Create certifcates without using Cloudflare

[cirsten]

Hi All

I'm running TrueNAS-SCALE-22.02.0.1

Via TrueCharts I have installed Traefik and Komga

Komga is a media server for comics. Those comics are on the NAS

Komga works perfectly fine on my local network. I can access Komga outside my local service using portforwarding and a site like No-IP or DuckDNS
Komga requires a user name and passward to access it's web UI

However, my research is that this approach is very inscure, and it would be better to use a reverse proxy like Traefik inbetween.

My problems arise when trying to follow the guides at TrueCharts as they use Cloudlfare to create certificates to be used in Traefik.
Cloudflare doesn't host a domain like DuckDNS, and neither will it accept the domain (http://example.duckdns.org) as a valid domain

My experience with kubernetes (or docker) is about zero!

If what I asking will take a lot tinkering, it's likely beyond my or your patience

However, if there is a relatively siomple process/guide that I can be pointed to, that would be awesome

If successful, I'd like to do a simlar thing with nextcloud

Thanks in advance

 

[truecharts]

If you do not use a certificate provider supported by SCALE's ACME, you'll have to manually import certificates.
If that fails: you're out-of-luck.
For those few dollars: go get a valid domain.

It has nothing to do with TrueCharts, Traefik, kubernetes or Apps in general though, as we rely on the TrueNAS SCALE certificate system. Not anything we build or kubernetes solutions.

 

[danb35]

Cloudflare and Route53 are the only DNS hosts supported through the SCALE UI. However, you can use acme.sh (or any other client) to obtain a cert, and other users have reported that my deploy script works on SCALE (though I haven't tested it myself)--the advantage here would be that acme.sh supports over 150 DNS hosts. Once the cert is imported into TrueNAS, Traefik can use it AIUI. See:

GitHub - danb35/deploy-freenas: Python script to automate deploying TLS certificates to FreeNAS servers

Python script to automate deploying TLS certificates to FreeNAS servers - danb35/deploy-freenas

github.com

@truecharts, doesn't Traefik support obtaining its own certs using HTTP validation? If so, it seems that might be incorporated in your app, assuming the instance in question were exposed to the Internet.

 

[truecharts]

@truecharts, doesn't Traefik support obtaining its own certs using HTTP validation? If so, it seems that might be incorporated in your app, assuming the instance in question were exposed to the Internet.

We are not going to include that feature, because it's inherently incompatible with running Traefik in HA mode.
On kubernetes Traefik internal certificate system is generally not used for that reason.

That being said: When running our Traefik App as a normal Helm Chart instead of a SCALE App, one could easily use the industry standard solution of using cert-manager. However: we have made design choices not to expose some features in the SCALE UI.