(408) 943-4100               V   Commercial Support Toggle between Light and Dark mode

Services

  24 minute read.

Last Modified 2021-10-07 17:49 EDT

System Settings > Services displays each system component that runs continuously in the background. These typically control data-sharing or other external access to the system. Individual services have their own configuration screens and activation toggles, and can be set to run automatically.

We have documented services related to data sharing or automated tasks in their respective Shares and Tasks articles.

ServicesSCALE

Dynamic Domain Name Service (DDNS) is useful when you connect TrueNAS to an ISP that periodically changes the system’s IP address. With Dynamic DNS, the system automatically associates its current IP address with a domain name and continues to provide access to TrueNAS even if the system IP address changes.

Configuring Dynamic DNS

DDNS requires registration with a DDNS service such as DynDNS before configuring TrueNAS. Have the DDNS service settings available or open in another browser tab when configuring TrueNAS. Log in to the TrueNAS web interface and go to Services > Dynamic DNS.

DynamicDNSSCALE

General Options

NameDescription
ProviderSeveral providers are supported. If a specific provider is not listed, select Custom Provider and enter the information in the Custom Server and Custom Path fields.
CheckIP-Server SSLUse HTTPS for the connection to the CheckIP Server.
CheckIP ServerName and port of the server that reports the external IP address. For example, entering checkip.dyndns.org:80 uses Dyn IP detection. to discover the remote socket IP address.
CheckIP PathPath to the CheckIP Server. For example, no-ip.com uses a CheckIP Server of dynamic.zoneedit.com and CheckIP Path of /checkip.html.
SSLUse HTTPS for the connection to the server that updates the DNS record.
Domain NameFully qualified domain name of the host with the dynamic IP address. Separate multiple domains with a space, comma (,), or semicolon (;). Example: myname.dyndns.org; myothername.dyndns.org.
Update PeriodHow often the IP is checked in seconds.

Credentials

NameDescription
UsernameUsername for logging in to the provider and updating the record.
PasswordPassword for logging in to the provider and updating the record.

Your DDNS solution provides the required values for the fields. Start the DDNS service after choosing your Provider options and saving the settings.

The File Transfer Protocol (FTP) is a simple option for data transfers. The additional SSH and Trivial FTP options provide secure or simple config file transfer methods, respectively.

Options for configuring FTP, SSH, and TFTP are in System Settings > Services. Click the to configure the related service.

FTP requires a new dataset and a local user account.

Go to Storage to add a new dataset.

![DatasetAddSCALE](</images/SCALE/DatasetAddSCALE.png “Adding a new Dataset”)

Next, go to Credentials > Local Users and click Add to create a local user on the TrueNAS.

![AddUserFormSCALE](</images/SCALE/AddUserFormSCALE.png “Adding a new User Account”)

Assign a user name and password, and link the newly created FTP share dataset as the user home directory. You can do this for every user, or create a global account for FTP (“OurOrgFTPacnt” for example).

Return to Storage, find the new dataset, and click > View Permissions. Then click . Set the Owner fields (user and group) to the new user account. Set Apply User and Apply Group before saving.

EditDatasetPermissionsSCALE

Service Configuration

To configure FTP, go to System Settings > Services and find FTP, then click .

ServicesFTPSCALE

Configure the options according to your environment and security considerations.

General Options

NameDescription
PortSet the port the FTP service listens on.
ClientsThe maximum number of simultaneous clients.
ConnectionsSet the maximum number of connections per IP address. 0 is unlimited.
Login AttemptsEnter the maximum attempts before client is disconnected. Increase if users are prone to typos.
TimeoutMaximum client idle time in seconds before disconnect.
CertificateThe SSL certificate to be used for TLS FTP connections. To create a certificate, go to Certificates.

Advanced

Access

NameDescription
Always ChrootSet to only let users access their home directory if they are in the wheel group. This option increases security risk.
Allow Root LoginAllow anonymous FTP logins with access to the directory specified in Path.
Allow Anonymous LoginAllow any local user to log in. By default, only members of the ftp group are allowed to log in.
Allow Local User LoginSetting this option results in timeouts when identd is not running on the client.
Require IDENT AuthenticationSets default permissions for newly created files.
File PermissionsSets default permissions for newly created directories.

