System Configuration

How to change the various system level options in TrueNAS.

  6 minute read


System > General contains options for configuring the web interface and other basic system settings.

GUI SSL Certificatedrop-down menuThe system uses a self-signed certificate to enable encrypted web interface connections. To change the default certificate, select a different created or imported certificate.
WebGUI IPv4 Addressdrop-down menuChoose recent IP addresses to limit the usage when accessing the web interface. The built-in HTTP server binds to the wildcard address of (any address) and issues an alert if the specified address becomes unavailable.
WebGUI IPv6 Addressdrop-down menuChoose recent IPv6 addresses to limit the usage when accessing the web interface. The built-in HTTP server binds to the wildcard address of (any address) and issues an alert if the specified address becomes unavailable.
WebGUI HTTP PortintegerAllow configuring a non-standard port for accessing the web interface over HTTP. Changing this setting might require changing a Firefox configuration setting.
WebGUI HTTPS PortintegerAllow configuring a non-standard port to access the web interface over HTTPS.
HTTPS Protocolsdrop-down menuChoose which HTTPS protocols to allow
WebGUI HTTP -> HTTPS RedirectcheckboxRedirect HTTP connections to HTTPS. A GUI SSL Certificate is required for HTTPS. Activating this also sets the HTTP Strict Transport Security (HSTS) maximum age to 31536000 seconds (one year). This means that after a browser connects to the TrueNAS® web interface for the first time, the browser continues to use HTTPS and renews this setting every year.
Languagecombo boxSelect a language from the drop-down menu. The list can be sorted by Name or Language code. View the translated status of a language in the webui GitHub repository.
Console Keyboard Mapdrop-down menuSelect a keyboard layout.
Timezonedrop-down menuSelect a timezone.
Syslog leveldrop-down menuWhen Syslog server is defined, only logs matching this level are sent.
Syslog serverstringRemote syslog server DNS hostname or IP address. Nonstandard port numbers can be used by adding a colon and the port number to the hostname, like mysyslogserver:1928. Log entries are written to local logs and sent to the remote syslog server.
Crash reportingcheckboxSend failed HTTP request data which can include client and server IP addresses, failed method call tracebacks, and middleware log file contents to iXsystems.
Usage CollectioncheckboxEnable sending anonymous usage statistics to iXsystems.

After making any changes, click SAVE. Changes to any of the GUI fields can interrupt web interface connectivity while the new settings are applied.

This screen also contains these buttons:

SAVE CONFIG: save a backup copy of the current configuration database in the format hostname-version-architecture to the computer accessing the web interface. Saving the configuration after making any configuration changes is highly recommended. TrueNAS® automatically backs up the configuration database to the system dataset every morning at 3:45. However, this backup does not occur if the system is shut down at that time. If the system dataset is stored on the boot pool and the boot pool becomes unavailable, the backup will also not be available. The location of the system dataset can be viewed or set using System ➞ System Dataset.

SSH keys are not stored in the configuration database and must be backed up separately. System host keys are files with names beginning with ssh_host_ in /usr/local/etc/ssh/. The root user keys are stored in /root/.ssh.

There are two types of passwords. User account passwords for the base operating system are stored as hashed values, do not need to be encrypted to be secure, and are saved in the system configuration backup. Other passwords, like iSCSI CHAP passwords, Active Directory bind credentials, and cloud credentials are stored in an encrypted form to prevent them from being visible as plain text in the saved system configuration. The key or seed for this encryption is normally stored only on the operating system device. When Save Config is chosen, a dialog gives two options. Export Password Secret Seed includes passwords in the configuration file which allows the configuration file to be restored to a different operating system device where the decryption seed is not already present. Configuration backups containing the seed must be physically secured to prevent decryption of passwords and unauthorized access.

Export Pool Encryption Keys includes the encryption keys of encrypted pools in the configuration file. The encryption keys are restored if the configuration file is uploaded to a system with UPLOAD CONFIG.

UPLOAD CONFIG: allows browsing to the location of a previously saved configuration file to restore that configuration.

RESET CONFIG: reset the configuration database to the default base version. This does not delete user SSH keys or any other data stored in a user home directory. Since configuration changes stored in the configuration database are erased, this option is useful when a mistake has been made or to return a test system to the original configuration.


System > Advanced contains more advanced options for configuring system settings.

Show Text Console without Password PromptcheckboxSet for the text console to be available without entering a password.
Enable Serial ConsolecheckboxDo not enable this option if the serial port is disabled. Adds the Serial Port and Serial Speed fields.
Serial PortstringSelect the serial port address in hex.
Serial Speeddrop-down menuSelect the speed in bps used by the serial port.
Enable Legacy User InterfacecheckboxWARNING: The legacy user interface is deprecated. All management should be performed through the new user interface. Shows legacy UI login buttons on the web interface log in screen and Settings menu. These buttons allow switching to the interface that was available with TrueNAS® 11.2 and earlier.
Enable autotunecheckboxEnable the Autotune script which attempts to optimize the system based on the installed hardware. Warning: Autotuning is only used as a temporary measure and is not a permanent fix for system hardware issues.
Enable Debug KernelcheckboxUse a debug version of the kernel on the next boot.
Show console messagescheckboxDisplay console messages from /var/log/console.log in real time at bottom of browser window. Click the console to bring up a scrollable screen. Set the Stop refresh option in the scrollable screen to pause updates. Unset to continue watching messages as they occur. When this option is set, a button to show the console log appears on busy spinner dialogs.
MOTD bannerstringThis message is shown when a user logs in with SSH.
Show advanced fields by defaultcheckboxShow all advanced fields by default.
Use FQDN for loggingcheckboxInclude the Fully-Qualified Domain Name (FQDN) in logs to precisely identify systems with similar hostnames.
ATA Security Userdrop-down menuUser passed to camcontrol security -u for unlocking SEDs. Values are User or Master.
SED PasswordstringGlobal password used to unlock Self-Encrypting Drives.
Reset SED PasswordcheckboxSelect to clear the Password for SED column of Storage > Disks.

Click the SAVE button after making any changes.

There is also an option to:

SAVE DEBUG: generate text files that contain diagnostic information. After the debug data is collected, the system prompts for a location to save the compressed .tar file.