Somehow, I managed to lock myself out of my self-hosted Netbird server.
I have a VPS running the server (set up with getting-started.sh), including Crowdsec, a reverse proxy, and Traefik. I also have Pocket-ID (a container) running in a separate Docker stack on the same server. When I set up Pocket-ID, I double- and triple-checked everything before deleting the “old” admin/owner account. So currently, only the new Pocket-ID owner account exists.
This setup worked without any issues for at least a week. Unfortunately, I now get the following message when I try to log in to the dashboard with Pocket-ID:
Netbird server log:
2026-05-05T15:49:51.791Z ERRO [err: failed to open connector: failed to open connector: failed to create connector d7loni8eqbqs7383c76g: failed to get provider: 403 Forbidden: Forbidden
] idp/dex/logrus_handler.go:83: Failed to get connector
It shouldn't be a Pocket-ID issue, since I haven't changed anything there and other services like Portainer or Mealie still work with Pocket-ID.
The only thing I changed today was that, in the dashboard under Reverse Proxy for the “auth.mydomain.tld” (Pocket-ID) in the dashboard under Reverse Proxy, in addition to “CrowdSec” (which was already active and hadn’t caused any problems), I added the restriction that “auth.mydomain.tld” (Pocket-ID) may only be accessed from Germany, Switzerland, and Austria.
Could this be related to the problem? If so, how can I change this back without logging in (I have access to the VPS via SSH and thus to the Netbird Docker containers)?
Or is there a way to create a new local Netbird admin user again, which I can use to log in via email/username and password instead of using the Pocket-ID passkey?