With the recent announcement of the upcoming Electric Eel release and Truecharts deprecating its apps on Scale. Most of the apps I use with Truecharts are also available on the TrueNas app catalogue so it is not too much of a major blow (will also wait for TC to come out with a migration path), however how would I look to use Ingress in the future?
Right now I use Traefik for reverse proxy/ingress needs but I note that Traefik does not exist TrueNas app catalogue.
Any ideas on how this will look when Electric Eel is released and how I would go about retaining ingress functionality?
I’m going to suggest caddy. It can be installed on FreeBSD and Linux (via docker) and is dead simple to configure with a Caddyfile. The docs are also very helpful, and reverse proxy blocks are very simple to get set up.
But we will have to wait and see if the new Electric Eel Apps system has something that we can use…
Thanks guys. My hopes is that TrueNas provides something simple/native and easy to use in Electric Eel for the use of ingress as I have depended on Traefik now for a good while and the setup was fairly straight forward with that. That, or if TrueNas is not going to provide a “Native” method then hopefully TrueCharts future migration method may yeild something.
As you say, this is still very early days and I will have to wait and see what the options look like at the time, I just wanted to get a feel for how people not using TC were doing it
You can integrate traefik in your Compose files… Im in the process of researching howto. The Youtuber techno Tim has a good Video acompanied by a good written guide
Morgan has said that it will be coming. And if you’re able to, and do, tinker around with its configuration enough, as well as the configuration of any other apps, it can probably be made to do Ingress much like TC’s current implementation does. Other options would include:
Run your preferred reverse proxy (like Victor, I like Caddy; the Caddyfile is really simple to configure as a reverse proxy) as a custom docker-compose app
Run your preferred reverse proxy in a sandbox, with or without k3s or some other infrastructure
Run your preferred reverse proxy in a VM, with or without additional infrastructure
I’d definitely recommend waiting to see what TC’s going to come up in terms of migration. That’s my plan, and I’m hoping whatever it is doesn’t require me to be using Dragonfish, because it still doesn’t work for me.
I haven’t yet been able to make his guide work for me, though maybe Dockge is doing something to interfere with it.
Edit: apparently whatever TrueCharts’ solution is, it won’t be a sandbox:
I haven’t yet been able to make his guide work for me, though maybe Dockge is doing something to interfere with it.
Haven’t used dockge in my sandbox testing but portainer, and portainer has problems with the .env file. Maybe it’s the same for dockge. When i followed the steps in the guide and used
docker- compose up -d
the container would spin up.
Edit: and i think he said in the video, that you could skip the .env file and set the env in the compose file instead.
The error I’m getting right now deals with the acme.json file. If it isn’t already present, it gets created as a directory. If I do create it as a file, I get an error suggesting that I’m trying to mount a file as a directory or vice versa. I didn’t put much work into trying to troubleshoot; I’m otherwise using Caddy and it’s working well (including with my internal CA). Maybe I’ll get back to it.
dan, i have traefik working following the steps from technotims tutorial with a minor deviation. I enabled the unsecure access to the dashboard just so i can verify that traefik is indeed running. I have a valid cert from lets encrypt. Now i just have to add ingress back to my apps and i can remove the last truecharts apps which are still running. But that will have to wait for a week until my holyday starts.
Ingress and SSL termination IMHO belongs on the uplink firewall. There’s a nice Caddy based plugin for OPNsense and other products offer similar solutions.
It’s how I run all of my ingress - for jails, VMs, apps - regardless of how the backend application is implemented.
I’d agree with that with respect to services that are exposed to the outside world. But for services that run on the NAS and aren’t public, Ingress (at least TC’s flavor of it) on the NAS still makes sense for at least a couple of reasons:
No weird port numbers for your services–you can just browse to (e.g.) radarr.yourdomain rather than ip:10919
Even for local resources, browsers are complaining more and more about the lack of HTTPS
Sure, you could do this with the OPNsense Caddy plugin using ACLs and the like–but I think there’s some sense in having this controller on the NAS along with the applications it deals with.
The 1st iteration of Electric Eel Apps allows a choice of any ingess/VPN Apps that can be containerized; Caddy, NGinX, Traefik, etc… The new capability will be “internal networks” which allow Apps to be grouped with one ingress/VPN app.
We are looking for feedback on how to make this process easier… but you’ll need BETA software to do that. Nightlies in July, BETA in August.
I have switched to Bitwarden and the browser plugin after Apple’s keychain kept overwriting passwords of sites not related to the one it should have updated only.
