Suppose I have an application installed and running through the “Apps” UI on TrueNAS Scale.
For example, “syncthing”.
I’d like to automatically create a local DNS entry and proxy entry whenever an app launches so that https://appname (e.g., “https://syncthing.local”) works, resolves to an nginx-proxy-manager instance, which then proxies (or redirects) to whichever port on the NAS the application is serving HTTP over.
This feels like something that is probably either (a) a checkbox somewhere in the UI that I’ve overlooked, or (b) very complicated, but someone has probably written up how to do it and I’ve not managed to find it after searching the forum.
I’m aware that I could configure and update the local DNS server and nginx-proxy-manager every time I install a new app (or the app’s serving port changes) but I’m looking for something that does this automatically.
My router DNS server does this through a checkbox that says “Register DHCP leases”. You should also be able to do this through static DHCP mappings. Most semi-decent routers should have that option.
Also, use of .local is discouraged because it’s used by mDNS.
Sure, there are many ways of doing this using any number of third party applications or hardware/software combinations.
What I’m trying to find out is whether this is supported by TrueNAS out of the box, and if not, if there is a straightforward way of achieving it using just software that runs on TrueNAS.
No. What you need to understand about network devices and the way they are supposed to run, is the expectation that every device is sovereign/autonomous. In short, one device can’t tell another device how to behave.
DNS works by looking up some table and mapping that name to an IP, so you need at least 1 DNS server in the network that all clients connect to. Your TrueNAS SCALE can “suggest” (typically to the DHCP server) that “hey, this is my DNS name, please register my name in case you are also the DNS provider to the network”, but that server has no obligation whatsoever to follow that suggestion.
Heck, you can’t even guarantee that that device is also the DNS provider. Even further, any private device on the network can decide that it doesn’t want to use the “suggested” DNS server provided by the DHCP server and just override it with its own local DNS records. Heck, any device can just decide it wants to use its own IP address and not grab an IP from the DHCP. You see where I’m going with this yet?
TL;DR:
If you want to do this reliably, have your DHCP server also be configured as the DNS server and configure it to register any DHCP clients that grabs a lease from it.
Additional note:
Some devices run mDNS, which can kinda’ maybe support what you want, but I find it unreliable/flaky in practice.
TrueCharts did (and still does, though they don’t publish a catalog for TrueNAS any more) much of this. They definitely handle the proxy, by way of Ingress using Traefik. They have a recommended DNS solution in Blocky, but I’m not sure if they ever had it configured to act in this way–I expect it could have been done, but I don’t know if they did (I use my OPNsense router for DNS, so never had occasion to try it). iX’ apps don’t do anything like this, never have, and I don’t believe can be configured to.
In order to do something like this, the apps in question, the DNS server in question, and the reverse proxy in question would all need to know how to talk to each other. That means that all the apps in question would need to belong to the same ecosystem, and they’d all need to be configured to behave in this way. So I’m 99.99% sure that nobody has written up a guide on how to do all of this (certainly not in the TrueNAS context).
If you can give up the DNS aspect of this, the proxy/ingress piece can be handled through Compose. You’d start by setting up Docker and Dockge or Portainer (I like Dockge better) in a sandbox, then follow Techno Tim’s YouTube tutorial for Traefik. You’ll be installing whatever apps you want to use using Docker Compose.
Alternatively, investigate whether TrueCharts’ Blocky setup functions as I suspect it does. If it does, set up a Kubernetes cluster and install the appropriate ones of their charts using Helm. Either of these could be done on your NAS, either as a sandbox or in a VM.
Indeed it does, not that anyone was asking about DHCP. But it doesn’t have a way to be automatically configured to add a DNS record for a newly-added app, nor to do anything with reverse proxying for that app.
I’m not a SCALE user, so enlighten me on this. Doesn’t the newly-creaetd app request for a DHCP, so Pi-hole could then also add that app to the DNS records?
This is what I do on my vanilla FreeBSD jails (CORE could do this too). Of course, it does require the jails to be VNET-enabled.
No–by default the newly-created app occupies a port on the NAS’ IP. TrueCharts apps could be configured to occupy their own IP, though I believe it would have been statically-configured rather than DHCP. It doesn’t appear the iX-provided apps have this option. I understand it’s possible with Custom apps, iff they’re configured to use a bridge interface.
You wrong. zeroconf doesn’t need separate dns it just local broadcasts. And I did it on CORE. I’ve added mdns advertiser at every jail and use bridged mode on vnet so jails can achieve its own IP’s, and with that they can advertise their .local domains.
