HOWTO: Host a Service privately on TrueNAS with a valid SSL Certificate

I have made it as far as entering the commands into the Tailscale shell, all successful. Running “Tailscale serve status” shows everything is setup correctly (as I gathered from the comments). I did have to change the Nginx user and group IDs to “0” (root) to get Nginx to deploy.

My issue is that when I then enter my TrueNAS server’s Tailscale IP (100.xx.xxx.xx) I get “This site can’t be reached” with “ERR_CONNECTION_RESET”.

At one point, if I entered the Tailscale IP with the Nginx port “100.xx.xxx.xx:30021” I would get the “It’s Working” page from Nginx. Though just trying that again I get “ERR_CONNECTION_REFUSED”. I tried changing the TrueNAS web UI ports to “880” and “8443” with no change.

I feel I must be missing something or I have something else set up incorrectly that is affecting it. Any help would be greatly appreciated.

Thank you.

Edit: It was actually using the TrueNAS server’s lan IP with the Nginx port (192.168.0.xx:30021) that got me to the “It’s Working” page from Nginx. Not the Tailscale IP. With the Tailsscale IP and port 30021 I get “ERR_CONNECTION_REFUSED”.

Did you check the option for “host networking” on the Tailscale app? That needs to be enabled.

1 Like

Yep, that was it. Thank you so much!

1 Like

I guess that’s what happens when I have “dark mode” enabled every where, I miss a small detail.

Don’t mean to be a both, I finished following this lovely guide (very well written, thank you for that), and the only issue now it that I get a “connection reset” error when attempting to access sub domain (“home.mysite.xxx”). Everything seems to be set, I even bought a cheap domain at Cloudflare. Got the API token setup. Everything I have looks like what should be my version of what you illustrated. Again it’s probably one little setting I forgot to check off.

Any thoughts?

Much thanks.

What sub-domain DNS entries did you make on Cloudflare? Are they pointing to your TailScale IP properly, and are you accessing it from a client with Tailscale setup and active?

Also, on the Cloudflare side, did you disable their Proxy and use DNS only?

I made an “A” DNS sub domain, pointing to the tailscale IP for my TrueNAS server and accessed from a device (tried multiple) that is connected to my Tailnet. the Cloudflare proxy setting is disabled, it wouldn’t let me save the DNS entry unless it was unselected.

Would I by chance need to change the Nameservers in the TrueNAS global network configuration to Cloudflare DNS servers? They are currently using the Quad9 servers I set in my router.

I figured it out. I started up Nginx again and noticed it had changed the 443 port it used from the standard 30022 to 30017 for whatever reason. I re-did the Tailscale commands (both just to be sure) and now it works flawlessly!

Thank you for the help and for the great tutorial.

2 Likes

That is strange, but glad you caught it! Enjoy the new setup :slight_smile:

1 Like

Oh I’m loving it. I was also able to get my own instance of Vaultwarden up and running. I’m happy :smile:

Could you please provide the full syntax?
Do you have to keep the /bin/sh in the command line

I got it worked now with those taiscale shell command.

1 Like

This is amazing! One question, do I need to buy a Domain name or can I just use the one that Tailscale gives me?

Custom domain is probably easier to remember (and cheap!), but if you can use TS hosts and control DNS from there, then have at it :slight_smile: