Hope you figure out certificates and do a video soon! Your TrueNAS stuff is perfect for beginners, and setting up certificates seems a much needed security-oriented next-step. Thank you!
If you haven't already done it, traefik on its own (deployed in a cloud-based k8s cluster, for example) can be configured to use Let's Encrypt for a wildcard domain. I'm working on that now within the TrueNAS Scale deployment. Unsure what roadblocks I'll hit of course.
@@davek804 only public domains, I guess? I've never seen Let's Encrypt work within a local setup, but last time I messed with SSL, I figured out a website had a tool to get a valid SSL certificate from Let's Encrypt, which you then could download and use, but I never got it working. it's been a while now, so I don't know if it ever worked, but the developer of the website also developed a NodeJS package that worked flawlessly within backend I wrote using their tool, so I know they knew what they were doing, at least
followed the guide exactly and can't get it to work. When I try to save it give the following error: Error: [EINVAL] values.ingress.main.tls: Item#0 is not valid per list types: [EINVAL] tlsEntry.hosts: Item#0 is not valid per list types: [host] Not a string. I think I am on a newer version of Truenas Scale.
If you don't select an SSL Certificate means all data is sent in clear text when communicating with the service. The self-signed certificate that TrueNAS generate will encrypt the communication when used, but will bring up an error in the client, as it has not been told that the certificate has been verified by the entities whom hand out certificates normally. Using a Let's Encrypt cert for a valid domain will allow encrypted communication without any warnings. I am dumbing it down a bit, but should still convey the important bits to know.
it is possible to create a valid SSL certificate without Let's Encrypt, completely for free, and all without a public service at all, but it requires 2 systems, where the first one is the system supposed to use the cetificate, and the second to validate it. DigitalOcean made a guide about it years ago, demonstrated using 2 systems running Ubuntu (or Ubuntu Server) other than that, I totally agree that your explanation is simplified, but the important part, which people should care about, was covered anyway. shorter explanation would just be that SSL works like an encryption for the data within the HTTP requests, making it far more difficulty to get any value out of hacking with man-in-the-middle attacks and so on, NetworkChuck made a good video about that a while ago
That is why you have to use the TrueCharts 3rd party app list for TrueNAS Scale because their preconfigured dockers allow you to edit the Ingress settings.
No, I just can't seem to get my head wrapped around it. Planning on doing a couple videos on Prowlarr, Radarr, Sonarr, and Libarr. Just need to find the time.
@@LoResDIY Man, I feel you. I started my own Truanas journey this week and your videos were some of my favorites. I love your non condescending way of being explicit with showcasing each step. Hope you can get some time and motivation to get a grasp on certificates. Personally, The last thing I need is to expose Jellyfin to the Internet so I can watch it on the fly. But I'm ripping my hair out in frustration trying to piece it together... Anyway love your content and I am looking forward for your return 😎
@@LoResDIY I got it the certification working and i'm so happy! Next step in my journey is configuring Radarr and Sonarr. I will look forward to your next video
@@LoResDIY i am choosing not to share my process as it is not good practice. But I have essentially bought a website domain with cloud flare and then port forwarded port 443 to træfik. It is then used as a forward proxy
@@TechWithYouVee yes it does. Actually, I made a preset a while ago. I used a square instead of a circle. But what he did is not via obs. He recorded via obs, and footage from his other camera was masked on the recording with premier pro (most likely).
how does traefik know how to send plex.local to port 32400? In your other video on setting up plex.local in pihole, you mentioned that pihole does not allow to create dns with ip:port therefore you need traefik. I'm not clear as to how you got it to work without configuring traefik to send the request to port 32400?
TrueCharts channel have a video on how the get a certificate, but it still have this warning even though it is not self-signed... I would really love to see a video on how to access self hosted apps through Cloudflare Zero Trust tunnel! I am struggling with this right now. Some say I have to use reverse proxy in order to use it, but I am not sure how exactly should I configure it.
@@LoResDIY You can, after deploying a image with unbound. In my case, I was to lazy to figure out how to deploy a custom docker image on Truenas to get this working on kubernets(apps) so I used a simple VM to handle the combo Pie-hole + Unbound.
I've been doing this with Kemp Loadmaster for a while, and I was sure there must be a chunk of video missing. You just installed it and it worked. That can't be right! What about all the configuration?! I was able to import Cloudflare intermediate and CA certificates into TrueNAS, copy my existing subdomains into the Ingress settings and moved my reverse proxying over to Traefik in minutes. Bye bye Loadmaster!
Hope you figure out certificates and do a video soon! Your TrueNAS stuff is perfect for beginners, and setting up certificates seems a much needed security-oriented next-step. Thank you!
If you haven't already done it, traefik on its own (deployed in a cloud-based k8s cluster, for example) can be configured to use Let's Encrypt for a wildcard domain. I'm working on that now within the TrueNAS Scale deployment. Unsure what roadblocks I'll hit of course.
Did you ever figure anything out?
@@JayLooney yep. Have traefik serving the trueNAS system cert on all my apps. Renews fine too.
