Accessing apps using a custom public domain name and a certificate

I have a TrueNAS SCALE installed with a bunch of apps (syncthing, jellyffin, etc…). But these apps are installed from the TrueCharts package. With TrueCharts and TrueNAS SCALE parting ways, I need to make a decision which to go with (like a child in a divorce). So far, I’m leaning toward TrueNAS SCALE. But there’s an important feature that I’m not sure if it is supported by TrueNAS SCALE or not.

I have a public domain registered with Cloudflare (alongside a certificate) and through TrueCharts, I was able to access my app installed on my TrueNAS SCALE by their domain name instead of their IP address. While I’ve forgot the exact details of the steps that I followed, but TrueCharts had a bunch of apps that let me map my domains to local IPs (for example https jellyfin dot mydomain dot com could be mapped to http 192 dot 168 dot 1 dot 250:8096). I could open the jellyfin by typing the domain or the IP and either would work as long as I’m connected to my home network. And if I’m out, I could VPN to my NAS (using Tailscale) and everything still would work just as before.

Now, my question is that can I achieve the same without TrueCharts? Is there a documentation explaining this that I can follow?

There are two iX apps that I have been using to achieve this purpose to access a few of my apps (e.g. AudioBookShelf, LinkDing) externally.

The first is ddns-updater which is a Dynamic DNS updater. This will check your current external IP address and update your DNS records accordingly. The update interval is around 5 minutes.

The second is a nginx-proxy-manager which is a reverse proxy manager. I’ve had to use it since AudioBookShelf, LinkDing, and Kavita do not natively support secure connections. This will allow you to set up your domain and subdomains that can be accessed externally and point it to your internal instances. (E.g. abs.example.com points to my TrueNAS server at http://192.168.1.2 on port 10223), plus force HTTPS connections. I put together a configuration guide at Nginx Proxy Manager - Configuration Tips (especially if you are stuck at Deploying) to help. I had some hiccups with nginx when I migrated from Dragonfish to Electric Eel in that the app didn’t migrate over, and I had to do a reinstall. Also, you will need to do some port forwarding of ports 80 and 443 to the NGinx ports as defined by the app (30021 and 30022 respectively).

I also happen to use Cloudflare, so you will need to get some API tokens in order to intergrate the nginx-proxy-manager and ddns-updater with Cloudflare.

Thanks for the quick reply.

I’m not sure why but I cannot find Electric Eel nor Dragonfish in my “Discover Apps” list. Are these TrueNAS master branch Catalog? Also, I was using Traefik before (as for the reverse proxy) from TrueCharts catalog and even that one cannot be found. I’m lost right now.

Oops! I just realized that those two are names for newer releases of the TrueNAS SCALE.

Now, I’m confused how your suggestion works. I mean in your post you are naming only Nginx. But not much on how to configure it. My knowledge on different components needed for this purpose is very much limited. And I hope there was a step by step documentation telling me what I need to do.

Thank for the reply again.

In my old setup (which is still working), I had only two DNS records within Cloudflare. One for accessing my NAS webpage and one record for accessing all my apps:

nas dot mydomain dot com -> 192.168.1.251
* dot nas dot mydomain.com -> 192.168.1.250

And I didn’t need to update DNS records per new apps. Instead, traefik would know (somehow) which app to forward the request to when one was coming in. Is this not an option any more?

PS. Sorry about ugly domain names. I’m new to this platform and I don’t have permission to post domain names,

Understood. Both Traefik and NGinx are reverse proxy apps which allows access from the outside world to your server. Unfortunately, Traefik is not currently offered in the iX application catalog, but NGInx is. With the release of Electric Eel, apps are now handled in Docker containers instead of Kubernetes containers, and you can upload a yaml file for an application.

Like I said, check Nginx Proxy Manager - Configuration Tips (especially if you are stuck at Deploying) for my notes. If you scroll down, you can see some screenshots on how I created the mappings.

Question about the configuring the apps are best asked in the Apps and Virtualization forum. It is possible to upload a yaml file for a custom install, but I haven’t done that yet.

1 Like

Thanks, @MarkHoltz .

Just to be clear, in your solution I’ll end up with one DNS record per app. Is that correct? Also, do I need to reconfigure Nginx per each new app as well?

It appears that you are using subdomaining as follows:

That is easily configured as two different entries in nginx. For security reasons, I would avoid wildcards, so yes, each app would have it’s own entry. However, instead of saying blah.example.com:12345, you can just point use https://blah.example.com and it points to 192.168.1.250:12345

1 Like

One last question. As for the certificate, is it configured in the TrueNAS SCALE or the apps? I know TrueNAS SCALE has some certificate configuration but I’m not sure if that’s the one I’ll need to access my apps using https.

The certificate will be configured in the NGinx application in the SSL Certificates section. I use Let’s Encrypt certificates, so it was just a matter of using DNS verify and using the CloudFlare token to get the certificate, plus NGInx also handles the automatic certificate renewal.

If you using your own certificate, then you can upload it. Here is the screen: