I mean, TrueNAS itself auto-configs a (self-signed) certificate, even though it inexplicably never renews it (and it’s now impossible to do so within TrueNAS UI/API, though you can always use openssl at the shell). Caddy, barring external supporting services, would likewise generate a self-signed cert, though it would keep the cert up-to-date.
But if you want Caddy to get you a trusted cert, you need to either port-forward to your NAS (a distinctly bad idea), or build it with support for your DNS host (or for Tailscale) so that it can get a cert using DNS validation. Once you’ve done that, the rest is easy, but it takes a bit on the front end. Compare that to “click the button to adopt in TN Connect.” Of course, the cert it gives you there is for a complete monstrosity of a FQDN, but that’s what bookmarks are for, right?
But I’m glad iX have at least made it clear that the purpose of Connect is to monetize TrueNAS at the home-user level by placing desirable features (in many cases, features iX have been promising for years) behind a paywall.
But if you want Caddy to get you a trusted cert, you need to either port-forward to your NAS (a distinctly bad idea), or build it with support for your DNS host (or for Tailscale) so that it can get a cert using DNS validation.
Some time ago I decided to just make all my services over Tailscale. They work everywhere exactly the same with minimal fuss. All caddy needed was visibility of the Tailscale socket.
The TrueNAS Connect foundation license is free enough for the purpose and would enable the feature. I just don‘t see the need to cloud enable my NAS to use a feature that doesn‘t have any cloud dependency otherwise.
So it’s clear now that TrueNAS Connect isn’t really about “centralizing system monitoring and management,” as the announcement a few months ago said; it’s instead about monetizing TrueNAS further by putting high-demand features behind a paywall.[1] I don’t love the idea, but it isn’t that different than what you’ve done with Enterprise, and devs gotta eat, after all.
But the other issue is reliance on your cloud service for features that are purely local. There’s no reason at all I should need a remote cloud service to see what disks are in which slots in my NAS. Or to have a GUI file manager for the contents of my NAS (something you’ve been promising for years without mentioning you’d be charging for it). Or for OAuth authentication for the NAS.[2] Or for Spotlight/search indexing to work. Or even for the web-based installer. The only feature that really requires[3] a remote service is the certificate management, because you presumably run DNS for the truenas.direct domain and that’s how you validate the certs.
A big part of the reason many of us have a NAS is that we want to keep our data locally, under our own control. Requiring a third-party, cloud-based service to do stuff locally on our servers is inconsistent with that objective. Which makes this particularly concerning, even ignoring the dismissive tone:
Are you planning that future releases of CE will require an Internet connection to function? Because that’s what this sounds like.
“But there’s a free tier!” Yes, but that does nothing to pay for TrueNAS development, which Morgan, Kris, and Andrew have all mentioned as the reason. ↩︎
This obviously depends on an OAuth provider, but it needn’t depend on TN Connect. ↩︎
We’ve seen other projects struggle mightily with maintaining cash flow, system updates, and so on. It wouldn’t be wild if ixsystems desired to create a paid tier or subscription level due to pressure from finance types.
However, paid services also raise expectations re: responsiveness to subscribers. That in turn would require a re-alignment on the part of management here summarily dismissing user concerns or popular feature requests even if paid CE users will never have the vote concentration re: economic power the way enterprise customers do.
I have tried to support ixsystems via purchasing my miniXL here and only graduated to the a76 case + supermicro motherboard when ixsystems had nothing comparable. I’ve tried buying the merchandise and while the stickers were great, the clothing was absolutely terrible.
Anything that requires control of my system to shift out of my home (for authentication, access, etc) is an absolute non-starter. I’d go plain Debian first if it came to that. Which is also why I think that purple offshoot TrueNAS front end [Ed: HexOS, thank you, @evan123] is doomed to fail.
The folk that use TrueNAS are self-selected, they want data-integrity and control. Otherwise, we would have selected among the many online options, many at price points well below our in-house systems.
In comparison to an enterprise customer, a home customer even with a modestly priced subscription is not going to be very profitable, especially when the foundation tier is free anyway, and is maybe even a distraction if more resources need to be allocated and managed to support these customers who are not very profitable.
Our value is testing at scales well in excess of the enterprise customer base, so the enterprise customers get a better product at reduced R&D cost.
Free but commercially licensed features do offer a way to differentiate the open source features that can be leveraged by other products from the TrueNAS-only features. Maybe that is relevant with the arrival of HexOS, built on TrueNAS.
All comes down to what the subscription entails vs. what it costs. Anything is better than nothing.
But, expectations would have to be carefully managed also. People who pay for subscriptions expect to be heard, not summarily ignored.
Ultimately, I expect more and more of TrueNAS to turn into a subscription business because the MBA types are enthralled by that business model. It’s simply too tempting and it’s made other c suite folk insanely rich.
TrueNAS CE does not require an Internet connection or subscription. All of the standard NFS/SMB/iSCSI/VM/App services run with ZFS storage and services. The WebUI and APIs do not need internet connectivity, but software updates are much easier.
TrueNAS Connect Foundation does not require a paid subscription. It does require an OAuth provider. This is all free.
However, some entirely optional new functionality that we develop will require either an Enterprise appliance or a paid Connect subscription. This is how we fund our development work. We would prefer the Community have access to some of our Enterprise features.
TrueNAS Connect is clearly in its infancy. Overtime, we expect to make it more useful and enable more options. One of the first is WebShare.
Each TrueNAS user will get to decide whether they want to contribute financially or not. We understand that some CE users will prefer to stick to the standard services and avoid any payments. We hope others will contribute because they see the value and want the improved quality and functionality.
If you do want to contribute, but not use a cloud subscription, please create a feature request.
Do you know if we will be able to pay for connect (to get access to the new features) but not use the auto generated certs? I manage my own certificates and want to continue the practice, so I want to ensure TrueNAS Connect won’t replace the publicly trusted cert I use for the web UI.
One other question I thought of. What domain are the certs tied to? It must be an iX managed domain in order to get valid certs. And then how is DNS mapped to the hostname/cert generated by TrueConnect?
