Hi,
I just updated to 25.04.1. Everything worked great, now since I had a HAOS VM I’m trying to get the VM back following the Migration Documentation.
However, I’m stuck because whenever I’m trying to do the initial Incus setup I’m only getting to this error:
Error: Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 515, in run
await self.future
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 560, in __run_body
rv = await self.method(*args)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/api/base/decorator.py", line 93, in wrapped
result = await func(*args)
^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/plugins/virt/global.py", line 186, in do_update
verrors.check()
File "/usr/lib/python3/dist-packages/middlewared/service_exception.py", line 72, in check
raise self
middlewared.service_exception.ValidationErrors: [EINVAL] virt_global_update.pool: Port 53 is required for virtualization but is currently in use by the following services on wildcard IPs (0.0.0.0/::): 'lyrion-music-server' application, 'unifi-controller' application, 'calibre' application application. Please reconfigure these services to bind to specific IP addresses instead of wildcard IPs.
Wow that seems odd, I have never understood why everyone even wants specific IP’s for apps myself. Personally I forward port 443 to my truenas box, and all my apps work, wunderbar!.
Seems like port 53 is in use, which also seems to be a common theme in the forums since fangtooth. I think instead of locking in 53 it would be better to be able to choose a port perhaps?
For now I would reboot back to your last working version.
Yeah, thats what I did. Reverted back to 24.10 Version for now.
My setup is similar I have a lot of apps running. Most of them behind a the Nginx Reverse Proxy which handles the routing based on Domain name. Nothing special at all. Port 53 is used by Adguard though. But this can’t really be a problem, can it?
I guess I’ll wait until the Instances stuff is not “experimental” anymore.
Yes adguard is your problem since incus also wants to use port 53 for DNS resolution, but you can change the incus port with a command. When I’m back from my lunch break I’ll see if I can find the forum post with the command
Edit
this is the command to change the incus dns port
incus network set incusbr0 raw.dnsmasq="port=5354"
You can create rules and access restrictions, including VPN and port forwarding, on each “App” as if they are separate servers, including distinction from the TrueNAS host itself.
I can block all internet access from TrueNAS with only local access from specific computers, while forcing my qBittorrent jail (app) to tunnel through a specific Wireguard config, just as an example.
This works. I ran into it on a fresh install of 25.04.0 a month or so back when I was setting up AdGuard (which wants port 53, obviously).
This morning I upgraded that instance to 25.04.1 and incus stuck itself to port 53 again and AdGuard refused to come up.
I changed the incus port again and all is well. It is just annoying that I seemingly have to do this with each upgrade. But a small annoyance (at least for me).