TLS

NameDescription
Enable TLSAllow encrypted connections. Requires a certificate (created or imported in Certificates.
TLS PolicyDefine whether the control channel, data channel, both channels, or neither channel of an FTP session must occur over SSL/TLS. The policies are described here.
TLS Allow Client RenegotiationsWe don’t recommend this, since it breaks security measures. See mod_tls for details.
TLS Allow Dot LoginIf set, TrueNAS checks the user home directory for a .tlslogin file containing one or more PEM-encoded certificates. If not found, the user is prompted for password authentication.
TLS Allow Per UserIf set, allows user password to be sent unencrypted.
TLS Common Name RequiredWhen set, the common name in the certificate must match the FQDN of the host.
TLS Enable DiagnosticsIf set when troubleshooting a connection, logs more verbosely.
TLS Export Certificate DataSet to export the certificate environment variables.
TLS No Certificate RequestSet if the client cannot connect from poorly handling the server certificate request.
TLS No Empty FragmentsWe don’t recommend this option, since it bypasses a security mechanism.
TLS No Session Reuse RequiredThis option reduces connection security. Only use it if the client does not understand reused SSL sessions.
TLS Export Standard VarsIf selected, sets several environment variables.
TLS DNS Name RequiredIf set, the client DNS name must resolve to its IP address and the cert must contain the same DNS name.
TLS IP Address RequiredIf set, the client certificate IP address must match the client IP address.

Bandwidth

NameDescription
Local User Upload Bandwidth: (Examples: 500 KiB, 500M, 2 TB) *This field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.
Local User Download BandwidthThis field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.
Anonymous User Upload BandwidthThis field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.
Anonymous User Download BandwidthThis field accepts human-readable input in KiBs or greater (M, GiB, TB, etc.). Default 0 KiB is unlimited.

Other Options

NameDescription
Minimum Passive PortUsed by clients in PASV mode. A default of 0 means any port above 1023.
Maximum Passive PortUsed by clients in PASV mode. A default of 0 means any port above 1023.
Enable FXPEnable File eXchange Protocol. We don’t recommend this, since it leaves the server vulnerable to FTP bounce attacks.
Allow Transfer ResumptionSet to allow FTP clients to resume interrupted transfers.
Perform Reverse DNS LookupsPerforms reverse DNS lookups on client IPs. Causes long delays if reverse DNS isn’t configured.
Masquerade AddressPublic IP address or hostname. Set if FTP clients cannot connect through a NAT device.
Display LoginThe message shown to local login users after authentication. Not shown to anonymous login users.
Auxiliary ParametersUsed to add additional proftpd(8 parameters.

Ensure chroot is enabled and allow Local User Login. Doing so confines FTP sessions to a local user’s home directory.

Unless necessary, do NOT allow anonymous or root access. For better security, enable TLS when possible (especially when FTP is exposed to a WAN). TLS effectively makes this FTPS.

FTP Connection

Use a browser or FTP client to connect to the TrueNAS FTP share. The images here show using FileZilla, a free option.

The user name and password are those of the local user account on the TrueNAS. The default directory is the same as the user’s /home directory. After connecting, you can create directories and upload/download files.

FilezillaFTPConnect

SFTP (SSH File Transfer Protocol) is available by enabling SSH remote access to the TrueNAS system. SFTP is more secure than standard FTP as it applies SSL encryption on all transfers by default.

Go to Services, find the SSH entry, and click the .

ServicesSSHSCALE

Set Allow Password Authentication and decide if Log in as Root with Password is needed. SSH with root is a security vulnerability. It allows users to fully control the NAS remotely with a terminal instead of providing SFTP transfer access. Review the remaining options and configure them according to your environment or security needs.

