SOLVED Introductory questions : j

[itskando]

I built a NAS and installed FreeNAS, and
now I'm looking for a few pointers in the right direction.

I have a macOS laptop, and I'll likely eventually purchase a Windows desktop.

• I'd like to be able to interface with the NAS universally (through any operating system).
• I'd like to backup at least the macOS laptop on the NAS (using time machine via SMB).
• I'd like to run PLEX to stream my media to my TV or laptop.
• I'd like for my NAS to be accessible anywhere, including outside the house.
• I'd like for other users to also be able to access the NAS remotely.


This is as far as I got:


Physical connections:

• The NAS LAN port, the NAS IPMI port, and the TV will be connected to an ethernet switch.
The ethernet switch will be connected to a google wifi mesh hub (in wifi-bridge/extender mode).
The mesh hub bridge connects to the mesh hub router via wifi.

Does this seem like an acceptable configuration?

Initial Setup:
• Ran memtest86.
• Setup IPMI with static IP.
• Updated BIOS.
• Updated IPMI (via IPMI :D).
• Created FreeNAS installer; installed FreeNAS on separate USB boot disk.
• Setup FreeNAS network configuration.

I have two interfaces (em0 and igb0)? (Only the latter works - what are these?)
• Setup FreeNAS with static IP.
• Entered that static IP into web browser to connect to FreeNAS.
Did I miss anything I should have done?


(I skipped the wizard.
The next button wasn't working on the volume selection screen.)

Account:

• Created group [admins].
• Created user [kando].


• Configured user [kando] with primary group [admins] and auxiliary group [wheel].
• Configured user [root] with my primary email address.
• Configured user [kando] with my primary email address.
• Is there anything I should be doing instead involving one of the directory services?


System:
• Mirrored boot USB on second USB.
• Attempted to set to HTTP+HTTPS, but it said certificate was required.
I created a CA, then a certificate linked to the CA, and then a CSR linked to something.
Google chrome still marks the HTTPS as not private though.
What is the best way to handle this?
• Is there a guide for best practices for alarms?
• Is there anything else which needs to be done here?
• Should I change anything under advanced? (enable powerd? enable autotune?)
• If I leave the email field as [root@freenas.local],
will emails go to whichever email is listed under the user profile [root].


• Do I need to concern myself with the webgui http(s) ports or system datasets?

Tasks:
• Is there a guide for best practices for tasks?
• Is it dangerous to leave my server running without these set up yet?
• Someone mentioned server burn-in; does that have to do with these?

Network:

• Listed router IP as default gateway. (Is this correct?)
• Listed router IP as Nameserver 1. (Is this correct?)

• Will link aggregation be beneficial to my setup, described way up?
• Is there anything I should consider involving static IPs or VLANs?

Storage:
• Created mirror of 1x set of [2x 4[TB]] drives.
Intend to add additional sets of [2x 4 [TB]] drives to the pool in the future. (This is possible, yes?)
• Created dataset [users]; listed as type [Windows] (to be used as home share via SMB.)
• Do other datasets exist which I should create by default?
• Is there a guide for best practices for replication tasks, resilver priorities, and scrubs?
• Is there anything else which needs to be done with this?
• Should I be concerned with zvols or multipaths?


Directory services:
• Is this something which is supposed to be setup on a home server?
For active directory, for example, a domain is required.
Is that something I would have by default?
• Are the users and groups I created in Account part of a directory service?
If so, which one? Is it Kerberos?
Is it recommended that I do anything else under Directory Services?

Sharing:

• Using SMB sharing
(This should interface with Windows and macOS, including Time Machine (soonish).
Will it interface with Linux systems?)
• Created SMB share [rootSMB] at [root/];
added option [fruit] for macOS compatibility
• Created SMB share [userSMB] at [root/users/];
enabled [use as home share],
disabled [browsable to network clients],
added option [fruit] for macOS compatibility
• Will having an SMB share with a path within a higher-level path SMB share cause issues?
• Haven't tested Ownership yet
• Haven't tested granting users in group [admins] able to access [rootSMB]
• Haven't tested granting other users access to their home share only

Services:
• SMART is enabled by default.
• Disabled usb drives from SMART as they were causing warnings.
• Enabled SMB.
• Are there any other services worth recommending which I should enable?

