How to deploy a reverse proxy docker container on TrueNAS SCALE when I can't assign port <9000?

SnoppyFloppy

Explorer
Joined
Jun 17, 2021
Messages
77
Hi guys

I'm am really looking forward to the day when TrueNAS SCALE reach general availability as seems like it will support all my serving needs (docker + TrueNAS + maybe KVM).

However there is one thing I haven't figured out how to accomplish with TrueNAS SCALE.

I only have a single server and I want to deploy an nginx reverse proxy container only reachable via LAN + VPN.

Now TrueNAS SCALE only allow me to assign ports > 9000 and since I'm not exposing the reverse proxy to the internet, I won't have my router to port forward <my_public_IP>:443 to e.g. <TrueNAS_SCALE_server_IP>:9443.

As far as I know a reverse http(s)-proxy only accept connections on port 80 and 443 and either way I wouldn't want to have to specify port 9443 all the time.

Any ideas on how to solve this?
 

flatline69

Dabbler
Joined
Jan 30, 2021
Messages
29
I had to use networking=host in order to accomplish this. Read somewhere here in the forum that it's intrinsic to Kubernetes. I did see one TrueChart that allowed you to specify port(s) under 9000 but it's custom so you'd have to write your own chart/questions.
 

SnoppyFloppy

Explorer
Joined
Jun 17, 2021
Messages
77
Hi @flatline69

Thanks for your reply. So if I use networking=host, I can assign port 443 and 80 and then I just assign different ports for the TrueNAS web-UI?

And does it have any negative implications networking=host?
 

SnoppyFloppy

Explorer
Joined
Jun 17, 2021
Messages
77
One more thing @flatline69

I searched for networking=host in the kubernetes documentation to see how exactly to use it, but I didn't find it. However I do find hostNetwork: true in the documentation.

Is networking=host by any chance the docker-equivalent of the specification?
 

flatline69

Dabbler
Joined
Jan 30, 2021
Messages
29
One more thing @flatline69

I searched for networking=host in the kubernetes documentation to see how exactly to use it, but I didn't find it. However I do find hostNetwork: true in the documentation.

Is networking=host by any chance the docker-equivalent of the specification?

I specify host networking in the docker config generation phase from Apps > Launch Docker Image and it operates as the docker compose equivalent as far as I've seen and I also reconfigured the TrueNAS Web UI ports as well as I run swag as a container on 80/22/443:

edit: note that using host networking is of course not as safe as NOT using it but it was the only way I could get around the port 9000+ restriction without having to write my own charts. I did look into how they're done based on github examples but it's more of a time thing for me.

1626914247061.png
 
Joined
Jan 4, 2014
Messages
1,644
Now TrueNAS SCALE only allow me to assign ports > 9000 and since I'm not exposing the reverse proxy to the internet, I won't have my router to port forward <my_public_IP>:443 to e.g. <TrueNAS_SCALE_server_IP>:9443
I'm not sure what the issue is here? You may be confusing Container Port and Node Port. Consider the example below...

ts10.jpg


Yes, the minimum value for Node Port is 9000, but as the example shows, I'm still mapping to container ports 80 and 443. Now, on the router, I'd just map (port forward) the router external ports 80 and 443 to the server at internal ports 9004 and 9005 respectively to connect with the container.
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
Seems that using Traefik would be the right answer here... it would normally be defined as Ingress and would take all 80 and 443, then redirecting to the apps automatically based on domain or URL.

Maybe look into that in the kubernetes context to understand it a bit better. It's in TrueCharts by default and is integrated with at least some of the apps.
 
Top