General Options

NameDescription
TCP PortOpen a port for SSH connection requests.
Log in as Root with PasswordRoot logins are discouraged. Allows root logins. A password must be set for the root user account.
Allow Password AuthenticationEnabling allows SSH login authentication using a password. Warning: when directory services are enabled, this setting grants access to all users the directory service imported. When disabled, authentication requires keys for all users (requires additional SSH client and server setup).
Allow Kerberos AuthenticationBefore enabling, ensure valid entries exist in Directory Services (Kerberos Realms and Keytabs) and the system can communicate with the Kerberos Domain Controller .
Allow TCP Port ForwardingSet to let users bypass firewall restrictions using the SSH port forwarding feature.

Advanced Options

NameDescription
Bind InterfacesSelect interfaces for SSH to listen on. Leave all options unselected for SSH to listen on all interfaces.
Compress ConnectionsSelect the syslog(3) level of the SFTP server.
SFTP Log LevelSelect the syslog(3) facility of the SFTP server.
SFTP Log FacilityAllow more ciphers for sshd(8) in addition to the defaults in sshd_config(5). None allows unencrypted SSH connections and AES128-CBC allows the 128-bit Advanced Encryption Standard.
Weak CiphersWARNING: these ciphers are security vulnerabilities. Only allow them in a secure network environment.
Auxiliary ParametersAdd any more sshd_config(5) options not covered in this screen. Enter one option per line. These options are case-sensitive. Typos can prevent the SSH service from starting.

SFTP Connections

Similar to the FTP setup, open an FTP client (like FileZilla) or command line. This article shows using FileZilla as an example. Using FileZilla, enter SFTP://‘TrueNAS IP’, ‘username’, ‘password’, and port 22 to connect.

SFTP does not have chroot locking. While chroot is not 100% secure, lacking chroot lets users move up to the root directory and view internal system information. If this level of access is a concern, FTP with TLS may be the more secure choice.

The Trivial File Transfer Protocol (TFTP) is a lightweight version of FTP typically used to transfer configuration or boot files between machines, such as routers, in a local environment. TFTP provides a limited set of commands and provides no authentication.

If TrueNAS is only storing images and configuration files for network devices, configure and start the TFTP service. Starting the TFTP service opens UDP port 69.

ServicesTFTPSCALE

Path

NameDescription
DirectoryBrowse to an existing directory to use for storage. Some devices can require a specific directory name. Consult the documentation for that device to see if there are any restrictions.

Connection

NameDescription
HostThe default host to use for TFTP transfers. Enter an IP address. Example: 192.0.2.1
PortThe UDP port number that listens for TFTP requests. Example: 8050
UsernameSelect the account to use for TFTP requests. This account must have permission to the Directory.

Access

NameDescription
File PermissionsAdjust the file permissions using the checkboxes.
Allow New FilesSet when network devices need to send files to the system.

Other Options

NameDescription
Auxiliary ParametersAdd more options from tftpd. Add one option on each line.

Network devices use the Link Layer Discovery Protocol (LLDP) to advertise their identity, capabilities, and neighbors on an Ethernet network. TrueNAS uses the ladvd LLDP implementation. When the local network contains managed switches, configuring and starting LLDP tells TrueNAS to advertise itself on the network.

To configure LLDP, go to System Settings > Services, find LLDP and click the .

ServicesLLDPSCALE

General Options

NameDescription
Interface DescriptionEnables receive mode. Any received peer information is saved in interface descriptions.
County CodeTwo-letter ISO 3166-1 alpha-2 code used to enable LLDP location support.
LocationThe physical location of the host.

Set Interface Description and enter a Country Code before enabling the LLDP service.

A virtual private network (VPN) is an extension of a private network over public resources. It lets clients securely connect to a private network even when remotely using a public network. TrueNAS provides OpenVPN as a system-level service to provide VPN Server or Client functionality. TrueNAS can act as a primary VPN server that allows remote clients to access system data using a single TCP or UDP port. Alternatively, TrueNAS can integrate into a private network, even when the system is in a separate physical location or only has access to publicly visible networks.

Before configuring TrueNAS as either an OpenVPN Server or Client, you will need an existing public key infrastructure (PKI) with Certificates and Certificate Authorities created in or imported to TrueNAS.