Services (SMB):
• Should NetBIOS name match the hostname configured under Network?
• Should NetBIOS alias be provided? What are examples of a typical alias?
• Should workgroup be listed as anything other than WORKGROUP?
• Should I bind an IP address to the SMB shares?
Should it match the static IP address already used to connect to FreeNAS in the web browser?

Jails:
• Setup path for jails [root/jails]

Plugins:
• Installed PLEX

Plugins (PLEX):
• What is the default directory to save media to?
It appears that PLEX can only read media within its jail; however,
I found no obvious location to dump media.
• Is it possible to read media outside of the PLEX jail; (for instance, from user home shares)?

That's all for now. Sorry for so much!
I hope I have been clear on my questions : j

 

[danb35]

I'd like to be able to interface with the NAS universally (through any operating system).

Easy--a SMB share (or shares) will do this.

Google chrome still marks the HTTPS as not private though.

...because it's a self-signed certificate.

What is the best way to handle this?

Get a cert from a trusted CA. To do this, you'll need to have a domain in your name. Some brilliant and helpful member of the community has written a guide on one way to do this.

Someone mentioned server burn-in; does that have to do with these?

Server burn-in would be done before you create a pool or put data on the system. See the guide in my sig for more information on this and many other subjects.

Is there a guide for best practices for replication tasks, resilver priorities, and scrubs?

Replication tasks are used if you're replicating data to another machine. Resilver priorities shouldn't need to be touched in most cases. Most of us would recommend a more-frequent scrub than the default setting; I run them every two weeks.

Created SMB share [rootSMB] at [root/];

You really don't want to share your filesystem root.

Are there any other services worth recommending which I should enable?

Turning on the UPS service and configuring it properly will let your system shut itself down then your UPS battery (you do have one, right?) gets low.

It appears that PLEX can only read media within its jail;

Consult the manual's instructions for storage in jails.

I'd like for my NAS to be accessible anywhere, including outside the house.
I'd like for other users to also be able to access the NAS remotely.

To do this safely really needs a VPN setup.

 

[itskando]

I have two interfaces (em0 and igb0)? (Only the latter works - what are these?)

em() and igb() are NIC drivers.
igb() is more recent.

Source: Post 12:

em(4) is the old-style gigabit driver, igb(4) is the new-style driver. Eventually, all Intel NICs will use the igb driver, as very few new chipsets are released that are supported by em. All the fancy features go into the igb driver.

IOW, chipsets supported by em will be less expensive and considered legacy, but will still work fine (we use all em-based Intel NICs in our servers and firewalls).

 

[itskando]

You really don't want to share your filesystem root.

So, don't share:

• The zpool root (which is actually within /mnt of the true root system)
• The true root (which contains /mnt/<zpoolName>/)

To do this safely really needs a VPN setup.

Oh jeez - you're the person who got me started on looking into VPNs.
Thank you for the continued support.

 

[kdragon75]

The zpool root (which is actually ./mnt of the true root system)

The root of your system is / and in FreeNAS the default ZFS mount point is /mnt/. So the root of your pool is /mnt/<pool_name>. The "true" root is more of a philosophical debate. Also note that when writing a path, the . refers the the current folder. For example im in /mnt/ and want to read a file in /mnt/pool/files/ I could use cat ./pool/files/file, cat pool/files/file, or cat /mnt/pool/files/file. More importantly, if I download some program with the same name of one already installed on my system I need to use the path. If I download a fun new version of nano to /temp/nano and I cd /temp I can't just run nano as that will point to the one already installed. I CAN use /temp/nano or as noted my present directory is already /temp so I can simply say ./nano. Or for some real fun. Lets say Im moving some files from /mnt/pool/files/downloads/ to /mnt/pool/media/, I can
cd /mnt/pool/files/downloads
mv ./* ./../../media/
that translates to move everything from where I am to up two levels and into media. Note the trailing slash. Were moving files/folders to a folder/ not a file.

 

[itskando]

The root of your system is / and in FreeNAS the default ZFS mount point is /mnt/.

Fixed : j

But that still leaves the question:

Is it poor function to share the zpool root (including all of iocage), or
is it only poor function to share the root of the entire system?

 

[danb35]

Is it poor function to share the zpool root (including all of iocage)

Yes.

 

[kdragon75]

Is it poor function to share the zpool root (including all of iocage), or
is it only poor function to share the root of the entire system?

Both... Make datasets per share.

 

[itskando]

Some brilliant and helpful member of the community has written a guide on one way to do this.

I'm just getting to this; your appalling modesty is appreciated but deserved :D