Port Forwarding Query

P

panzerscope

Contributor
Joined
May 30, 2022
Messages
146
Hello All.

I currently have an SSL for my main domain which points to my TrueNas GUI. I have another domain that I would like to point specifically to my NextCloud App on my TrueNas. Which I will later make SSL secured.

The issue I have with my port forwarding is that my TrueNas GUI and NextCloud App use the same IP (192.168.1.10). For my use case regarding port forwarding, will it work if I change my NextCloud App settings host IP to something different, such as 192.168.1.11 and use this IP in the port forwarding ?

Thanks,
P
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,700
Just forward the port to the same IP, but different (correct for the app) port number...
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
The real way to do this (leaving aside that exposing the TrueNAS UI to the Internet is strongly discouraged for security reasons) is with a reverse proxy. Since you're using SCALE, Traefik works quite well, and its configuration is integrated into all (IIRC) of the TrueCharts apps. Set the TrueNAS UI to listen on different ports (e.g., 81 and 444), have Traefik listen on 80/443, and use it to direct traffic for nas.yourdomain, cloud.yourdomain, and whatever other apps you want to expose. It also handles all the TLS stuff. See:
www.youtube.com

TrueNAS SCALE - Installing Traefik using TrueCharts

This video shows a basic installation of Traefik as an "Ingress" reverse proxy on TrueNAS SCALE using the TrueCharts Community App Catalog.Due to complicatio...
www.youtube.com www.youtube.com

Reverse Proxy using Ingress | TrueCharts

To use Traefik as Reverse Proxy using Kubernetes ingress, all you have to do is enable "ingress" in the App of your choice and fill out a little form.
truecharts.org truecharts.org

Setting up External-Services | TrueCharts

Video Guide
truecharts.org truecharts.org
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,700
danb35 said:
exposing the TrueNAS UI to the Internet is strongly discouraged for security reasons
Click to expand...
Agreed. I should have noted that in my response.
 
P

panzerscope

Contributor
Joined
May 30, 2022
Messages
146
danb35 said:
The real way to do this (leaving aside that exposing the TrueNAS UI to the Internet is strongly discouraged for security reasons) is with a reverse proxy. Since you're using SCALE, Traefik works quite well, and its configuration is integrated into all (IIRC) of the TrueCharts apps. Set the TrueNAS UI to listen on different ports (e.g., 81 and 444), have Traefik listen on 80/443, and use it to direct traffic for nas.yourdomain, cloud.yourdomain, and whatever other apps you want to expose. It also handles all the TLS stuff. See:
www.youtube.com

TrueNAS SCALE - Installing Traefik using TrueCharts

This video shows a basic installation of Traefik as an "Ingress" reverse proxy on TrueNAS SCALE using the TrueCharts Community App Catalog.Due to complicatio...
www.youtube.com www.youtube.com

Reverse Proxy using Ingress | TrueCharts

To use Traefik as Reverse Proxy using Kubernetes ingress, all you have to do is enable "ingress" in the App of your choice and fill out a little form.
truecharts.org truecharts.org

Setting up External-Services | TrueCharts

Video Guide
truecharts.org truecharts.org
Click to expand...
Really helpful thank you, very much.

I will stop using a direct access to my GUI and setup using external services!

As for NextCloud....

I followed the second video for setting up Ingress using a subdomain of nextcloud.va.net (Fake) my main domain of va.net for TrueNas GUI). After this I then tried access the NextCloud GUI via my subdomain but it fails with the following.

1673530261781.png


As per the video, I also edited my Windows Hosts file so that when I put in the IP 192.168.1.10, it would resolve to my Sub Domain. For an extra check I also tried access via 192.168.1.10:443, but will get an Error 404 page.

I also checked inside the Traefik app to see what was going on, I can see the below.

1673530512458.png

All "looks ok", but I am not experienced, so perhaps there is something telling here by those who know better.

Just for reference my configuration that I set, as per the Ingress setup video is as below:

1673530777362.png


1673530970556.png


Did I miss anything ?

Thanks in advance!
P
 

Attachments

  • 1673530202246.png
    1673530202246.png
    14.9 KB · Views: 170
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
panzerscope said:
I also edited my Windows Hosts file so that when I put in the IP 192.168.1.10, it would resolve to my Sub Domain.
Click to expand...
This sounds backward; you'd want the subdomain to resolve to 192.168.1.10. And really, you'd want to use some kind of DNS service for this, ideally on your router, or perhaps using Pi-Hole. But to test this, what happens if you run ping nextcloud.va.net from the command prompt on your Windows system?
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
P

panzerscope

Contributor
Joined
May 30, 2022
Messages
146
danb35 said:
I just watched a video this morning that showed a somewhat different method:
www.youtube.com

Secure HTTPS for all your TrueNAS Scale Apps (traefik)

In this Tutorial we install Traefik, a free and open-source load balancer, on TrueNAS Scale. We will cover the creation of trusted SSL Certificates via Letse...
www.youtube.com www.youtube.com
Click to expand...
Thanks I will take a look into that.

Regarding your other post. I managed to play with my DDNS settings, and browsing to the subdomain is now validating against DNS just fine, but even though my server has a valid and working SSL for my domain, and by extension my sub domain, I am getting an SSL error.

SSL.jpg


I will look into this video to see if that helps.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
The Advanced button will give you more information about the problem, but it's likely one of two things:
  • You're using the default self-signed certificate, or
  • You're using a Let's Encrypt cert, but you requested it from the staging server.
 
P

panzerscope

Contributor
Joined
May 30, 2022
Messages
146
Update. As per the Last video suggestion. I went ahead and setup Cloudflare as an ACME provider and now I have a certificate on my TrueNas via LetsEncrypt., authenticated against Cloudflare, again, as per the video I also used a wildcard so that my sub domains for any apps should be fine. The Main Domain and Sub Domain are all working nicely with SSL as expected.

As per the video, I decided NOT to have a separate alias IP as suggested and went ahead and changed my TrueNas GUI Ports to 81/444 whiles configuring the Traefik app to use 80/443. Setting up the Alias was causing issues as the system would not allow me to add another Alias IP on the same IP Subnet and decided it might be better to just go the different ports method. I may try the IP method again at somepoint.

I decided to start fresh with NextCloud and re-installed it and set up the Ingress settings as before. However, if I use my sub domain, it will take me to my TrueNas GUI, instead of the NextCloud. I was also able to replicate this by going to the NextCloud App and clicking "open", it correctly loads the sub domain as per the ingress configuration, but will take me to the TrueNas GUI.

I am going to sleep on it, but wondered if anyone had any ideas on this one ?

Thanks for all your help so far.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Port Forwarding Query"

Similar threads

E
Transmisison app with PIA OpenVPN and port forwarding
Replies
2
Views
3K
emk2203
emk2203
Artichoke
Nextcloud redirects to local IP when trying to access from domain
2
Replies
26
Views
17K
mooneydude
M
O
Nextcloud: HAProxy: Pointing to TrueNAS UI
Replies
1
Views
2K
Darren David
D
G
Exposing Nextcloud to the web results in a local ip redirection
Replies
8
Views
8K
dominik0711
dominik0711
B
qBittorrent - Port Forwading
Replies
9
Views
10K
eXPerience83
E
Top