Access Your Home Lab Remotely with NetBird: The Simplest Solution

For those who manage a media server, operate a home lab, run cloud-based virtual machines, or create internal dashboards, remote access is paramount. Utilizing your own infrastructure holds little value if you cannot connect to these services from outside your local environment. However, exposing your services to the public internet introduces numerous security vulnerabilities, including the risk of unauthorized access to your systems. NetBird offers a balanced solution by establishing a secure private network that enables seamless communication between your devices, regardless of their location.

NetBird is an open-source platform that employs a zero-trust networking model to create a secure private network connecting your devices. By using this system, your devices act as if they are all on the same local network, simplifying the process of accessing self-hosted services, dashboards, and servers from remote locations.

Take, for instance, a media server powered by Plex or Jellyfin; with NetBird, you can access it from anywhere without the need to adjust your router settings. For those managing cloud servers, secure SSH access becomes possible without exposing SSH to the internet. If you’re using self-hosted solutions like Joplin or building dashboards for internal use, collaborating with team members over a private network is straightforward.

If you opt not to use a tool like NetBird, you would need to expose your server publicly to access it remotely. While setting up a VPN is an option, it can require considerable time and effort to manage firewall rules, open necessary ports, and maintain security certificates—often detracting from your actual usage of the service.

NetBird operates by linking your devices into a private network. This decentralized approach allows devices to connect directly to one another, enhancing speed and reliability, as opposed to routing traffic through a central server. You also have the ability to designate one device as a routing peer, enabling it to serve as a gateway to an entire local network. For example, if your home server is configured as a routing peer, you can access other devices in your home without needing to install NetBird on each one.

How to Set Up and Use NetBird

NetBird is accessible as both a hosted solution, similar to Tailscale, and as a self-hosted option—one of its most significant advantages. While self-hosting can require some initial setup, it is a straightforward process.

First, choose where you plan to host NetBird. Your options include a cloud VM, NAS, or even a personal laptop. Additionally, you’ll need a domain name pointing to your server’s public IP address.

NetBird operates using Docker, so ensure you have Docker and the Docker Compose plugin installed on your server. Additionally, install two lightweight utilities: curl for downloading the NetBird installation script, and jq for managing configuration data.

sudo apt install jq curl

NetBird provides an automatic setup script that installs and configures the necessary components. You can initiate this process using the following command:

curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started.sh | bash

During installation, you will be prompted to provide a domain that will be used to access the NetBird dashboard. This domain later allows you to reach the dashboard through your web browser.

The script will then ask which reverse proxy you prefer. For most users, the default choice 0 (Traefik) is the best option, as it automatically manages HTTPS certificates via Let’s Encrypt, simplifying secure access to your dashboard.

Next, the installation will request an email address, followed by a query about enabling the NetBird Proxy service. Since the goal is to access devices remotely through the NetBird private network, you can choose N here to decline that option.

Upon completing these steps, the setup script will wait for the NetBird server to finish initializing.

Once initialization is complete, you will be able to access the NetBird dashboard using the domain you previously configured.

Navigating to this address will redirect you to the NetBird setup page, where you can establish your first admin account and add devices to your network.

Integrating a Device with NetBird

To enable remote access to services hosted on any of your devices, start by adding that device to your NetBird network. Navigate to the Peers section in the side panel and select the Add Peer option.

You’ll see options for downloading the appropriate NetBird client, which the system typically suggests based on the device in use. Download and install the recommended client on your device.

After installation is complete, launch the client and log in using the same credentials you established for your NetBird dashboard. Once authenticated, the device will show up in the Peers list, automatically receiving a private IP address within your NetBird network.

To access another connected device, return to the Peers page, where you can find the NetBird IP address for the device running the desired application. Open a browser on your laptop or mobile device and enter that IP address along with the corresponding application port.

For instance, if your home server is hosting a media server like Jellyfin, and NetBird assigns it the address 100.70.15.8, you can access the media server through the following address:

http://100.70.15.8:8096

As long as both your laptop and the home server are connected via NetBird, the media server will function as if both devices are on the same local network, even if you are accessing them remotely.

Navigating and Using NetBird

Once your devices are integrated, most interactions with NetBird will occur through its intuitive web dashboard. This dashboard serves as the central hub for managing all devices on your network and controlling their communication settings.

Start by exploring the Peers section in the dashboard. This area displays all devices currently connected to your NetBird network, providing visibility into device names, connection statuses, and assigned internal IP addresses. Here, you can rename devices, remove peers, or create setup keys for adding new machines to your network.

Next, check out the Groups section. This functionality enables you to organize your devices into specific categories, simplifying access management. You might consider creating groups such as Personal Devices, Servers, or Development Machines. After setting up groups, assigning specific peers to each group can be done directly from the dashboard.

Having categorized your devices, proceed to the Access Control section. Here you can dictate the rules governing how devices in your network interact. You have the flexibility to specify which groups or devices are allowed to communicate with each other and the types of traffic permitted. For example, you could permit your laptop to connect to a specific server while restricting other devices from accessing that server.

Finally, the Networks section becomes significant when you want to expose an entire local network through a single device designated as a routing peer. By defining a network resource and assigning a routing peer, other devices within the NetBird network can access machines that do not run the NetBird client.

NetBird effectively facilitates secure remote access to your self-hosted applications, ensuring your self-hosting experience remains intact. To maximize this remote access potential, consider exploring more self-hosted applications that align with your needs.

Source & Images