SOLVED Reverse proxy for TrueNas Scale

[gorrunyo]

Hi,

I'm sure my question is trivial and is documented somewhere but after some search in the forums and google I couldn't find what I'm looking for.

I just installed TrueNAS-SCALE-22.02.3 and enabled both NextCloud and Plex official services. They are up and running and can be accesses through ip:port addresses.
Now, I have DNS domain A and CNAME name records for each of these applications and a router port redirection to the TrueNax box.

I could not find though hot to redirect accesses to these application FQDNs to the right ip:port in TrueNas.
In other systems I used a reverse proxy (nginx) and I see that the community app repository provides Traefik network manager for this purpose.

But I couldn't find how to do it with the ixSystems provided applications.

Any help or pointer to the right documentation will be very appreciated.

Thanks

 

[dgrigo]

nginx is already installed with nextcloud , using the official charts, i can use my domain fine with emby and nextcloud, in next cloud use your domain name instead of ip and choose your generated crt.
the try your domain/9001 , to see it goes fine, for windows i use a host file on nas and windows hosts to my domain.
tell me if this helps, I amd not talking about trucharts, but official charts apps.

hope it helps

 

[mgoulet65]

Have you tried looking at Traefik?https://www.youtube.com/watch?v=0Rmav5gyAwI&t=1s

 

[dgrigo]

Have you tried looking at Traefik?https://www.youtube.com/watch?v=0Rmav5gyAwI&t=1s

Thanks! , I am sticking with official charts, so i am fine with nginx

 

[sretalla]

the community app repository provides Traefik network manager for this purpose.

TrueCharts isn't a community app repository... although they do accept/encourage community feedback and contribution to their work.

I don't see any reason to see TrueCharts as any less valid than the "Official" apps... perhaps even some reasons to see them as a more complete and comprehensive solution that provides/exposes many more of the options of kubernetes than offered by the official charts/apps.

 

[dgrigo]

I don't see any reason also to move from official, as it is I have a fully functional EMBY , the nginx is already in truenas as it serve the web interface, so i have my https with my subdomain by using conf.d with port, and with some modifications on deployment and emby's system config i can enable host networking so even dnla is working! why I need more options ?
same with nextcloud too...
tell me 1 reason that i need something that's available in truecharts.

btw , I am not bashing truecharts nor the community behind it, so I am thankful that it exist ! maybe in the future I have some need that's not available on official charts.
more of us , more knowledge flowing around! I just came from Synology as I don't like were they headed, I had a backup freenas, now i have a truenas scale too as my main server.

And thank you for suggestion :)

 

[sretalla]

tell me 1 reason that i need something that's available in truecharts

I'm not here to sell you TrueCharts.

nginx is already in truenas as it serve the web interface, so i have my https with my subdomain by using conf.d with port, and with some modifications on deployment and emby's system config i can enable host networking so even dnla is working! why I need more options ?

You may find it annoying to re-do your changes when the system updates. Your choice though.

 

[danb35]

You may find it annoying to re-do your changes when the system updates.

...or even when you reboot the system, as pretty much everything in /etc/ is overwritten at boot. Edit: never mind, I was thinking of the main system/s nginx installation, but @dgrigo was using nginx in the Nextcloud.

@sretalla, for this reason, system reboots and upgrades won't affect these customizations, but updates to the Nextcloud app could.

 

[truecharts]

TrueCharts isn't a community app repository... although they do accept/encourage community feedback and contribution to their work.

We are definately a community App Catalog. Everything is build and maintained by our community, which is almost 4K people strong on discord.
Just like any piece of opensource, most work is done by a small group of people, but that's the same with any community repository.

We're not "the" community Apps catalog (that would actually be rather silly), but we're definately "a" community catalog. Not just a small group accepting input/PR's.

I don't see any reason to see TrueCharts as any less valid than the "Official" apps... perhaps even some reasons to see them as a more complete and comprehensive solution that provides/exposes many more of the options of kubernetes than offered by the official charts/apps.

From a technical perspective: both are "just" third party Helm Repositories. With the same pro's and cons that come with third party helm repositories.
In that regard, we feel the term "official" is also giving people the wrong impression that iX Apps/Charts are sanctioned by the creator of said applications, which they are not (in most cases!).

I don't see any reason also to move from official, as it is I have a fully functional EMBY , the nginx is already in truenas as it serve the web interface, so i have my https with my subdomain by using conf.d with port, and with some modifications on deployment and emby's system config i can enable host networking so even dnla is working! why I need more options ?
same with nextcloud too...
tell me 1 reason that i need something that's available in truecharts

In short:
You might simply not need that.
However: there are a lot of users that want features not available in official Apps (ingress/reverse-proxy support, resource limits, build-in vpn support etc) or simple want apps that are not available on the official catalog (we've 750+ Apps, vs the dozen in the official catalog).