Certificates allow TrueNAS to authenticate with clients or servers by confirming a valid master Certificate Authority (CA) signed the network credentials. To read more about the required PKI for OpenVPN, see the OpenVPN PKI Overview.

The general TrueNAS OpenVPN configuration process (server or client) is to select the networking credentials, set the connection details, and choose any additional security or protocol options.

OpenVPN Client

Go to System Settings > Services and find OpenVPN Client. Click the to configure the service.

OpenVPNClient

Choose the certificate to use as an OpenVPN client. The certificate must exist in TrueNAS and be active (unrevoked). Enter the Remote OpenVPN server’s hostname or IP address.

Continue to review and choose any other Connection Settings that fit your network environment and performance requirements. The Device Type must match the OpenVPN server Device Type. Nobind prevents using a fixed port for the client and is enabled by default so the OpenVPN client and server run concurrently.

Finally, review the Security Options and ensure they meet your network security requirements. If the OpenVPN server uses TLS Encryption, copy the static TLS encryption key and paste it into the TLS Crypt Auth field.

OpenVPN Server

Go to System Settings > Services and find OpenVPN Server. Click the to configure the service.

OpenVPNServer

Choose a Server Certificate for the OpenVPN server. The certificate must exist in TrueNAS and be active (unrevoked).

Now define an IP address and netmask for the OpenVPN Server. Select the remaining Connection Settings that fit your network environment and performance requirements. If using a TUN Device Type, you can choose a virtual addressing Topology for the server:

  • NET30: Use one /30 subnet per client in a point-to-point topology. Use when connecting clients are Windows systems.
  • P2P: Point-to-point topology that points the local server and remote client endpoints to each other. Each client gets one IP address. Use when none of the clients are Windows systems.
  • SUBNET: The interface uses an IP address and subnet. Each client gets one IP address. Windows clients require the TAP-Win32 driver version 8.2 or newer. TAP devices always use the SUBNET Topology.

TrueNAS applies the Topology selection to any connected clients.

When TLS Crypt Auth Enabled is set, TrueNAS generates a static key for the TLS Crypt Auth field after saving the options. To change this key, click Renew Static Key. Clients connecting to the server require the key. TrueNAS stores keys in the system database and includes them in client config files. We recommend always backing up keys in a secure location.

Finally, review the Security Options and choose settings that meet your network security requirements.

After configuring and saving your OpenVPN Server, generate client configuration files to import to any OpenVPN client systems connecting to this server. You need the certificate from the client system already imported into TrueNAS. To generate the configuration file, click Download Client Config and select the Client Certificate.

Common Options (Client or Server)

Many OpenVPN Server or Client configuration fields are identical. This section covers these fields and lists specific configuration options in the Server and Client sections.

The Additional Parameters field manually sets any of the core OpenVPN config file options. See the OpenVPN Reference Manual for descriptions of each option.

Connection Settings

SettingDescription
Root CAThe Certificate Authority (CA) must be the root CA you used to sign the Client and Server certificates.
PortThe port that the OpenVPN connection will use.
CompressionChoose a compression algorithm for traffic. Leave empty to send data uncompressed.

LZO is a standard compression algorithm that is backward compatible with previous (pre-2.4) versions of OpenVPN.

LZ4 is newer and typically faster and requires fewer system resources.
ProtocolChoose between UDP or TCP OpenVPN protocols. UDP sends packets in a continuous stream. TCP sends packets sequentially.

UDP is usually faster and less strict about dropped packets than TCP.

To force the connection to be IPv4 or IPv6, choose one of the 4 or 6 UDP or TCP options.
Device TypeUse a TUN or TAP virtual networking device and layer with OpenVPN. Device must be identical between the OpenVPN Server and clients.

Security Options

OpenVPN includes several security options since using a VPN involves connecting to a private network while sending data over less secure public resources. Security options are not required, but they help protect data users send over the private network.

