TrueNAS 13.3 Wishlist

victort · Feb 12, 2024

Add bastille jail manager? Anyone?

victort · Feb 12, 2024

danb35 said:
I'm not @dak180, but I'd put Cloudflare at the top of the list (as apparently you folks did as well, it's one of only two others (in addition to Route53) that you've as yet put into SCALE). It's one of the most popular DNS hosts at least in the SOHO/SMB environment, which is no surprise since their DNS service is free and they have a robust API. If you're going to be getting a cert using DNS validation, Cloudflare is probably the most widely-recommended DNS host for that purpose.

And you've already done the work and testing to integrate it, so...

Definitely.

morganL · Feb 12, 2024

TheDragon said:
Porkbun is a popular alternative

If you desperately need it, please explain why.. and add a NAS ticket.

TheDragon · Feb 12, 2024

morganL said:
If you desperately need it, please explain why.. and add a NAS ticket.

TrueNAS 13.3 Wishlist

TrueNAS 13.3 is scheduled for RC1 and Release in Q2 2024. Nightlies are currently available. Primary improvements are: Samba 4.19 FreeBSD 13.3 updates OpenZFS 2.2.2 (with fast file copy) Bhyve updates Sidegrades to Dragonfish are reliable (HA or not) Interoperability with Dragonfish (rsync...

www.truenas.com

You asked for which specific providers people wanted - does this still need another ticket? As the reason why will be the same for all of them.

Would it not be simpler to just incorporate acme.sh? Given that project has already done all the legwork adding support for the numerous providers. Or is there a reason it can't be?

It's supports FreeBSD, more info:

GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol

A pure Unix shell script implementing ACME client protocol - acmesh-official/acme.sh

github.com

A list of all providers included:

dnsapi

A pure Unix shell script implementing ACME client protocol - acmesh-official/acme.sh

github.com

Patrick M. Hausen · Feb 12, 2024

Re: ACME DNS authenticators

morganL said:
Each one requires work and testing, so we would prefer the must-have list. Which one do each of you specifically need?

ACME DNS would be a start, because it's more or less standard and self-hosted. There's even a FreeBSD package for it that can easily be run in a jail. (I created the port

)

seanm · Feb 12, 2024

My absolute #1 request:

Bhyve with Ubuntu keeps locking up
<https://ixsystems.atlassian.net/browse/NAS-122108>

(I went as far as rebuilding bhyve from source to get this fix from upstream.)

@morganL can the ticket please please be reopened so it's not lost / forgotten.

seanm · Feb 12, 2024

Support better than ssh-rsa keys: <https://ixsystems.atlassian.net/browse/NAS-109023>

seanm · Feb 12, 2024

Add the ability to close useless TCP ports like:

- port 80: <https://ixsystems.atlassian.net/browse/NAS-109745>
- port 139: <https://ixsystems.atlassian.net/browse/NAS-110851>

(Security auditors love seeing closed ports, and they're not totally wrong)

Patrick M. Hausen · Feb 12, 2024

seanm said:
Bhyve with Ubuntu keeps locking up

I am confident this one will be fixed by simple shipping the versionof bhyve that is an integral part of FreeBSD 13.3.

Patrick M. Hausen · Feb 12, 2024

seanm said:
Support better than ssh-rsa keys: <https://ixsystems.atlassian.net/browse/NAS-109023>

I am using elliptic curve with TN 13 without issues.

morganL · Feb 12, 2024

seanm said:
My absolute #1 request:

Bhyve with Ubuntu keeps locking up
<https://ixsystems.atlassian.net/browse/NAS-122108>

(I went as far as rebuilding bhyve from source to get this fix from upstream.)

@morganL can the ticket please please be reopened so it's not lost / forgotten.

Any chance you can review the nightlies or look at the FreeBSD 13.3 source for the fixes?

Also like to see if the SSH key issue is solved by 13.3......

seanm · Feb 12, 2024

Patrick M. Hausen said:
I am confident this one will be fixed by simple shipping the versionof bhyve that is an integral part of FreeBSD 13.3.

Yeah, depending which exact version of FreeBSD they pick. The ticket has details about this.

seanm · Feb 12, 2024

morganL said:
Any chance you can review the nightlies or look at the FreeBSD 13.3 source for the fixes?

The info is all in the NAS-122108 ticket already.

seanm · Feb 12, 2024

Patrick M. Hausen said:
I am using elliptic curve with TN 13 without issues.

Sorry, I should have said:

Support better than ssh-rsa keys by default: <https://ixsystems.atlassian.net/browse/NAS-109023>

seanm · Feb 12, 2024

morganL said:
Each one requires work and testing, so we would prefer the must-have list. Which one do each of you specifically need?

I'd like to see EasyDNS support. Why? Because that's the DNS provider I use.

pfsense, also based on FreeBSD, supports acme.sh, which I think is a great way to get support for a lot of different providers.

Do you really want new tickets created for each different provider? NAS-115350 already has 28 upvotes.

danb35 · Feb 12, 2024

TheDragon said:
Would it not be simpler to just incorporate acme.sh?

Not really. Because every DNS provider has its own set of credentials, and that means a different web form, making sure it sets all the appropriate variables, input validation, etc. Repeat x 150 or so to cover all of them.

seanm · Feb 12, 2024

danb35 said:
Not really. Because every DNS provider has its own set of credentials, and that means a different web form, making sure it sets all the appropriate variables, input validation, etc. Repeat x 150 or so to cover all of them.

I'm not so sure about that. I think it's largely abstracted by acme.sh. pfSense manages it without needing 150 different UIs: https://docs.netgate.com/pfsense/en/latest/packages/acme/certificate.html

morganL · Feb 13, 2024

seanm said:
I'd like to see EasyDNS support. Why? Because that's the DNS provider I use.

pfsense, also based on FreeBSD, supports acme.sh, which I think is a great way to get support for a lot of different providers.

Do you really want new tickets created for each different provider? NAS-115350 already has 28 upvotes.

We want to know which ones are required....so we can decide how we could handle.

Patrick M. Hausen · Feb 13, 2024

morganL said:
We want to know which ones are required....so we can decide how we could handle.

I vote for at least one self-hosted provider for which I suggest acme-dns as the natural choice.

danb35 · Feb 13, 2024

seanm said:
pfSense manages it without needing 150 different UIs:

The docs pages don't give much detail (who needs screen shots, anyway?), but they make it sound like that's exactly what they do.

The other option, which would be relatively simple to code, would be to just give the user a text box to enter all the relevant credentials, like:

Code:

CF_Token="Y_jpG9AnfQmuX5Ss9M_qaNab6SQwme3HWXNDzRWs"
CF_Zone_ID="763eac4f1bcebd8b5c95e9fc50d010b4"

...and maybe even a text box to enter the name of the DNS authenticator (dns_cf for this example). But that makes the dependency on the third-party tool explicit, and sends the user to the acme.sh docs to figure out what to enter. Not the best UX.

Important Announcement for the TrueNAS Community.

TrueNAS 13.3 Wishlist

Guru

Guru

Captain Morgan

Cadet

Hall of Famer

Guru

Guru

Guru

Hall of Famer

Hall of Famer

Captain Morgan

Guru

Guru

Guru

Guru

Hall of Famer

Guru

Captain Morgan

Hall of Famer

Hall of Famer

Important Announcement for the TrueNAS Community.

Related topics on forums.truenas.com for thread: "TrueNAS 13.3 Wishlist"

Similar threads