But there are also inherent design differences: For example, Our App for Nextcloud is a LOT more performant, by having Redis and the High-Performance-Backend for files integrated into the App where official has not.

On top of that, without wanting to bash iX at all, our developers and support staff are actually basically available for issues 24/7 and often respond in less than 12 hours. Whereas iX, officially, is only available via Jira Tickets (though do respond on personal messages, the forums and discord from time-to-time, it's not always the case)

We never said we where a one-stop-shop for everyone and every usecase. But there are definately cases to be made for both catalogs ;-)

 

[dgrigo]

I'm not here to sell you TrueCharts.


You may find it annoying to re-do your changes when the system updates. Your choice though.

I did update to 22.02.04 , nothing changed

 

[dgrigo]

and even if they change a cron job will do the trick, no?

 

[dgrigo]

We are definately a community App Catalog. Everything is build and maintained by our community, which is almost 4K people strong on discord.
Just like any piece of opensource, most work is done by a small group of people, but that's the same with any community repository.

We're not "the" community Apps catalog (that would actually be rather silly), but we're definately "a" community catalog. Not just a small group accepting input/PR's.




From a technical perspective: both are "just" third party Helm Repositories. With the same pro's and cons that come with third party helm repositories.
In that regard, we feel the term "official" is also giving people the wrong impression that iX Apps/Charts are sanctioned by the creator of said applications, which they are not (in most cases!).




In short:
You might simply not need that.
However: there are a lot of users that want features not available in official Apps (ingress/reverse-proxy support, resource limits, build-in vpn support etc) or simple want apps that are not available on the official catalog (we've 750+ Apps, vs the dozen in the official catalog).

But there are also inherent design differences: For example, Our App for Nextcloud is a LOT more performant, by having Redis and the High-Performance-Backend for files integrated into the App where official has not.

On top of that, without wanting to bash iX at all, our developers and support staff are actually basically available for issues 24/7 and often respond in less than 12 hours. Whereas iX, officially, is only available via Jira Tickets (though do respond on personal messages, the forums and discord from time-to-time, it's not always the case)

We never said we where a one-stop-shop for everyone and every usecase. But there are definately cases to be made for both catalogs ;-)

To be fair, as my choice was a server drawing less power so i have a T processor with tdp 35 watts , i hate that the catalog and the way IX implemented it kneels my server to crawl when refreshing catalogs and or restarting server. so I have tried Truecharts for those 2 apps, emby and nextcloud but could not find a reason to have the catalog atm, both of them have https working etc, for vpn i have my asus ax88u router that vpn's to my mac address to the server and can enable or disable whenever i want.
I respect all work and the catalog, and I am sure @ some point will come handy, just not now

Thank you!

 

[sretalla]

I did update to 22.02.04 , nothing changed

Good for you.

and even if they change a cron job will do the trick, no?

Possibly.

But you are here in this thread because you proposed your way of doing it as an option that would satisfy somebody else's needs... I guess not taking into account the possibility of that person not wanting to create cron jobs or startup tasks or whatever.

It's open-source so do with it as you wish, but if you're going to recommend somebody else follows you down a path of (unsupported) customization, please be prepared to share methods and details for those people to follow and not end up lost and seeking help from the forum in general. At very least, make it clear that your proposal is unsupported and not recommended for folks who can't support themselves.

 

[danb35]

i hate that the catalog and the way IX implemented it kneels my server to crawl when refreshing catalogs

I haven't found that it greatly slows down my server (though I have considerably more CPU horsepower than you), but I do find that it takes a long time to refresh the catalog. Like "many minutes" long. And for something that I'd think wouldn't be more involved than refreshing a git repo (though I expect I'm mistaken here, resulting in the discrepancy), this seems ridiculously excessive. @truecharts, can you explain what's going on to take so long?

 

[truecharts]

I haven't found that it greatly slows down my server (though I have considerably more CPU horsepower than you), but I do find that it takes a long time to refresh the catalog. Like "many minutes" long. And for something that I'd think wouldn't be more involved than refreshing a git repo (though I expect I'm mistaken here, resulting in the discrepancy), this seems ridiculously excessive. @truecharts, can you explain what's going on to take so long?

It also gets validated to have a somewhat okey format and certain values get loaded into the SCALE database (the apps page does not get loaded from file, luckily).
It's not "just" refreshing a git repo.

 

[dgrigo]

Good for you.


Possibly.

But you are here in this thread because you proposed your way of doing it as an option that would satisfy somebody else's needs... I guess not taking into account the possibility of that person not wanting to create cron jobs or startup tasks or whatever.

It's open-source so do with it as you wish, but if you're going to recommend somebody else follows you down a path of (unsupported) customization, please be prepared to share methods and details for those people to follow and not end up lost and seeking help from the forum in general. At very least, make it clear that your proposal is unsupported and not recommended for folks who can't support themselves.

