What is NetBird Selfservice?
NetBird Selfservice is a web application that enables employees to request and manage VPN network resources through a simple, self-service interface. Built on Laravel with Livewire, it integrates directly with the NetBird API to automatically provision IP addresses, subnets, and domains for accessing customer resources through your VPN network. Instead of manually configuring NetBird network resources or requiring IT intervention for every request, teams can use this application to streamline the process with built-in approval workflows and access controls.Key Features
Resource Management
Add, edit, and delete VPN network resources including IP addresses, CIDR blocks, and domain names
Approval Workflow
Non-admin users submit requests that require admin approval before resources are provisioned
Google OAuth
Secure authentication via Google Workspace with domain restriction capabilities
Domain Restriction
Limit access to users with specific email domains for enhanced security
Activity Logging
Track all resource changes with comprehensive audit logs
Ownership Controls
Users can only modify their own resources unless they have admin privileges
Architecture Overview
NetBird Selfservice is built with modern web technologies:- Backend: Laravel 12.x (PHP 8.2+) framework providing robust API and business logic
- Frontend: Livewire with Volt for reactive, dynamic UI components
- Styling: Tailwind CSS 4.x with custom Flux components
- Authentication: Laravel Socialite for OAuth integration (Google by default)
- Database: MySQL, MariaDB, or SQLite for data persistence
- Integration: Direct integration with NetBird API for network resource provisioning
How It Works
- User Authentication: Users sign in with their Google account (or other OAuth provider)
- Domain Validation: The system verifies the user’s email domain against allowed domains
- Resource Request: Users create requests for IP addresses, subnets, or domains
- Approval Process: Admins review and approve/deny requests
- Automatic Provisioning: Approved resources are automatically added to NetBird via API
- Access Control: Resources are assigned to appropriate NetBird groups for user access
System Requirements
Before installing NetBird Selfservice, ensure your environment meets these requirements:- PHP: Version 8.2 or higher (8.3+ recommended)
- Composer: For PHP dependency management
- Node.js & npm: For building frontend assets
- Database: MySQL/MariaDB or SQLite
- NetBird Account: With API access token and appropriate permissions
- OAuth Provider: Google Cloud Console project for OAuth (or any Laravel Socialite supported provider)
Security Features
NetBird Selfservice implements multiple security measures:- Domain Restriction: Only users with emails from allowed domains can sign in
- Ownership Checks: Users can only modify their own resources
- Address Validation: Validates IPs, CIDRs, and domain names before submission
- Blocked Addresses: Dangerous ranges like
0.0.0.0/0, private networks, and loopback addresses are automatically blocked - Generic Error Messages: Internal errors are logged but not exposed to users to prevent information leakage
Use Cases
For Regular Users
- Request access to customer networks and resources
- View and manage their own resource requests
- Track approval status of pending requests
- Access approved resources through the VPN
For Administrators
- Create resources directly without approval
- Review and approve/deny user requests
- Edit or delete any resource in the system
- Monitor activity logs for audit and compliance
- Manage user access and permissions
Next Steps
Installation
Follow the step-by-step installation guide to set up NetBird Selfservice
Configuration
Configure environment variables, OAuth, and NetBird API integration