SettingDescription
Authentication AlgorithmValidates packets sent over the network connection. Your network environment may require a specific algorithm. If not, SHA1 HMAC is a reliable algorithm to use.
CipherEncrypts data packets sent through the connection. Ciphers aren’t required but can increase connection security. You may need to verify which ciphers your networking environment requires. If there are no specific cipher requirements, AES-256-GCM is a good default choice.
TLS EncryptionWhen TLS Crypt Auth Enabled is set, OpenVPN adds another layer of security by encrypting all TLS handshake messages. This setting requires sharing a static key between OpenVPN server and clients.

Service Activation

Click Save after configuring the Server or Client service. Start the service by clicking the related toggle in System Settings > Services. Hover over the toggle to check the service’s current state.

Setting Start Automatically starts the service whenever TrueNAS completes booting.

S3 allows you to connect to TrueNAS from a networked client system with the Minio Browser, s3cmd, or S3 Browser.

S3 is an object storage protocol used by many major cloud providers including Amazon Web Services™. On TrueNAS, the service is another way to store files, and can be viewed with a web browser. Because S3 is the de facto standard for cloud-based storage, setting up an S3 service allows organizations or online application developers to use TrueNAS instead of expensive cloud storage.

Setting up the S3 service

Go to the System Settings > Services and find S3, then click to configure the service.

ServicesS3SCALE

S3 Configuration Options

NameDescription
IP AddressEnter the IP address that runs the S3 service. 0.0.0.0 tells the server to listen on all IPv4 addresses. :: allows the same for any IPv6 address. Select the TrueNAS IP address to constrain it to a specific network.
PortEnter the TCP port that provides the S3 service.
Access KeyEnter the S3 access ID. See Access keys for more information.
Secret KeyEnter the S3 secret access key. See Access keys for more information.
DiskBrowse to a directory to define the S3 filesystem path.
Enable BrowserEnables the S3 service web UI. Access the minio web UI by entering the IP address and port number separated by a colon in the browser address bar. Example: 192.168.1.0:9000.
CertificateUse an SSL certificate created or imported in Credentials > Certificates for secure S3 connections.

Select a clean dataset. Minio manages files as objects that you CANNOT mix with other dataset files. You can create new datasets by going to Storage and clicking > Add Dataset.

Configure the rest of the options as needed in your environment and start the service after saving any changes.

Minio Connections

When Enable Browser is set, test Minio Browser access by opening a web browser and typing the TrueNAS IP address with the TCP port. You must allow the chosen Port through the network firewall to permit creating buckets and uploading files. Example: https://192.168.0.3:9000.

Minio supports two different connection methods:

s3cmd

Linux or macOS users must have the s3cmd service installed before beginning this setup. On Windows, users can also refer to S3Express for a similar command line experience.

Ubuntu or other Linux distributions can access the configuration by running s3cmd --configure to walk through important settings.

Enter the specified access key and the secret key. Under S3 Endpoint, enter the TrueNAS IP address followed by TCP port, and reply N to the DNS-style bucket+hostname.

Save the file. On Linux, the default is in the home directory ~/.s3cfg.

If the connection has any issues, open .s3cfg again to troubleshoot. In Ubuntu, use nano .s3cfg or vi .s3cfg or gedit .s3cfg depending on the preferred text editor. For other operating systems, .s3cfg file location and editing tools may vary.

Scroll down to the host_bucket area and make sure the %(bucket)s. portion is removed and the address points to the IP_address:TCP_port for the system.

Correct Example

host_base = `192.168.123.207:9000`
host_bucket = `192.168.123.207:9000`

Incorrect Example

host_base = `192.168.123.207`
host_bucket = `%(bucket)s.192.168.123.207`

Poll the buckets using s3cmd ls to see the buckets created with the Minio Browser.

See the Minio s3cmd document and s3tools site for more information.

S3 Browser (Windows)

On Windows PCs, the S3 Browser is a convenient way to connect the TrueNAS system to Minio S3.

To set it up, first install the S3 Browser.

After installation completes, add a new account.