Well, luckily that's why forums exist, nobody who don't pay expect support for scale from IX.
I was trying to be helpful to the poster, giving him some idea, din't exposed anything , so i did nothing wrong.
if he wanted more info i would have given him, and this, if he asked, I knew he would be able to support himself to give him more info.
Support is forums , user to user support.

I see hundreds of questions about reverse proxy, ingress, apache, whatever …
Anyway @gorrunyo my solution is unsupported...

Thank you
Ευχαριστώ

 

[sretalla]

Well, luckily that's why forums exist, nobody who don't pay expect support for scale from IX.
I was trying to be helpful to the poster, giving him some idea, din't exposed anything , so i did nothing wrong.
if he wanted more info i would have given him, and this, if he asked, I knew he would be able to support himself to give him more info.
Support is forums , user to user support.

Don't take my feedback as anything other than that... I want to see the community support succeed as much as (or maybe more than) most.

Contribute as you see fit.

We are definately a community App Catalog

My mistake, but comments like the one below that I had seen you make before seemed to be indicating that you were more of an enterprise (albeit an open one with community support).

I was certainly trying to draw some kind of contrast with the Community Plugins catalog in CORE, which you are certainly not in any way a parallel to (which is a very good and appreciated thing).

our developers and support staff

Good on all of you and the community for providing that alternative.

 

[truecharts]

My mistake, but comments like the one below that I had seen you make before seemed to be indicating that you were more of an enterprise (albeit an open one with community support).

At the moment we're 100% a community.
In the future, this might need to move to a bussiness entity for tax reasons. But even then: All Apps/Charts will stay opensource and the incubator and stable trains will stay managed by volunteers. As well as community support by volunteer staff will also stay in place.
(Which means: not much will change)

We will, however, in the near future release the "Enterprise" train, with specific Apps that are kept to a much higher standard. These will also be kept opensource (as well as their documentation), but with additional costs if you want support. These costs are mostly to allow for much more thorough documentation and time-intensive testing.

This is mostly based on community feedback with "but I use this for my small bussiness". We wanted to ensure people can easily seperate what is deemed to be "fit for bussiness use" and "might be fine, but don't look at us"-fine. Which, as a sad fact, does take considerably more time and resources to do, so that will be a significantly smaller curated lists of Apps.

However: Even though those Apps will not get community support, the much increased documentation standards for them, should cover most of that :)

In either cases: There are no official plans to encorporate TrueCharts any time soon!

I was certainly trying to draw some kind of contrast with the Community Plugins catalog in CORE, which you are certainly not in any way a parallel to (which is a very good and appreciated thing).

We're indeed definately not a community repository (badly) managed/maintained by iX-Systems, no...
(with all the good intentions, it's badly maintained.)

 

[mgoulet65]

At the moment we're 100% a community.
In the future, this might need to move to a bussiness entity for tax reasons. But even then: All Apps/Charts will stay opensource and the incubator and stable trains will stay managed by volunteers. As well as community support by volunteer staff will also stay in place.
(Which means: not much will change)

We will, however, in the near future release the "Enterprise" train, with specific Apps that are kept to a much higher standard. These will also be kept opensource (as well as their documentation), but with additional costs if you want support. These costs are mostly to allow for much more thorough documentation and time-intensive testing.

This is mostly based on community feedback with "but I use this for my small bussiness". We wanted to ensure people can easily seperate what is deemed to be "fit for bussiness use" and "might be fine, but don't look at us"-fine. Which, as a sad fact, does take considerably more time and resources to do, so that will be a significantly smaller curated lists of Apps.

However: Even though those Apps will not get community support, the much increased documentation standards for them, should cover most of that :)

In either cases: There are no official plans to encorporate TrueCharts any time soon!



We're indeed definately not a community repository (badly) managed/maintained by iX-Systems, no...
(with all the good intentions, it's badly maintained.)

This sounds like a very welcome set of plans. I'll eagerly await the publication of the enterprise catalog.

 

[gorrunyo]

nginx is already installed with nextcloud , using the official charts, i can use my domain fine with emby and nextcloud, in next cloud use your domain name instead of ip and choose your generated crt.
the try your domain/9001 , to see it goes fine, for windows i use a host file on nas and windows hosts to my domain.
tell me if this helps, I amd not talking about trucharts, but official charts apps.

hope it helps

Thanks for the reply @dgrigo .

If I understand your solution, I have to use the custom port (9001 or whichever) in order to access Nextcloud UI.
That means that if I need to access from outside my network I need to forward the specific port on my router, for every application I want to install (in this case Nextcloud). Is that correct?

Is there a way to configure Nginx to use just the FQDN subdomain to forward to each application?

Cheers