(I hope someone experienced could check this post.)
Disclaimer 0: I decided to post it here so that people in my position could more easily find this information. Almost everything I've written here is taken from the excellent tutorials of the TrueCharts community and from their advice. I only tried to gather the information in one place and organize it. I am not an expert and I will not be able to answer most of the questions. However, there are plenty of people here ready to help you if you encounter any troubles. Also, feel free to ask TrueCharts Discord server for help.
Disclaimer 1: This article is intended for newbies. If you know how to configure reverse proxy, dynamic DNS, port forwarding, etc., you don't need it.
Disclaimer 2: I originally wrote this article in my native language and translated it into English using DeepL, so the wording may sometimes seem odd and technical terms may be misused.
Why should one use this method if they can get a static IP from their ISP and open several ports you may ask? By opening ports you become an easier target for malware and vulnerable to DDoS attacks. Also, the method described below seems simpler to set up once you get the idea.
Any additions, edits, and advice are welcome!
If you host services in containers or on virtual machines you may find this video helpful: https://www.youtube.com/watch?v=VrV0udRUi8A&t=293s
Keep in mind that it may take up to several hours for the domain to be linked, wait until the end of the process.
You should have your domain in the menu on the left. Click on it. In the new menu on the left, look for “SSL/TLS”. On the “Overview” page (under “SSL/TLS”) in the middle of the screen, next to the connection scheme, select “Full”. Then go to “Edge Certificates”, scroll down a little bit and activate the switch next to “Always Use HTTPS”.
If you are using the Cloudflare app for TrueNAS, you will only need a token from the next page. If you use a different system, select the option you need and install the application according to the instructions from Cloudflare.
Highlighted code must be inserted into the “Tunnel Token” field during the installation of the Cloudflare application from the TrueCharts library.
If you have done everything correctly, you should see something similar under "Access" → "Tunnels" in your Cloudflare Zero Trust dashboard.
To avoid this, go to “System Settings” → “General”. At the top right of the GUI window, click “Settings” and in the side menu change “Web Interface HTTP Port” to 81 and “Web Interface HTTPS Port” to 444 and click save. You will now connect to the server through your browser on these ports! (That is, if before you had *ip_server*:443 in your browser, it should now be *ip_server*:444).
Now we can move on to installing Traefik. Find it in the list of applications and click "Install". We only need to change 2 parameters before starting the installation. They are both under “Service's Port(s) Configuration”. Change the first port to 80 and the second to 443.
This step is described in more detail in the TrueCharts video: https://www.youtube.com/watch?v=bWNPfrKjawI
HostName: *some_name*.*your_domain_name*.*TLD* (ex. jellyfin.hackerman.com)
Path *: leave default “/”
Path Type *: leave default “Prefix”
Certificate Hosts: same as HostName
Select TrueNAS SCALE Certificate: choose 'cert' Certificate
This step is described in more detail in the video from TrueCharts: https://www.youtube.com/watch?v=0Rmav5gyAwI
In the video they change the "Service type" to "Cluster IP". It now looks different in the UI. If you choose the options that says "no exposed ports" or something like that, you will not be able to connect to the app by IP:port anymore. I personally do not change this option to connect to my media server via IP with my smart TV as it is always in my local network.
NOTICE: After configuring ingress, TrueNAS will use the domain name to send you to the application after you click "Open" from the applications list. However, this button will not work until you complete the configuration in Cloudflare. You can still access your TrueNAS applications by entering the IP of your TrueNAS server and the port the application is listening to manually in your browser.
In the “Subdomain” field, enter the name you came up with when you set up ingress. As for "Domain", choose one of your domain names from the list. Choose "HTTP" type connection (HTTPS will not work). For "URL" use TrueNAS IP address in your local network and port which you normally use to connect to the application (indicated on the application tile in TrueNAS).
Save your settings and wait a few minutes. You will soon be able to connect to the app by domain name!
Disclaimer 0: I decided to post it here so that people in my position could more easily find this information. Almost everything I've written here is taken from the excellent tutorials of the TrueCharts community and from their advice. I only tried to gather the information in one place and organize it. I am not an expert and I will not be able to answer most of the questions. However, there are plenty of people here ready to help you if you encounter any troubles. Also, feel free to ask TrueCharts Discord server for help.
Disclaimer 1: This article is intended for newbies. If you know how to configure reverse proxy, dynamic DNS, port forwarding, etc., you don't need it.
Disclaimer 2: I originally wrote this article in my native language and translated it into English using DeepL, so the wording may sometimes seem odd and technical terms may be misused.
Introduction
Here I want to describe my way of creating self-hosted alternatives to various cloud services. Namely about how you can access your applications over the Internet as cheap and easy as possible. I myself use TrueNAS and its applications. For other systems, the principle will remain the same. There are tons of tutorials on how to host alternatives to Netflix, Spotify, DropBox and other stuff on TrueNAS and other NAS/hypervisor systems, but I couldn't find any complete tutorial on how to setup access without reverse proxy for TrueNAS. I had to collect pieces of information for this tutorial all over the internet.Why should one use this method if they can get a static IP from their ISP and open several ports you may ask? By opening ports you become an easier target for malware and vulnerable to DDoS attacks. Also, the method described below seems simpler to set up once you get the idea.
