Using Official Apps with Ingress + Reverse Proxy to other services

victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
Is there any way within SCALE to use the official apps with Traefik or some other built in ingress controller to allow the use of only a domain, instead of a domain with a port number to access?

The reason I ask is tha I would like to use official apps (Nextcloud, Vaultwarden) as opposed to Truecharts apps because of some issues I'm having. Specifically that Truecharts Vaultwarden app will not deploy at all while using hostpath for storage, but the official app works fine.

Also with the official Nextcloud app it is possible to delete the app, and reinstall it while simply pointing the hostpath storage back at your existing data. With Truecharts this is not exactly possible without having to do some manual work to migrate or mount the data.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
victort said:
Is there any way within SCALE to use the official apps with Traefik or some other built in ingress controller to allow the use of only a domain, instead of a domain with a port number to access?
Click to expand...
You should be able to do this using the (TrueCharts) external service app, much like they document for accessing the GUI itself:

TrueNAS Web GUI via Traefik | TrueCharts

If you followed the instructions in Installing Traefik, your TrueNAS Web GUI will now be served on custom ports (port 81 and 444 in the video guide).
truecharts.org truecharts.org
 
C

Chubblez

Cadet
Joined
May 16, 2023
Messages
2
victort said:
Is there any way within SCALE to use the official apps with Traefik or some other built in ingress controller to allow the use of only a domain, instead of a domain with a port number to access?

The reason I ask is tha I would like to use official apps (Nextcloud, Vaultwarden) as opposed to Truecharts apps because of some issues I'm having. Specifically that Truecharts Vaultwarden app will not deploy at all while using hostpath for storage, but the official app works fine.

Also with the official Nextcloud app it is possible to delete the app, and reinstall it while simply pointing the hostpath storage back at your existing data. With Truecharts this is not exactly possible without having to do some manual work to migrate or mount the data.
Click to expand...
To make sure I understand what you're asking:

https://server.domain.tld should display the TrueNAS scale UI
https://nextcloud.domain.tld should show NextCloud
https://vaultwarden.domain.tld should show Vaultwarden

All via one IP address, and only using official apps. Is that correct?
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
C

Chubblez

Cadet
Joined
May 16, 2023
Messages
2
victort said:
Correct.

And using the external-services app is the way to do it.
Click to expand...
I'm trying to get the same thing setup, though I may be adding complications.

Vault Warden - vlan 1 - custom SSL certificate
Next Cloud - vlan 1 - will require Active Directory access - custom SSL certificate
Plex / Emby - vlan 1 - will stay on their preferred service ports
Home Assistant - vlan 2

In my case, I'm fine assigning separate IP's to the service to match a DNS entry, but Vault Warden and Next Cloud have to present to the apps over 443.
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,703
If you're not using any TrueCharts apps and only official ones, I would suggest using the community app "nginX Proxy Manager" for ingress control.
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
You can still use Traefik if you want. My setup is similar to this video
www.youtube.com

Secure HTTPS for all your TrueNAS Scale Apps (traefik)

In this Tutorial we install Traefik, a free and open-source load balancer, on TrueNAS Scale. We will cover the creation of trusted SSL Certificates via Letse...
www.youtube.com www.youtube.com

I have one IP serving my TrueNAS GUI and one IP for the Apps. With Traefik or nginx, it doesn't matter which port you set the services to run on. That's the idea behind a reverse proxy. You just need to configure your DNS entries to point to the proxy, and the proxy then takes the domain and redirects it to the proper IP/port.

The difference is that to use official apps (and other services) you need to use another Truecharts app called “external-services”
This allows you to configure everything with Traefik. Just fill in your domain, port, and cert to use just like you would in the other Truecharts apps.
 
Last edited:
D

Darren David

Explorer
Joined
Feb 27, 2014
Messages
54
victort said:
You can still use Traefik if you want. My setup is similar to this video
www.youtube.com

Secure HTTPS for all your TrueNAS Scale Apps (traefik)

In this Tutorial we install Traefik, a free and open-source load balancer, on TrueNAS Scale. We will cover the creation of trusted SSL Certificates via Letse...
www.youtube.com www.youtube.com

I have one IP serving my TrueNAS GUI and one IP for the Apps. With Traefik or nginx, it doesn't matter which port you set the services to run on. That's the idea behind a reverse proxy. You just need to configure your DNS entries to point to the proxy, and the proxy then takes the domain and redirects it to the proper IP/port.

The difference is that to use official apps (and other services) you need to use another Truecharts app called “external-services”
This allows you to configure everything with Traefik. Just fill in your domain, port, and cert to use just like you would in the other Truecharts apps.
Click to expand...
I like this idea of using a separate IP for the Apps. Are you configuring a second IP on a second NIC, or are you doing this virtually?

Also, should it matter if I'm running nginx on another machine, or does it need to be running on the same machine as TrueNAS Scale for ingress to work properly?
 
victort

victort

Guru
Joined
Dec 31, 2021
Messages
973
Darren David said:
I like this idea of using a separate IP for the Apps. Are you configuring a second IP on a second NIC, or are you doing this virtually?

Also, should it matter if I'm running nginx on another machine, or does it need to be running on the same machine as TrueNAS Scale for ingress to work properly?
Click to expand...
I don’t do this anymore, but when I did, I assigned both IPs to one bridge. The bridge had the main NIC as a member.
 
S

sfatula

Guru
Joined
Jul 5, 2022
Messages
608
victort said:
Also with the official Nextcloud app it is possible to delete the app, and reinstall it while simply pointing the hostpath storage back at your existing data. With Truecharts this is not exactly possible without having to do some manual work to migrate or mount the data.
Click to expand...
Yes
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Using Official Apps with Ingress + Reverse Proxy to other services"

Similar threads

Trevor68
Official Community Apps
Replies
5
Views
2K
Trevor68
Trevor68
R
SOLVED webnut (truecharts) - ingress
Replies
7
Views
2K
ragametal
R
J
How-to Traefik ingress to a custom app?
Replies
2
Views
721
jaeti01
J
A
Correct way of backing postgresql based apps
Replies
4
Views
1K
AFellmett
A
J
new Official Catalog version of Tailscale - looking for documentation
Replies
2
Views
1K
plinsboorg
P
Top