Inter-container networking for apps

Hello. New truenas user, with 25.10 installed. Can someone please help me better understand how the inter-container networking option works? I’m struggling with that.

What I’m ultimately trying to accomplish is using nginx proxy manager as a TLS-enabled reverse proxy for all HTTP services running as apps on truenas. I have the following working now:

App: scrutiny (example)
Networking: Publish port on the host
Port: 31054

Now, with nginx proxy manager and a CNAME for my NAS, I can do this:
https:// scrutiny. domain. com: 30022 → http:// nas. domain. com: 31054

However, I don’t want the http service exposed on my network. ONLY the HTTPS service via nginx should be exposed. I want to do something like this to hit scrutiny’s service internally:

https:// scrutiny. domain. com: 30022 → http:// localhost:8080

I’ve done this in the past with docker and an nginx proxy, referencing the container name. E.g.:

	server {
		listen 8443 ssl;
		http2 on;
		server_name server.domain.com;

		location / {
			set $upstream_host open-webui;
			proxy_pass http://$upstream_host:8080;

I’m trying to replicate this with nginx proxy manager on truenas. I can’t for the life of me figure out how to call scrutiny. According to this post:

forums. truenas. com /t/implemented-inter-app-communication-in-24-10-electric-eel/22054/15

The name format should be {container}.ix-{app-name}.svc.cluster.local. In my case, that should translate to ix-scrutiny-scrutiny-1.ix-scrutiny.svc.cluster.local if I’m doing it right.

ix-scrutiny-scrutiny-1 = container name from docker container ls output
scrutiny = app name configured in the application

But, I just get a 502 bad gateway when trying to connect to that.

I see from the same post that this functionality was broken in 24.10 and required a workaround, but supposedly fixed in 25.04… but also having trouble finding any definitive tutorials or posts showing a working example.

Can anyone help here? What am I missing?

Thanks.

Edit: Sorry for the dumb formatting in my examples. This forum wouldn’t allow me to post a message with links, but then kept insisting on converting my text into links.

Hello there. I struggled with a similar problem and I think, I found a solution on how to enable inter-container communication with TrueNAS native apps (no custom yaml needed) to connect e.g. to the Nginx Proxy Manager App.

Optionally: In the App config (e.g. immich, paperless-ngx etc.) set Port Bind Mode to “Expose port for inter-container communication”. Than only TrueNAS containers can connect to this app. All other LAN clients (PCs, smartphones etc.) will have to use the reverse proxy.

1. On TrueNAS host (e.g. via ssh) list all available docker networks with

   sudo docker network ls
   

   each App will get it’s own one by default (e.g. “ix-internal-immich-immich-net”)

2. In the setting of the App you want to connect (e.g. Nginx Proxy Manager App) scroll down to Network Configuration → Networks → [Add]

   • Name: the docker network from above (e.g. “ix-internal-immich-immich-net”)
   • Containers → [Add]
     • Container Name: (dropdown automatically populates) pick the current container (e.g. “npm”)

3. In NPM Add Proxy Host

   • for Forward Hostname / IP use the container name (e.g. “ix-immich-server-1”)
     • you can look that up on TrueNAS host (e.g. via ssh) with

       sudo docker ps
       

   • the Forward Port is usually the same as if you exposed the app to the LAN (e.g. 30041 for immich) but sometimes it’s 80 (e.g. for “ix-it-tools-it-tools-1”). You can check this via docker ps too in column “PORTS”

Notes:

• I am not an expert, so no guarantees. This is my first post in this forum
• You could also add the NPM network (“ix-nginx-proxy-manager_default”) to each App to achieve inter-container connectivity (that seems to be the method behind Dragonify) but as of my understanding that would be a potential security issue because now each app can talk to every other app because they are all in the same network. By adding each app network individually to the NPM app instead, the apps stay disconnected from each other.
• workarounds like docker network create npm-internal (as proposed in related topics, see below) would not survive TrueNAS upgrades etc. as of my understanding.

Related:

• Inter-App Communication with External Access through Official iX Apps?
• How to Use Inter-Container Communication in Truenas 25.4.2.1
• [Implemented] Inter-app communication in 24.10 Electric Eel - #14 by Stux
• Reddit - Please wait for verification

Create your own network thus:

docker network create --ipv4=true --ipv6=false --driver=bridge mynetwork.net --subnet=172.18.0.0/16

then on each container add the following:

–network mynetwork.net

to join the network, and each container can communicate with each other my their name…

But this won’t survive TrueNAS upgrades and also creates a potential threat vector, because now all apps can communicate with each other when really it would be enough if the reverse proxy can talk to each one individually (as in my approach).
Or am I missing something here?

You are correct, but one could create more than one network, and then subgroup your Apps in different networks.

It was just a thought…