AmazonS3NewAccount

In the settings, select S3 Compatible Storage as the Account Type, then enter the Minio access point similar to the s3cmd setup (TrueNAS_IP_address:9000 or other port if set differently). Select the SSL settings appropriate for the particular setup. The default assumes SSL in S3 Browser, but for a LAN attached session, this may or may not have been set.

AmazonS3EditAccount

It is possible to access, create new buckets, or upload files to created buckets.

AmazonS3Browser

SNMP (Simple Network Management Protocol) monitors network-attached devices for conditions that warrant administrative attention. TrueNAS uses Net-SNMP to provide SNMP. To configure SNMP, go to System Settings > Services page, find SNMP, and click the .

ServicesSNMPSCALE

General Options

NameDescription
LocationEnter the location of the system.
ContactE-mail address that receives SNMP service messages.
CommunityChange from public to increase system security. Can only contain alphanumeric characters, underscores (_), dashes (-), periods (.), and spaces. This can be left empty for SNMPv3 networks.

SNMP v3 Options

NameDescription
SNMP v3 SupportSet to to enable support for SNMP version 3. See snmpd.conf(5) for configuration details.
UsernameEnter a username to register with this service.
Authentication TypeChoose an authentication method: --- for none, SHA, or MD5
PasswordEnter a password of at least eight characters.
Privacy ProtocolChoose a privacy protocol: --- for none, AES, or DES
Privacy PassphraseEnter a separate privacy passphrase. Password is used when this is left empty.

Other Options

NameDescription
Auxiliary ParametersEnter any additional snmpd.conf options. Add one option for each line.
Expose zilstat via SNMPEnabling this option may have performance implications on your pools.
Log LevelChoose how many log entries to create. Choices range from least (Emergency) to most (Debug).
Enable Network Performance StatisticsInclude iftop network performance statistics in SNMP messages.

When starting the SNMP service, port UDP 161 listens for SNMP requests.

Management Information Bases (MIBs)

Available Management Information Bases (MIBs) are located in /usr/local/share/snmp/mibs. This directory contains many files being routinely added or removed from the directory. Check the directory on your system by going to System Settings > Shell and entering ls /usr/local/share/snmp/mibs. Here is a sample of the directory contents:

ServicesSNMPsampleSCALE

The SSH service lets users connect to TrueNAS with the Secure SHell Transport Layer Protocol. When using TrueNAS as an SSH server, the users in the network must use SSH client software to transfer files with SSH.

Allowing external connections to TrueNAS is a security vulnerability! Do not enable SSH unless you require external connections.

Activate or configure the SSH service on the System Settings > Services page.

To configure SSH, go to System Settings > Services and find SSH, then click .

ServicesSSHSCALE

Configure the options as needed to match your network environment.

General Options

NameDescription
TCP PortOpen a port for SSH connection requests.
Log in as Root with PasswordRoot logins are discouraged. Allows root logins. A password must be set for the root user account.
Allow Password AuthenticationEnabling allows SSH login authentication using a password. Warning: when directory services are enabled, this setting grants access to all users the directory service imported. When disabled, authentication requires keys for all users (requires additional SSH client and server setup).
Allow Kerberos AuthenticationBefore enabling, ensure valid entries exist in Directory Services (Kerberos Realms and Keytabs) and the system can communicate with the Kerberos Domain Controller .
Allow TCP Port ForwardingSet to let users bypass firewall restrictions using the SSH port forwarding feature.

Advanced Options

NameDescription
Bind InterfacesSelect interfaces for SSH to listen on. Leave all options unselected for SSH to listen on all interfaces.
Compress ConnectionsSelect the syslog(3) level of the SFTP server.
SFTP Log LevelSelect the syslog(3) facility of the SFTP server.
SFTP Log FacilityAllow more ciphers for sshd(8) in addition to the defaults in sshd_config(5). None allows unencrypted SSH connections and AES128-CBC allows the 128-bit Advanced Encryption Standard.
Weak CiphersWARNING: these ciphers are security vulnerabilities. Only allow them in a secure network environment.
Auxiliary ParametersAdd any more sshd_config(5) options not covered in this screen. Enter one option per line. These options are case-sensitive. Typos can prevent the SSH service from starting.

