Correct way to setup a network bridge for VMs, installed apps using Let's Encrypt cert, access server, etc via domain for cert.

[ScottN]

So I ran into the "VMs cannot see host" as I could not map a network share in Windows Server VM.

I found a video online that got me to create a bridge and I was able to then map a drive in the Windows VM. Video here: https://www.youtube.com/watch?v=7clQw132w58

It was very helpful. Now I'm onto my next configuration to get my Let's Encrypt setup. But I believe something just isn't configured correctly. I've setup Let's Encrypt to get a cert for a domain, lets say truenas.mydomain.com, which was created and is available. I changed TrueNAS to use that cert as default. I rebooted the server for good measure.

Now, under network settings the TrueNAS primary IP is .159 and the bridge is .60

I'm operating the server on my own home network for now (eventually server will live in a datacenter and have a public IP). So I'm manually editing my hosts file to point the .159 IP to the domain/cert (truenas.mydomain.com) that I have setup in TrueNAS. I'm able to get my browser to goto truenas.mydomain.com, the web login works. All is well it seems.

Now I have the MinIO app installed as well. When I open the web portal via the button on the app, it opens to .159 (not truenas.mydomain.com) and works. But if manually change the address in the browser to truenas.mydomain.com with HTTPS for the MinIO console, I get a SSL_ERROR_RX_RECORD_TOO_LONG error in Firefox and Chrome says ERR_SSL_PROTOCOL_ERROR. MinIO is not configured correctly it seems to use the server cert?

This question/post is kinda all over the place (I apologize), so I'll sum up what I'm trying to achieve:

1) Have a bridge (or some other config) that allows my VMs to access the TrueNAS host storage pool/shares
2) Configured SSL certificate correctly on the server (I think I have this set properly)
3) Have any apps, particularly MinIO in this instance, be able to respond on the SSL certificate domain properly (will need this for the public MinIO API for object upload/downloads)
4) For the bridge configuration, I had to bind it to an available interface. Is that interface basically un-usable now by anything else?

Thanks,
Scott

 

[ScottN]

Bump.

Anyone know how to get MinIO app to use it's own SSL certificate? Does/can it use it's own subdomain like minio.mydomain.com? What is the standard way to have an TrueNAS app configured for SSL?

 

[sretalla]

Now, under network settings the TrueNAS primary IP is .159 and the bridge is .60

Not sure about the guide you followed, but if it landed you with an IP on the NIC and on the Bridge, it's wrong.

For the bridge configuration, I had to bind it to an available interface. Is that interface basically un-usable now by anything else?

Once you have a bridge, why would you care about the NIC? everything you need can be done with the bridge instead of the NIC once the bridge is there.

 

[ScottN]

Thanks for the response. Just a fair warning. Newbie user here to TrueNAS, although plenty of experience in Linux and Windows. Just trying to understand best practices for configuration for TrueNAS.

Not sure about the guide you followed, but if it landed you with an IP on the NIC and on the Bridge, it's wrong.

I posted the video link, can you take a look and see where the configuration is wrong and advise on correct detailed steps on how to setup bridge if it's wrong? There is next to no information out there, and if there is, it's incomplete. New users need a bit more hand holding for these things. https://www.youtube.com/watch?v=7clQw132w58

Once you have a bridge, why would you care about the NIC? everything you need can be done with the bridge instead of the NIC once the bridge is there.

The motherboard has 4 NICs. 2 RJ45 (10GbE) and 2 RJ45 (1GbE). I'm curious about pass through devices, etc. if one NIC is dedicated bridge.

 

[sretalla]

I posted the video link, can you take a look and see where the configuration is wrong and advise on correct detailed steps on how to setup bridge if it's wrong?

I'm not interested in looking at youtube videos. Here are the simple steps to get it right: https://www.truenas.com/community/t...as-scale-host-or-vice-versa.88487/post-651609

The motherboard has 4 NICs. 2 RJ45 (10GbE) and 2 RJ45 (1GbE). I'm curious about pass through devices, etc. if one NIC is dedicated bridge.

I suspect your 4 devices are all visible as independent PCIe devices and potentially can be put in passthrough for a VM.

When you're using a NIC for the system (and you put it in bridged mode so it can work properly), you can add as many virtual NICs to that bridge as you want and assign those into VMs, without needing passthrough. Different outcomes, which you may want for different reasons.

I haven't looked deeply into how it's handled in SCALE, but IOMMU would need to handle the NICs you want to passthrough and you need to avoid the driver being loaded in TrueNAS for it to work properly, so a NIC can't be used for anything else once you do it.

 

[LarsR]

correct steps to setup a bridge are:

1. Remove static ip from the primary Nic
2. Create bridge and add primary nic as member
3. Assign old static ip from nic to your new bridge
4. Test & Save changes

If you want to add that bridge to an existing vm do the following:
Power off the vm
Edit VM devices so that the vm uses the bridge instead of the nic itself
reboot vm and be happy