@@davek804 only public domains, I guess? I've never seen Let's Encrypt work within a local setup, but last time I messed with SSL, I figured out a website had a tool to get a valid SSL certificate from Let's Encrypt, which you then could download and use, but I never got it working. it's been a while now, so I don't know if it ever worked, but the developer of the website also developed a NodeJS package that worked flawlessly within backend I wrote using their tool, so I know they knew what they were doing, at least
Hi, great video. However, Traefik is an enterprise feature from what it seems now and is not available via truecharts. How did you get it?
just enable the enterprise train alongside of stable for the truecharts repo
followed the guide exactly and can't get it to work. When I try to save it give the following error: Error: [EINVAL] values.ingress.main.tls: Item#0 is not valid per list types: [EINVAL] tlsEntry.hosts: Item#0 is not valid per list types: [host] Not a string. I think I am on a newer version of Truenas Scale.
If you don't select an SSL Certificate means all data is sent in clear text when communicating with the service.
The self-signed certificate that TrueNAS generate will encrypt the communication when used, but will bring up an error in the client, as it has not been told that the certificate has been verified by the entities whom hand out certificates normally.
Using a Let's Encrypt cert for a valid domain will allow encrypted communication without any warnings.
I am dumbing it down a bit, but should still convey the important bits to know.
it is possible to create a valid SSL certificate without Let's Encrypt, completely for free, and all without a public service at all, but it requires 2 systems, where the first one is the system supposed to use the cetificate, and the second to validate it. DigitalOcean made a guide about it years ago, demonstrated using 2 systems running Ubuntu (or Ubuntu Server)
other than that, I totally agree that your explanation is simplified, but the important part, which people should care about, was covered anyway. shorter explanation would just be that SSL works like an encryption for the data within the HTTP requests, making it far more difficulty to get any value out of hacking with man-in-the-middle attacks and so on, NetworkChuck made a good video about that a while ago
Damn. I hadn't done this yet and as of yesterday, they have moved Traefik to Scale Enterprise.
I just found this out as well.
Thanks, you helped me alot
Glad I could help
If a pre-configured docker (like netdata) doesn't come with ingris config setting, can this still be used ?
That is why you have to use the TrueCharts 3rd party app list for TrueNAS Scale because their preconfigured dockers allow you to edit the Ingress settings.
Any updates on certificates? or maybe just an update on your current situation?
No, I just can't seem to get my head wrapped around it.
Planning on doing a couple videos on Prowlarr, Radarr, Sonarr, and Libarr. Just need to find the time.
@@LoResDIY
Man, I feel you. I started my own Truanas journey this week and your videos were some of my favorites. I love your non condescending way of being explicit with showcasing each step. Hope you can get some time and motivation to get a grasp on certificates.
Personally, The last thing I need is to expose Jellyfin to the Internet so I can watch it on the fly. But I'm ripping my hair out in frustration trying to piece it together... Anyway love your content and I am looking forward for your return 😎
@@LoResDIY I got it the certification working and i'm so happy! Next step in my journey is configuring Radarr and Sonarr. I will look forward to your next video
That is awesome. Could you share what you did to male ther certs work?
@@LoResDIY i am choosing not to share my process as it is not good practice. But I have essentially bought a website domain with cloud flare and then port forwarded port 443 to træfik. It is then used as a forward proxy
why i dont see ingress in plex at all ????
Hi there, what screen recording software do you use?
I like how it puts your head in a bubble and allows you to insert arrows etc..
USE OBS
@@kush-909 I tried to use it but its a super confusing app to use. Does it do arrows and head in a bubble?
@@TechWithYouVee yes it does. Actually, I made a preset a while ago. I used a square instead of a circle. But what he did is not via obs. He recorded via obs, and footage from his other camera was masked on the recording with premier pro (most likely).
Could you tell me if the Traefik is not available anymore?
Traefik is still available on Truecharts
how does traefik know how to send plex.local to port 32400? In your other video on setting up plex.local in pihole, you mentioned that pihole does not allow to create dns with ip:port therefore you need traefik. I'm not clear as to how you got it to work without configuring traefik to send the request to port 32400?
never mind. I understand it now.
It's Magic.
Cheers
TrueCharts channel have a video on how the get a certificate, but it still have this warning even though it is not self-signed...
I would really love to see a video on how to access self hosted apps through Cloudflare Zero Trust tunnel! I am struggling with this right now. Some say I have to use reverse proxy in order to use it, but I am not sure how exactly should I configure it.
will I be able to access Plex remotely with this? gr thijs
and how to do it without pihole?
Nice video. I normally send pihole to unbound for recursive dns can traefik handle this as well?
I'm sure it can be done, but I haven't looked into it yet.
@@LoResDIY You can, after deploying a image with unbound.
In my case, I was to lazy to figure out how to deploy a custom docker image on Truenas to get this working on kubernets(apps) so I used a simple VM to handle the combo Pie-hole + Unbound.
What about Tailscale!?
I Haven't tried it yet. Yet.
Sweet
Cheers
traefik is on truenas enterprise charts now :/
Looks like the certificates situation has gotten a lot more complicated as of August 2023. I give up.
LOL . . . Traffic . . . because it directs the network traefik . . . wink wink
"Traefik" is pronounced "Traffic"
its not work! even though i had follow all your step!
I've been doing this with Kemp Loadmaster for a while, and I was sure there must be a chunk of video missing. You just installed it and it worked. That can't be right! What about all the configuration?! I was able to import Cloudflare intermediate and CA certificates into TrueNAS, copy my existing subdomains into the Ingress settings and moved my reverse proxying over to Traefik in minutes. Bye bye Loadmaster!
Спасибо за информативное видео.
Glad it helped.
Cheers
Its an utter shame that the TrueCHARTs people killed their project, making this video essentially useless.