| machinekey | ||
| traefik-stack | ||
| .env | ||
| dashboard.env | ||
| docker-compose.yml | ||
| install-netbird-traefik.sh | ||
| management.json | ||
| Netbird-compose-backup.tar.gz | ||
| readme.md | ||
| reinit.sh | ||
| reinit1.sh | ||
| relay.env | ||
| turnserver.conf | ||
| uninstall-netbird-traefik.sh | ||
| zdb.env | ||
| zitadel.env | ||
| zitadel_api.log | ||
🚀 Deploy Netbird & Zitadel with Traefik
This script helps you deploy Netbird behind a Traefik reverse proxy. It's designed for users who already have a working Traefik stack. The integration relies solely on Traefik labels—no need to modify your existing setup.
📦 Installation
git clone https://github.com/yblis/netbird-traefik.git
cd netbird-traefik
⚙️ Configurations
Before running the script, edit the following variables inside install-netbird-traefik.sh:
NETBIRD_DOMAIN="netbird.domain.com" # Your Netbird domain
TRAEFIK_NETWORK="traefik_traefik" # Docker network used by Traefik
TRAEFIK_CERTRESOLVER="webssl" # Traefik certificate resolver (e.g., Let's Encrypt)
▶️ Deployment
chmod +x install-netbird-traefik.sh
./install-netbird-traefik.sh
🔓 Required Ports
Make sure the following ports are open on your firewall/router:
| Protocol | Port(s) | Description |
|---|---|---|
| TCP | 80, 443 | Traefik (HTTP/HTTPS) |
| TCP | 10000 | Signal gRPC API |
| TCP | 33073 | Management gRPC API |
| TCP | 33080 | Relay service |
| UDP | 3478 | STUN/TURN (Coturn) |
| UDP | 49152–65535 | STUN/TURN (Coturn - RTP) |
🧠 Requirements
- Existing Traefik stack (Docker + configured network)
- Valid domain pointing to your server
- Traefik certificate resolver (e.g., Let's Encrypt)