Remote systems may require root access. Be sure to have all security precautions in place before allowing root access.

We recommend these additional SSH service options:

  • Add NoneEnabled no to Auxiliary Parameters to disable the insecure none cipher.
  • Increase the ClientAliveInterval if SSH connections tend to drop.
  • Increase the ClientMaxStartup value (10 is default) when you need more concurrent SSH connections.

Don’t forget to re-enable the SSH service in System Settings > Services after making changes. To create and store specific SSH connections and keypairs, go to Credentials > Backup Credentials.

TrueNAS uses NUT (Network UPS Tools) to provide UPS support. After connecting the TrueNAS system UPS device, configure the UPS service by going to System settings > Services, finding UPS, and clicking .

ServicesUPSSCALE

General Options

NameDescription
IdentifierDescribe the UPS device. It can contain alphanumeric, period, comma, hyphen, and underscore characters.
UPS ModeChoose Master if the UPS is plugged directly into the system serial port. The UPS will remain the last item to shut down. Choose Slave to have this system shut down before Master. See the Network UPS Tools Overview.
DriverSee the Network UPS Tools compatibility listfor a list of supported UPS devices.
Port or HostnameSerial or USB port connected to the UPS. To automatically detect and manage the USB port settings, select auto.

When an SNMP driver is selected, enter the IP address or hostname of the SNMP UPS device.

Monitor

NameDescription
Monitor UserEnter a user to associate with this service. Keeping the default is recommended.
Monitor PasswordChange the default password to improve system security. The new password cannot contain a space or #.Enter accounts that have administrative access. See upsd.users(5) for examples.
Extra UsersEnter accounts that have administrative access. See upsd.users(5) for examples.
Remote MonitorSet for the default configuration to listen on all interfaces using the known values of user: upsmon and password: fixmepass.

Shutdown

NameDescription
Shutdown ModeChoose when the UPS initiates shutdown.
Shutdown TimerEnter a value in seconds for the the UPS to wait before initiating shutdown. Shutdown will not occur if power is restored while the timer is counting down. This value only applies when Shutdown mode is set to UPS goes on battery.
Shutdown CommandEnter a command to shut down the system when either battery power is low or the shutdown timer ends.
Power off UPSSet for the UPS to power off after shutting down the system.

Email

NameDescription
Send Email Status UpdatesSet enable sending messages to the address defined in the Email field.
EmailEnter any email addresses to receive status updates. Separate entries by pressing Enter.
Email SubjectEnter the subject for status emails.

Other Options

NameDescription
No Communication Warning TimeEnter a number of seconds to wait before alerting that the service cannot reach any UPS. Warnings continue until the situation is fixed.
Host SyncUpsmon will wait up to this many seconds in master mode for the slaves to disconnect during a shutdown situation.
DescriptionDescribe this service.
Auxiliary Parameters (ups.conf)Enter any extra options from ups.conf.
Auxiliary Parameters (upsd.conf)Enter any extra options from upsd.conf.

Some UPS models sre unresponsive with the default polling frequency (default is two seconds). TrueNAS displays the issue in logs as a recurring error like libusb_get_interrupt: Unknown error. If you get an error, decrease the polling frequency by adding an entry to Auxiliary Parameters (ups.conf): pollinterval = 10.

upsc(8) can get status variables like the current charge and input voltage from the UPS daemon. Run this in System Settings > Shell using the syntax upsc ups@localhost. The upsc(8) manual page has other usage examples.

upscmd(8) can send commands directly to the UPS, assuming the hardware supports it. Only users with administrative rights can use this command. You can create them in the Extra Users field.

For USB devices, the easiest way to determine the correct device name is to set Show console messages in System Settings > Advanced. Plug in the USB device and look for a /dev/ugen or /dev/uhid device name in the console messages.
A UPS with adequate capacity can power multiple computers. One computer connects to the UPS data port with a serial or USB cable. This primary system makes UPS status available on the network for other computers. The UPS powers the secondary computers, and they receive UPS status data from the primary system. See the NUT User Manual and NUT User Manual Pages.