Problem with update of server selfhost and change of signal port

[Fantu]

Hi, some days ago I installed selfhost server following https://docs.netbird.io/selfhosted/selfhosted-guide
seems done correctly and I also changed coturn range adding "TURN_MAX_PORT=50999" to setup.env and seems was ok
today I must change signal port from 10000 to 11000 and I also tried to update to latest version (from 0.23.0 to 0.23.1)
I not found an howto related to update and I know few things about docker, I tried to update repo, add "NETBIRD_SIGNAL_PORT=11000" to previous setup.env and redone container. netbird seems working and data was maintained but signal port was not changed even if after configure in management.json seems wrote correctly 11000

the exact procedure I did was:

# disable and remove container (FWIK)
docker-compose down
# save setup.env
cp setup.env /root/
# clean repository (I'm not sure if needed and correct)
cd ..
git reset --hard
git clean -f -d -X
# update repository to latest version
git fetch origin
LATEST_TAG=$(basename $(curl -fs -o/dev/null -w %{redirect_url} https://github.com/netbirdio/netbird/releases/latest))
git fetch --tags
git checkout tags/$LATEST_TAG
cd infrastructure_files
# recopy setup file
cp /root/setup.env .
# checked if there was changes to parameters from previous installed version: https://github.com/netbirdio/netbird/commits/v0.23.1/infrastructure_files/setup.env.example
# did configure
./configure.sh
# here I checked management.json and seems signal port is correctly 11000
# generate and start container
docker-compose up -d

now checking netbird is working and data mantained but signal port is still 10000 looking "docker ps"

docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED          STATUS          PORTS                                                                      NAMES
57e4b8c384a5   netbirdio/management:latest    "/go/bin/netbird-mgmâ¦"   16 minutes ago   Up 16 minutes   0.0.0.0:33073->443/tcp, :::33073->443/tcp                                  infrastructure_files_management_1
ee85cc11a930   wiretrustee/dashboard:latest   "/usr/bin/supervisorâ¦"   16 minutes ago   Up 16 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   infrastructure_files_dashboard_1
6014132672a5   coturn/coturn                  "docker-entrypoint.sâ¦"   16 minutes ago   Up 16 minutes                                                                              infrastructure_files_coturn_1
dcbc9bb3861a   netbirdio/signal:latest        "/go/bin/netbird-sigâ¦"   16 minutes ago   Up 16 minutes   0.0.0.0:10000->80/tcp, :::10000->80/tcp                                    infrastructure_files_signal_1

can someone please tell me if the update procedure I did is correct or wrong? if wrong can tell me the correct (and I think is good add to documentation)
about signal port not changed to 11000 in the signal container is related to a bug or something I did wrong?

thanks for any reply and sorry for my bad english

[Fantu]

I did a fast compare with implementation of variable of other custom ports working and I found a missed variable in docker-compose.yml.tmpl, I tried to change manually the static port (10000) with $NETBIRD_SIGNAL_PORT and worked

can someone confirm no other things is needed and can someone please tell me if the update procedure I did is correct?

[pappz]

Dear @Fantu

First of all your English is not bad. I understand fully your report :)
The procedure what you did is looks correct at the first look. It was good idea to check the port in the management.json but it is not enough as you recognized. The management.json contains relevant information for the Management server. That server propagate the port information for the peers. The signaling server is a different component and you can manipulate the settings with env variables.
Thank you for the PR. We will review it!

[Fantu]

@pappz thanks for reply
about the update netbird server to newer version the procedure I did can you please tell me if is correct?

[pappz]

@Fantu usually we do not need to clone the repo.

The steps can be the following:

 cd /path/to/docker-compose-files
 
 # get the latest docker images
 docker-compose pull 
 
 # copy the host mount point
 docker volume inspect netbird-mgmt 
 ...
 "Mountpoint": "/var/lib/docker/volumes/netbird-mgmt/_data",
 ...
 # stop the services
 docker-compose down
 # make a backup of the store file from the mountpoint:
 cp /var/lib/docker/volumes/netbird-mgmt/_data/store.json ./backup/store.json
 # restart the services
 docker-compose up -d

[Fantu]

@pappz thanks for reply
I used and know too little related to docker, I saw only after from docker-compose.yml that don't generate the container but download them, so I missed important part of pull the new version of container if present, thanks for the info
about the repository is needed in case of changes in infrastructure_files from what I understand and setup.env should be updated in case of changes from previous version or it risks to cause issue or unexpected cases I think, or I'm wrong?
"docker-compose down" I saw that stop and remove the containers
about the store.json I don't understand full without know how works (from a grep I didn't find operation in infrastructure_files that use it, I suppose manual operations are needed to use/restore it in some cases where needed), I'll do that anyway
if there will be changes to setup.env also ./configure.sh will be needed from what I understand

I suggest to add the full update procedure in the documentation

[13653216371]

Yes, I have also discovered this problem and found a solution.
Please first confirm that the port range has been modified correctly in turnserver.com, as follows:

Min port=12000
Max port=13000

Then modify the file mapping directly in the docker compose file:

  coturn:
    image: coturn/coturn
    restart: unless-stopped
    domainname: api.xxx.com
    volumes:
      - ./turnserver.conf:/etc/coturn/turnserver.conf
    network_mode: host

[Fantu]

@13653216371 you mean there is issue also on coturn port range? It seemed to work to me
I setted TURN_MAX_PORT=50999 in setup.env and the generated turnserver.conf have correctly max-port=50999
about docker compose file with network mode host (on coturn container) the port mapping (done for others containers) is not needed and use the host's network directly, so not other things are needed or am I wrong?

[13653216371]

There are some issues with the configure.sh script. It is recommended to directly modify the conf files of Docker-Compose.yml and other components

[Fantu]

the my generated docker compose configuration of coturn container is:

  # Coturn
  coturn:
    image: coturn/coturn
    restart: unless-stopped
    domainname: hidden.domain
    volumes:
      - ./turnserver.conf:/etc/turnserver.conf:ro
    #      - ./privkey.pem:/etc/coturn/private/privkey.pem:ro
    #      - ./cert.pem:/etc/coturn/certs/cert.pem:ro
    network_mode: host
    command:
      - -c /etc/turnserver.conf

the differences I see is remove of ":ro" in the configuration file but I suppose is ok readonly for it and remove of command
looking "docker-compose logs coturn" output coturn seems running correctly
and also enter in container shell and checking its conf:

docker exec -it 8fead6159f65 sh
$ cat /etc/turnserver.conf | grep max-port
max-port=50999

for now I don't see the issue

if there are know issues with configure.sh I think should be solved, I don't have much knowledge of docker and this project and I only did a quick installation but for the bug I found and understand the solution I did a PR for example: 8d18190

[Fantu]

big thanks @mlsmaycon and @braginin for backup and upgrade informations added to docs in netbirdio/docs@53da0fe

there are still 2 information which I haven't found an answer to and which I think is useful to have in the documentation:

• if I move the netbird server from one vm in office to server in cloud (or other cases with new clean install) is possible to the database from backup done with docker compose cp -a management:/var/lib/netbird/ backup/ for restore the users, peers, acl etc.. data (the domain and ports will be the same and only change the record to point to new server)
• is possible to change idp (for example from google to zitadel) keeping that netbird data (users, peers, acl etc..)?

[Fantu]

Missed things added in this suggestion list, so I think this can be closed