Any additions, edits, and advice are welcome!
If you host services in containers or on virtual machines you may find this video helpful: https://www.youtube.com/watch?v=VrV0udRUi8A&t=293s
How do we do this?
Cloudflare makes many useful services. Among them is Zero Trust. We won't go into the details of what it is. The main thing is that it is free. This service will allow us to connect to services in our local network by referring to them with a domain name and Cloudflare will hide our IP and ports. And most importantly, we do not need a static IP address.What does it take?
- The server itself, in this case TrueNAS Scale with TrueCharts library connected. The applications you want to access must be installed from TrueCharts, because they have an Ingress setting that we need. The applications from the default TrueNAS library do not have these settings. If you deploy containers by yourself then you will have to fiddle with settings manually.
- Traefik application from the TrueCharts library.
- Cloudfalre account. Registration is free.
- Certificate. It's not hard to get one, but to avoid stretching this tutorial I'll just send you to watch this video: https://www.youtube.com/watch?v=TJ5fDiDRcbU&t=9s
- Domain name. You can try to get one for free, but it's easier to buy one. I bought mine for less than $4 for a whole year. That will be the only expense in this tutorial.
Step 1: Transferring your domain to Cloudflare
In order for Cloudflare to use our domain, we need to link it to our account. Click the + in the upper right corner and follow the instructions. If you feel unsure, look for video instructions online.Keep in mind that it may take up to several hours for the domain to be linked, wait until the end of the process.
You should have your domain in the menu on the left. Click on it. In the new menu on the left, look for “SSL/TLS”. On the “Overview” page (under “SSL/TLS”) in the middle of the screen, next to the connection scheme, select “Full”. Then go to “Edge Certificates”, scroll down a little bit and activate the switch next to “Always Use HTTPS”.
Step 2. Creating a tunnel
Find the “Zero Trust” item in the side menu on the left (you can see it in the first screenshot). When you click it, you will be redirected to the Cloudflare Zero Trust portal. Go to the “Access” menu and select “Tunnels”. Name your tunnel however you like and click “Save tunnel” button.If you are using the Cloudflare app for TrueNAS, you will only need a token from the next page. If you use a different system, select the option you need and install the application according to the instructions from Cloudflare.
Highlighted code must be inserted into the “Tunnel Token” field during the installation of the Cloudflare application from the TrueCharts library.
If you have done everything correctly, you should see something similar under "Access" → "Tunnels" in your Cloudflare Zero Trust dashboard.
Step 3: Installing Traefik
IMPORTANT: Before setting up Traefik, you need to change the TrueNAS GUI ports. They both use the same ports by default, so if you do not change them, you will not be able to connect to the web interface of the TrueNAS server anymore!To avoid this, go to “System Settings” → “General”. At the top right of the GUI window, click “Settings” and in the side menu change “Web Interface HTTP Port” to 81 and “Web Interface HTTPS Port” to 444 and click save. You will now connect to the server through your browser on these ports! (That is, if before you had *ip_server*:443 in your browser, it should now be *ip_server*:444).
Now we can move on to installing Traefik. Find it in the list of applications and click "Install". We only need to change 2 parameters before starting the installation. They are both under “Service's Port(s) Configuration”. Change the first port to 80 and the second to 443.
This step is described in more detail in the TrueCharts video: https://www.youtube.com/watch?v=bWNPfrKjawI
Step 4: Setting up access to the application
Let's take the Jellyfin app as an example. In the installation menu (or edit menu, if you already have it installed), check the “Enable Ingress” item. Click “Add” next to “Hosts”, then again next to “Paths” right under “Hosts”. Click “Add” again on” TLS-Settings” and lastly on “Certificate Hosts”. Now we need to fill these items with information:HostName: *some_name*.*your_domain_name*.*TLD* (ex. jellyfin.hackerman.com)
Path *: leave default “/”
Path Type *: leave default “Prefix”
Certificate Hosts: same as HostName
Select TrueNAS SCALE Certificate: choose 'cert' Certificate
This step is described in more detail in the video from TrueCharts: https://www.youtube.com/watch?v=0Rmav5gyAwI
In the video they change the "Service type" to "Cluster IP". It now looks different in the UI. If you choose the options that says "no exposed ports" or something like that, you will not be able to connect to the app by IP:port anymore. I personally do not change this option to connect to my media server via IP with my smart TV as it is always in my local network.
NOTICE: After configuring ingress, TrueNAS will use the domain name to send you to the application after you click "Open" from the applications list. However, this button will not work until you complete the configuration in Cloudflare. You can still access your TrueNAS applications by entering the IP of your TrueNAS server and the port the application is listening to manually in your browser.
Step 5: Configure access in Cloudflare
Let's get back to our tunnel. Find it in the list (this should be easy, you probably have just one) and click the “Configure” button next to it. Right under the tunnel name, go to the “Public Hostname” page and click the blue “Add a public hostname” button on the right.In the “Subdomain” field, enter the name you came up with when you set up ingress. As for "Domain", choose one of your domain names from the list. Choose "HTTP" type connection (HTTPS will not work). For "URL" use TrueNAS IP address in your local network and port which you normally use to connect to the application (indicated on the application tile in TrueNAS).
Save your settings and wait a few minutes. You will soon be able to connect to the app by domain name!
Last edited: