections except via socks proxy)