I host 2 apps (WebDAV and minio) on my TrueNAS SCALE (Dragonfish-24.04.2.5) which are accessible from the internet. nginx (also running as a standard app) handles certificates and routing from outside to the TrueNAS IP and app ports. From the internet everything works fine but from home network not quite - slow or not functioning at all. I learned I need split DNS, for which I am happy to use pihole (already runs as an app) but I can’t since nginx doesn’t have own IP address.
So, either I can make nginx have own IP or I can make nginx listen to ports 80 and 443 by default - this would solve my problems (I moved already TN UI to other ports).
But I can’t accomplish this in a normal setup of mine. Everything I found online suggests this is doable (I can’t paste links apparently), but I am not finding any instructions how. Can someone please point me in the right direction or outline steps I need to take in order to accomplish what I need?
Thanks for chiming in @MarkHoltz. What you described is exactly how I have it at the moment. This, indeed, works well for queries from the internet (outside home network). In contrary, the queries from inside the home network don’t work well, they’re extremely slow at best, most of the time requests time out and it doesn’t work.
I need split DNS solution, I learned, so that internal requests are routed directly to the nginx proxy manager (for the sake of certificates being valid etc) and not via external DNS. For this I need NPM to either have own IP or to listen to ports 80 and 443 on TrueNAS IP. At the moment, I can’t configure any of the two options with standard configuration options. I’d appreciate guidance how to accomplish this in a “non-standard” way, as many forum posts around suggest this is doable. I just don’t know how
@bacon which source is your NPM deployed from? Mine is from the default Truenas app chart and I am not able to assign ports lower than 9000. This is a limitation imposed by the underlying kubernetes framework and helm package manager, as far as I understand. So, where did you install your NPM from?
@dan thanks for the link to the instructions. It feels neat and I’d like to do it like that, but I have not dared to upgrade to 24.10. yet. I was reading about the issues with the apps at upgrade, and I am not ready for much troubleshooting at the moment. I will test the upgrade on a VM and see how it goes. In the meantime, I’d love to hear if something similar can be done on 24.04.?
I am running 24.10.0.2 and installed it directly from the default app catalog. There is no port limitation there. I have never used TrueNAS Scale prior to 24.10.0.0 - I migrated from Core directly to that version, with native docker support being the main reason for finally migrating.
If your router supports hairpin nat then that can be used instead of split-dns. It’s not an ideal setup, but does work in a pinch.
On version TN 24.04, I used Proxy Manager on ports 30021 and 30022, and on the Mikrotik router, I had simple dstnat rules that redirected requests from internal IPs when they came to the internal TN IP on ports 80 and 443 → 30021, 30022. I don’t know if you’ll be able to set it up on your router.
This is probably question for @vanhalf as I don’t have the Microtik router. I’ll just chime in for posterity that just yesterday I finally transitioned to the upgraded hardware and installed TN 24.10, which allowed me to solve my issues in the way @dan introduced in the thread above. I am using internal DNS records on pihole to solve issues with internal routing. So far it seems to work well. Good luck solving your issues @pomah86.
Hi, I used hairpin NAT on the TN 24.04 version where it wasn’t possible to set the Nginx ports to 80 and 443. Now it’s possible, so on my MikroTik, I have static DNS records for my subdomains pointing directly to the internal IP of NPM. However, if you want to set up port redirection from port 80 and 443 to other ports on the MikroTik router, use the following configuration:
I see, I had the rules there, but I put them at the end, need to check where they should be and I hope it will solve one of my problems.
Next question:
I am running home assistant, in a VM, due to the fact that I want the full experience and not the limited one you get with the docker option. BUT, I would need that VM to get the certificates from nginx so that I can run SLL and send myself notifications and so on, any idea on how to make it work?
I’m thinking as a bypass, to run a separate duckdns instance on the home assistant with it’s own certificate generation, but I’m not sure that will work…
