Accessing Freenas from 443 port over domain letsencrypt

[bo3ek]

Hi.
I have a problem with ssl connection to freenas. I run Freenas on VM on proxmox and also I have a container with has letsencrypt certificates for my few domains. I use the reverse proxy to redirect each domain to the right virtual machine or container with different systems on them. I also redirected one domain to the Freenas Virtual Machine. Because letsencrypt certificates are stored on the conteiner, reverse proxy redirects the trafic already on port 443 to the Virtual machine with freenas. Unfortunately if I try to access the free nas over the domain name, I get https://mydomain.something connection established but nas server gives me a informationa like this:
"Connecting to FreeNAS ... Make sure the FreeNAS system is powered on and connected to the network."
When I type the ip address localy on the local LAN all works fine but as normal with no ssl and I can login over http://192.168......
I spent already hours searching for solution but with no luck.
I would be greatful for any sugestions.
Pit.

 

[Ericloewe]

Don't do that. The WebGUI is not designed to be exposed to the internet. Use a VPN instead.

 

[ornias]

Don't do that. The WebGUI is not designed to be exposed to the internet. Use a VPN instead.

Or a solid reverse proxy with solid authentication, including 2FA and anti-brute force, like Traefik with Authelia (and optionally fail2ban)

 

[danb35]

...and with those cautions given, the problem is almost certainly in your reverse proxy configuration. A quick web search doesn't find much detail about putting FreeTrueNAS behind a reverse proxy, but perhaps whatever support channels are out there for whatever reverse proxy software you're using can help.

 

[ornias]

...and with those cautions given, the problem is almost certainly in your reverse proxy configuration. A quick web search doesn't find much detail about putting FreeTrueNAS behind a reverse proxy, but perhaps whatever support channels are out there for whatever reverse proxy software you're using can help.

Agreed, this has next to nothing to do with TrueNAS/FreeNAS...
Seems like the websocket isn't passed by the reverse proxy.

 

[bo3ek]

Right. Thank you very much for your update on this. I like the idea with the VPN connection to keep all this safe. I am just a babyboy in linux at present and could you point me where to start to establish the private VPN connection please? I like the idea of connecting to my LAN from the world and access it as being at home... I know that this is offtopic from freenas but I would be very greatful for some directions where to start.
Thanks

 

[danb35]

Really, the question not only doesn't have anything to do with FreeNAS, it doesn't have anything to do with Linux--it's more a matter of basic networking. Broadly speaking, to do this, you need to run a VPN server at home, and a suitable VPN client on whatever mobile device(s) you'd be using.

VPN Server
On the Router
IMO, the best way to run a VPN server is on your router. I use pfSense for my router, which supports a number of VPN technologies. Other software that will do this includes OPNSense, IPFire, Sophos XG, and Untangle. All of these are software that will turn a PC into a powerful and featureful router, and all of them include VPN servers (I use a small PC from Protectli). You could also use server software like Nethserver (which I also use), which acts as a router/firewall, and also provides web/mail service, file sharing, and other services. I don't use Nethserver as a router, but it can serve in this role and provide VPN service as well.

If you don't want to go this route, you can use a dedicated Internet router that includes a VPN server. One such device is the Unifi Dream Machine/Security Gateway. Many other higher-end routers also include this capability.

A third possibility is to use a third-party firmware for your router, or buy a router that supports it. Firmware like dd-wrt or OpenWrt can act as a VPN server.

On TrueNAS
If none of these will work for you, with version 12.0, TrueNAS now includes an OpenVPN server service. To use that, you'd use your router to forward port 1194 to your TrueNAS box, then configure and activate the OpenVPN Server (not OpenVPN client) service on your FreeNAS box. An advantage of this method is that the only feature you need on your router is port forwarding, which almost all routers support. Philosophically, though, I feel that this is a function that belongs on the router.

Dynamic DNS
In order to connect to your home network remotely, you'll need to know its address. Most residential Internet service, at least in .us, gives you a dynamic IP address, meaning it can change from time to time. The way to handle this is using a dynamic DNS service to assign a name, and then a piece of client software on your network to advise your DNS service of your IP address whenever it changes. Any of the routers that would give you a VPN server would also have a dynamic DNS client, so consult the documentation of your router of choice to see which services are supported.