Mysterious inbound Cloudflare traffic associated with Actual Budget app

I have TrueNAS SCALE 24.10 Electric Eel running on my home server. I upgraded from 24.04 last month and the migration process was very smooth.

I recently installed the Actual Budget app – very nice! – and soon after I starting noticing more or less constant inbound network traffic. Bandwidth is more than 1Mb/s.

I examined the traffic with iftop on my truenas console and saw this:

                195Kb           391Kb           586Kb           781Kb      977Kb
└───────────────┴───────────────┴───────────────┴───────────────┴───────────────
192.168.1.250              => 104.16.3.35                11.2Kb  2.23Kb   571b  
                           <=                            1.11Mb   228Kb  57.0Kb

dig -x tells me that that IP address appears to be some cloudflare DNS servers.

$ dig -x 104.16.1.35
...
;; AUTHORITY SECTION:
16.104.in-addr.arpa.	2533	IN	SOA	cruz.ns.cloudflare.com. dns.cloudflare.com. 2288625500 10000 2400 604800 3600

When I stop the Actual Budget app, the inbound traffic from this IP immediately stops.

Can anyone shed any light on why this app would be getting so much (or any) traffic from Cloudflare?

For the record, I have never install the Cloudflared app – I’ve never done any Cloudflare tunneling. (I don’t need, and don’t want, my server to be accessible from the WAN.)

I’m not sure if this is an issue with how TrueNAS is running this app, or if I should go ask my question in the Actual Budget forum. But I figured I’d start here.

They shutdown the servers Nov 15th and went open source?
Is this what you are using?
https://actualbudget.com/

Open source link leads to https://actualbudget.org/

I’m just using the TrueNAS Community app “actual-budget”, installed from the TrueNAS app web UI.

https://github.com/truenas/apps/tree/master/ix-dev/community/actual-budget

Yes, I noticed that Actual Budget used to offer a hosted service. But since TrueNAS is running the app on my own server, I would assume it should never need to talk to any external servers.

I also tried running Actual Budget on my server using their docker-compose.yaml file, which is described here:

https://actualbudget.org/docs/install/docker#launch-container-using-docker-compose

When I run it this way, there is no traffic with the Cloudflare IP address. So it seems to me that this is related to the way TrueNAS is running the docker image.

There is a https request to registry.npmjs.org every 10 seconds.

A little digging reveals that docker is configured to do a health check every ten seconds:

            "Healthcheck": {
                "Test": [
                    "CMD-SHELL",
                    "NODE_TLS_REJECT_UNAUTHORIZED=0 npm run health-check"
                ],
                "Interval": 10000000000,
                "Timeout": 5000000000,
                "StartPeriod": 10000000000,
                "Retries": 30
            },

What is happening is that npm is checking for updates to the npm package every time it is invoked. It downloads the package manifest from the npm registry for that purpose.

Note that normally npm only checks for update every week, but that feature requires a writeable $HOME/.npm directory which doesn’t work in the container.

How to fix:
In the TrueNAS app configuration add the following environment variable

Name: NPM_CONFIG_UPDATE_NOTIFIER
Value: false

Thank you! I had narrowed it down to the healthcheck, but I couldn’t figure out why a simple healthcheck would be generating so much incoming data (relatively speaking). Your explanation about npm’s update behavior makes perfect sense. And adding the env var that you provided eliminates the incoming traffic. Thanks again!