Apps only work with "Host Network" selected

Apps and Virtualization
1

I can’t get any apps with web access i.e. jellyfin, emby, n8n to work unless I select “Host Network”. Without that selection they are never reachable even if they are started successfully.

I have a bridge0 with vlan20 for the main access / shares. even if i create vlan30 the device can’t be reached on either vlan. However, if i select Host Network, the app can be reach on the designated port of the server ip.

1 Like
2

according to deepseek, but i don’t understand the response or what i need to do, as i have no knowledge of kubernates

When installing apps on TrueNAS SCALE, if their web interfaces are only accessible with “Host Network” enabled, it’s typically due to networking configuration issues in Kubernetes (the underlying system for apps). Here’s how to resolve it:

1. Check Service Type and Port Configuration

  • Service Type: Ensure the app uses NodePort or LoadBalancer (not ClusterIP).
    • During installation, under Networking, select:
      • Service Type: NodePort or LoadBalancer.
      • Define explicit External Ports (e.g., map container port 80 to host port 30080).
  • Host Network bypasses Kubernetes networking, so apps inherit the host’s IP/ports. Without it, use the assigned NodePort (e.g., http://<truenas-ip>:30080).

2. Verify Firewall and Network Rules

  • Ensure your firewall (on TrueNAS or network) allows traffic on the NodePort (typically 30000-32767).
  • Example for UFW (if using Linux firewall):

bash

Copy

sudo ufw allow 30000:32767/tcp

3. Use an Ingress Controller (Advanced)

  • If you’ve deployed an ingress controller (e.g., Traefik, NGINX):
    1. Configure the app to use ClusterIP.
    2. Create an Ingress rule to route traffic (e.g., via a domain/subdomain).
  • This avoids manual port mapping (e.g., access via http://app.mydomain.com).

4. Check App-Specific Requirements

  • Some apps require environment variables to bind to non-localhost addresses. In the app’s configuration:
    • Add variables like SERVER_HOST=0.0.0.0 (forces the app to listen on all interfaces).

5. Diagnose with CLI

  • Use k3s kubectl commands to check services and pods:

bash

Copy

List services and their assigned ports k3s kubectl get svc -n ix- # Check pod logs for errors k3s kubectl logs -n ix-

Summary

  • Without Host Network: Use NodePort and access via <truenas-ip>:<nodeport>.
  • With Host Network: Apps bind directly to the host’s IP/ports (simpler but risks port conflicts).
  • For a cleaner setup, use Ingress with a reverse proxy (e.g., Traefik) to route traffic via domain names.
3

Question:
Which version of truenas do you use? Truenas switched from kubernetes to docker with electric eel. So your deepseek answer only works for 24.04 (Dragonfish) or older.
For Truenas 24.10 you’d have to search for solutions for the newer docker backend.

1 Like
4

i have the latest 24.10 and both jellyfin and n8n are new installs, but this problem also exists with older installs of emby and home assistant previously installed many moons ago

5

Then please post screenshots of your apps config, or if you deploy it via custom app your compose file in code tags.

Edit: and as mentioned your deep seek answer is totally useless for your truenas version

1 Like
6

i have jellyfin working, but the published server URL has to be an IP http://192.168.20.10:8096 and not a dns name.

i get http://nas:8096. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
in firefox

nas sent an invalid response.
ERR_SSL_PROTOCOL_ERROR in chrome