I have just got TrueNAS Scale working, but my browser says my connection is not secure. From what I read I think I need to assign my server a static IP, but my package from my ISP does not allow static IP’s. Is it necessary to have an HTTPS connection? How should I go about fixing this?
As a beginner, I’m quite overwhelmed and not entirely sure where to start. Along with making sure everything is secure, here is what I want to be able to do with my server:
a. Backup files from my main PC. I want to be able to access these files from anywhere on any device.
b. Run game servers (Minecraft, Arma 3, DCS). I am aware that there is a Minecraft application built in to TNS, but are there any other steps I need to take beforehand to make sure it will work?
Thanks for the help in advance, and sorry if anything I said doesn’t make sense. I really do not know much.
Static vs. dynamic IP has nothing at all to do with this.
Nope.
There’s nothing to fix. If you want HTTPS, just browse to https://ip_of_nas. You’ll get a different warning (because you’ll be using a self-signed certificate), but it’ll be HTTPS.
Thanks for your reply. If I wanted to have a secure connection, how would I do that? Is there any point?
Also, any suggestions for my original second question?
To have a connection that your browser will call secure, you’d need to be using HTTPS with a trusted certificate. In order to do that (relatively) easily, you’d need to own a domain (starts around $10/yr from Cloudflare–and that’s where I’d buy it), and then you can get a certificate through TrueNAS directly.
Once you have the domain and the cert, you’d need you set up your local DNS in such a way that, e.g., truenas.yourdomain points to the local IP address of your NAS. If your router isn’t brain-dead, you can do this there. If it is, Pi-Hole is a popular choice for local DNS and will let you do this.
How much do you trust the other devices on your network? Including the Alexa devices, the smart thermostats, the sprinkler controllers, the Roku, etc.? Remember, the S in IOT (“Internet of Things”) is for security.
“Back up files” and “make them available anywhere” are two very different requirements. For the first, well, any backup software that can back up to a SMB share will work–Veeam seems pretty popular, and it’s free for this purpose. Edit: or Urbackup is available as an app and would do the trick.
The latter is much more complicated. Nextcloud is probably the way to do it, and use Tailscale on the NAS and the remote devices to let them access it.
I’m also looking to remove the https warning from self-signed cert. I can set up the certs, etc. in TrueNAS. But, I’m stuck at the step you describe here.
I tried entering the IP address. But, get an error. From there, I’m not sure how to create a name that points to the IP address. I realize it may be different for everyone’s router/DNS setup. But, maybe it would help to know the steps/changes in your context? Or, maybe within the pi-hole context (I’m using that but couldnt find the answer)?
From there, I assume that the local DNS name has to include the domain name registered with cloudflare too? So, if it’s “myDomain.com” the local DNS name will have to be something like “truenas.myDomain”?
Of course, it’s very important to NOT expose the server to the internet. Ironically, I already know how to do that via reverse proxy and cloudflare, etc.
I entered the IP address as the “Subject Alternative Name” in the Certificate Signing Request wizard.
After doing that, the error appears when I try to generate a Certificate from that CSR. It doesn’t finish correctly and an error pops up complaining that the IP address isn’t a valid DNS entry.
You won’t be able to get a trusted cert with an IP address in the SAN. I’m not sure what you saw in this thread or the one you link that suggested otherwise.
I may have misunderstood others questions. But, I read them as very close or the same as mine.
A) I only want to access the TrueNAS server locally. Other than apps going through the reverse proxy, I don’t want it to be reachable via internet.
B) That said, I would still like to have a trusted cert for the server so that the browser doesn’t panic over the GUI and every other local-access app.
You can add the DNS records to your LAN DNS server (typically your router).
Alternatively, you can also add the domain name on your hosts file and it would pretty much resolve the name without needing any internet access or any complicated network setup. This is quick and simple if you only need it to work on one machine. On Windows, I think that file is located under C:\Windows\system32\drivers\etc\hosts and on *nix, it’s typically under /etc/hosts; you will need administrator access to change it on either system.
Of course there is, using local DNS resolution. How you’d do that depends on what you have serving DNS for your LAN. Ordinarily it’d be your router, and in OPNsense you’d set it up as a DNS host override. pfSense, it’d be the same. OpenWRT, I expect it’d be the same. In Pi-Hole 6, you’d go to Settings → Local DNS Records, and enter it like this:
Does the local machine host file get applied even if I’m using an external DNS server? And is it persistent (doesnt get wiped out by a dnscache clear etc)?
Thank you.
Easy enough. Before I make that edit though, would this meet my goals? ie. will the cloudflare cert apply to it correctly?
There is no “cloudflare cert;” there’s a Let’s Encrypt cert you’ve obtained on your NAS. If you’ve correctly obtained that, set TrueNAS to use that cert for its UI, and used local DNS to point a hostname that matches (one of) the name(s) on the cert to the IP of your NAS, it should work.