WebDAV Share 404 Not Found

[morphxyz]

Heya

New to TrueNAS

Just can't get WebDAV to work.

Code:

Not Found
The requested URL was not found on this server.

The authentication seems to work, as I can't acces the page without credentials.

TrueNAS is behind a proxy. But I've tried internally too, directly with IP and Port. Same result.
I also have a vlan for client access which I usually use. I have tried to connect to the native IP (+Port) aswell.

I also tried HTTP, no difference.

The Folder does have a subfolder with webdav:webdav permissions. Folder itself is also webdav:webdav.

Share sits on a ZFS raidz2 pool.
TrueNAS is behind a opnsense fw. but as mentioned I tried to use the share internally too.

I am really running out of ideas here.

I want to use it for Synology Backups. I mean I could go with rsync and a vpn.
But I really would prefer that WebDAV solution.

Any help and ideas appreciated!

Ben

 

[morphxyz]

I figured it out! oopsie.

I tried connecting with https://mysite.com/"actual-path-on-filesystem"

The browser would just throw the 404.

However when I tried to connect with https://mysite.com/"share-name", the browser wouldn't load.

Gave it a shot and tried to set it up on synology with https://mysite.com/"share-name" and voila, the subfolder showed up!

 

[morphxyz]

Couldn't edit.

I also figured, in my specific case with a proxy between:

The connection will be established over https (443) - however after that your custom port will be used (on which my proxy wasn't listening on)

So the connection from Synology to TrueNAS WebDAV worked but i couldn't interact with data.

So either use port 443 for WebDAV (not recommended) or configure your proxy to forward traffic on your custom port aswell.

Hope this helps!

 

[morphxyz]

Sorry for the Spam! (Edit those posts together if you wish)

This might be a bit more of a network topic but this is how I finally got my webdav share on TrueNAS behind a proxy running safely.

My nginx proxy manager wasn't happy with https traffic on a custom port.

So after all I ended up with this solution:

on your FW: Forward port 443 to your nginx proxy manager
on your FW: Forward your custom port to nginx proxy manager aswell, but with 443 as internal port.

Now let nginx proxy manager forward the traffic to your NAS on the custom port.

Voila!

(Don't forget to setup crowdsec on your npm or fw).

closed

 

[morphxyz]

false alarm..
Seriously, last post, I promise!
this is the happy ending.

tldr; Create a Port Forwarding on your FW directly to TrueNAS.

Creating backup jobs worked but the wizard never finished.
(Didn't test the whole process beforehand. Yeah.. I know).

Looks like Synology (or WebDAV generally, I didn't check!) uses source port as reference for data transfer.
Can't imagine anything else.

Exposed my TrueNAS directly with custom port and port forwarding. (NO nginx proxy between).
It worked. Source port changed with every packet. Conclusion: "source port somewhat relevant".
(Traffic monitor, no block or reject. Source port was the only difference).

Traffic going through "Proxy Host" will always end up with the same source port. A Backup from Synology NAS to a TrueNAS WebDAV will NOT work with "Proxy Host" in nginx proxy manager. I have read about "Stream" with nginx proxy. It probably works if set up correctly. Assign port(s) in your nginx proxy docker instance beforehand. (In case you installed npm the official way).

My solution:
Create a dedicated VLAN and subnet on Firewall AND a VLAN adapter on TrueNAS. (recommended but works without)
Now create a port forwarding with your custom port (external and internal) directly to your TrueNAS on your FW.
(Internal port on FW and TrueNAS probably can be different, I didn't bother).

If you run some sort of IPS or DPI on your FW, you now can do remote backups from a Synology NAS to TrueNAS WebDAV safely!
(You are fine without that, as long your WebDAV PW is good. Unless this is an enterprise network!).
(I recommend using crowdsec at least).

NOTE: Nginx proxy "usually" sits on another machine than your TrueNAS. Always install TrueNAS bare-metal! Never mix it with too much additional stuff! Backup traffic from external sources now directly goes to TrueNAS. Which makes sense. I don't want all that Data to pass my Switches multiple times.

Happy to share my experience!
Hope this helps.

 

[Ericloewe]

I have deep reservations about instructing people to forward ports to their NAS - or any other machine, for that matter - without the proper context. It is not something that should be taken lightly.

If you run some sort of IPS or DPI on your FW, you now can do remote backups from a Synology NAS to TrueNAS WebDAV safely!
(You are fine without that, as long your WebDAV PW is good. Unless this is an enterprise network!).

To any future readers: please don't. This is what we in the business call "a very bad idea". If you want to connect remote systems, use a VPN. It's simpler, more versatile, and easier to get right. There's so much that can go wrong with this setup that it is unreasonably dangerous.

But I really would prefer that WebDAV solution.

Why, are you itching for a visit from the russian mafia?

 

[morphxyz]

Very last last post.
Glad we have a professional step in at this point.
I will take the extra steps for the VPN configuration.
I assumed protection against brute force is enough. But I guess you never know.
If you can, create a VPN and connect "locally" before creating any backup tasks.
It will always be the safer, but also, more ressource intensive solution.