Requesting help to set up Tailscale and Caddy

I think I might actually have two issues here. I hope this isn’t against some rules, as at least one of the issues might not be directly related to TrueNAS

  1. Tailscale setup (maybe unrelated to TrueNAS)
    I’ve been trying to get support about Tailscale on StackOverflow and via their official support channel by email. No reply from them for two weeks now. So on Cloudflare I have DNS entry for my domain - CNAME * nas.aaa-bbb.ts.net. And seemingly it resolves:
dig +short test.domain.tld
nas.dab-deneb.ts.net

If I visit nas.dab-deneb.ts.net directly, I get TrueNAS UI. But if I go to test.domain.tld, I get ERR_NAME_NOT_RESOLVED

  1. How to route all traffic through Caddy? (don’t know if it’s related to the first issue)
    I was searching quite a bit, but can’t find a proper step by step tutorial how to set up routing through Caddy. I believe it involves port forwarding on router itself and I tried to forward 0.0.0.0 80 > 192.168.1.11 9080 (same for 443). 192.168.1.11 is my TrueNAS machine IP and 9080 is Caddy forwarded port. In Caddy container setup I have defined Container Port 80 and Node Port 9080 (similar for 443).
    I have Caddy itself up and running and in logs I see even Cloudflare certificates are obtained.

I’ve been stuck with this since I installed TrueNAS (a couple of weeks ago) :frowning:
Any help or just a pointer to the right direction would be greatly appreciated

OK, so after a long wait I just got a reply from Tailscale support about domain resolving. All I had to do, remove CNAME record and add A IP instead. Now all subdomains resolve to TrueNAS UI.

Any hints how to set up routing via Caddy?

Thanks :pray:

If that helps, this is what I have on my router (192.168.1.11 is my TrueNAS machine):

And that’s the Caddy app pets config:

My Caddyfile:

{
  acme_dns cloudflare {env.CF_API_TOKEN}
}

# Nextcloud
nc.mydomain.tld {
  reverse_proxy http://192.168.1.11:9001
}

# Jellyfin
jf.mydomain.tld {
  reverse_proxy http://192.168.1.11:30013
}

# Immich
immich.mydomain.tld {
  reverse_proxy http://192.168.1.11:30041
}

No matter which subdomain I try, I always get served TrueNAS SCALE UI

have you figured out yet? I’m exeriencing the same issue.

Unfortunately, no. I just ditched Tailscale and routing works as expected via Duck DNS. I’d still like to get it working with Tailscale though

1 Like

Yeah, looks like there’s no way to make it work with tailscale. I’m gonna try other ways to access my nas remotely.

Please let us know if you find any :pray:

I got it working. I still use Tailscale to access the Truenas UI, but I use Cloudflare Tunnel to access all my docker apps. I pretty much just followed the guide on the truenas doc.

I’m going to follow a youtube video on how to add vlan to Cloudflare Tunnel, so it’s a bit more secure. I was going to use Cloudflare Access, but it doesn’t work for Emby and honestly, all my other services are not that sensitive.

Somehow I can’t post links here, so you have to search for those guides yourself.

1 Like

Does cloudflared allow uploading files over 150M? I’m pointing to my minio via cloudflare tunnel, but I can’t upload large files from console UI.

Cloudflare tunnels shouldn’t be used for large Tunelling, Cloudflare has limits if the app can’t chunk files

Yeah, I think in the terms for Cloudflare Tunnels, they said this should be mostly used for HTML, not other files. I used that for Emby could be a problem, hopefully Cloudflare don’t think I’m abusing it.

Is there any other intranet penetration solution that can solve this problem: using a custom domain name to be able to upload via large files. Because of this it is possible to use your own NAS to provide a cloud storage for you and your friends to use, thus saving the cost of renting a cloud server.

As far as I know, synology’s own service quickconnect provides a similar service, and there seems doesn’t to be a complete solution on TNS to do this, tailscale + nginx proxy manager can at best only do example.com:port for mapping. It can’t do subdomain.example.com.

Honestly I haven’t explored it, basically it’s not a problem I deal with too much, aka I use port-forwarding, tailscale or tunnels for 99.9% of my uses, and if I need to, I’ll get a cheap VPS

1 Like