TrueNAS Scale Nginx
Overview
Setup Nginx Proxy Manager on TrueNAS Scale.
Assumptions
TrueNAS Scale Setup completed.
Logged in as administrative user.
Install Nginx Proxy Manager
Navigate to the Applications page in the TrueNAS Scale dashboard, Apps on the main navigation.
Switch to the Available Applications tab in the Applications page.
Using the search tool, find the nginx-proxy-manager application. Verify Nginx Proxy Manager is from the TrueNAS catalog and is on the Community train.
Select Install to begin configuration and installation of the application. Configuration options not mentioned in this section can be left as default.
Application Name
| Setting | Value | Description |
|---|---|---|
| Application Name | nginx-proxy-manager | Name for the application. |
| Version Number | #.#.# | Version to use, latest by default. |
Nginx Proxy Manager Configuration
| Setting | Value | Description |
|---|---|---|
| Timezone | 'UTC' timzone | Define local timezone. |
| Additional Environment Variables | | None required. |
User and Group Configuration
| Setting | Value | Description |
|---|---|---|
| User ID | 568 | Keep default value, 568 is the apps user. |
| Group ID | 568 | Keep default value 568 is the apps group. |
Network Configuration
| Setting | Value | Description |
|---|---|---|
| WebUI Port | 30020 | Port for administrative dashboard. |
| HTTP Port | 80 | Change to 80 to avoid having to specify a port for HTTP traffic. Verify the TrueNAS dashboard is not listening on port 80 already, change the port if necessary. |
| HTTPS Port | 443 | Change to 443 to avoid having to specify a port for HTTPS traffic. Verify the TrueNAS dashboard is not listening on port 443 already, change the port if necessary. |
Storage Configuration
| Setting | Value | Description |
|---|---|---|
| Nginx Proxy Manager Data Storage | — | — |
| Type | ixVolume | Use ixVolume for data storage. |
| Enable ACL | false | Enabled to configure Access Control List. |
| Nginx Proxy Manager Certs Storage | — | — |
| Type | ixVolume | Use ixVolume for certs storage. |
| Enable ACL | false | Enabled to configure Access Control List. |
Resources Configuration
| Setting | Value | Description |
|---|---|---|
| CPU Limit | 1 | Configure a CPU thread limit for the application. 1 should be adequate for small deployments. |
| Memory Limit | 1024 | Memery limit in megabytes. 1 gigabyte should be adequate for small deployments. |
Install
Verify you have checked the TrueNAS documentation for Nginx Proxy Manager and Install. The application will complete installation and deploy. Navigate to the Applications tab to monitor the status.
Nginx Dashboard
When Nginx Proxy Manager enters the Running state, navigate to the dashboard in a browser window. Replace 172.16.13.13 with the TrueNAS IP address. Initial connection and configuration must be made over HTTP.
http://172.16.13.13:30020/
Nginx Certificates
Generate a new certificate within the Nginx Proxy Manager dashboard. This example will complete ACME verification via DNS using a Cloudflare API key. Adjust the configuration for the domain DNS provider.
Cloudflare API Token
Create an API token to interact with a Cloudflare Zone.
Navigate to the My Profile page and select the API Tokens tab.
Select Create Token. Configure the token with permission to edit Zone DNS. Only allow access to the zone resource required.
| Setting | Value | Description |
|---|---|---|
| Token Name | example-api-token | Choose a name to identify the token. |
| Permissions | Zone - DNS - Edit | Grant edit permissions for zone DNS. |
| Zone Resources | Include - Specific - example.com | Only include the zone that will utilize the token. |
Continue to summary and review the configuration, select Create Token.
When presented, copy the generated Cloudflare API token.
Certificate Configuration
From the Nginx Proxy Manager dashboard, select SSL Certificates.
Select Add SSL Certificate and choose Let's Encrypt.
Create a wildcard certificate request for the domain of choice.
| Setting | Value | Description |
|---|---|---|
| Domain Names | *.truenas.example.com | Pointing this domain at the server is not required with the DNS challenge. |
| Email Address | [email protected] | Public email address for the request. |
| Use a DNS Challenge | true | Use DNS to complete ACME challenge. |
| DNS Provider | Cloudflare | The DNS provider, Cloudflare in this example. |
| Credentials File Content | dns_cloudflare_api_token=GeneratedCloudflareAPIToken | Cloudflare API token generated in previous step. |
| Propagation Seconds | | Leave blank for default. |
Save the certificate and wait for the request process to complete. The new certificate will be listed on the Nginx Proxy Manager SSL Certificate page.
Nginx Access Lists
Create an access list to restrict access to Nginx hosts to the local network.
From the Nginx Proxy Manager dashboard, select Access Lists.
Select Add Access List and configure a name for the list, local in this example.
Switch to the Access tab and add a new allow rule. Specifiy the network and subnet based on the local network, 172.16.13.0/24.
Nginx Proxy Host
Add a proxy host for the Nginx Proxy Manager dashboard.
From the Nginx Proxy Manager dashboard, select Proxy Hosts under Hosts.
Select Add Proxy Host from the Proxy Hosts dashboard.
Proxy Host Details
Configure the new proxy host details.
| Setting | Value | Description |
|---|---|---|
| Domain Names | npm.truenas.example.com | Hostname that for the Nginx Proxy Manager dashboard. |
| Forward Hostname / IP | 127.0.0.1 | Use the loopback address. |
| Forward Port | 81 | Use the internal Docker port, not the mapped port, because the loopback address is the hostname. |
| Cache Assets | false | |
| Block Common Exploits | true | |
| Websockets Support | false | |
| Access List | local | Use the configured access list to limit devices that can connect. |
Proxy Host SSL
Switch to the SSL tab for the new proxy host and configure it to use the generated certificate.
| Setting | Value | Description |
|---|---|---|
| SSL Certificate | *.truenas.example.com | Use the generated certificate. |
| Force SSL | true | |
| HTTP/2 Support | true | |
| HSTS Enabled | true | |
| HSTS Subdomains | true |
Proxy Host Connect
View the added host in the proxy hosts list.
If a local DNS server is setup, add an entry for the proxy host domain(s).
If there is no local DNS server yet, add a custom host entry to /etc/hosts.
sudo nano /etc/hostsAdd the required domain(s) and point them to the TrueNAS IP address.
172.16.13.13 truenas.example.com
172.16.13.13 npm.truenas.example.comNavigate to the Nginx Proxy Manager dashboard with the configured domain, no port required if Nginx Proxy Manager was assigned port 80/443.
https://npm.truenas.example.com/References
iXsystems. “TrueNAS Documentation.” 2024. ↩︎
iXsystems. “TrueNAS Nginx Proxy Manager Documentation.” 2024. ↩︎
Nginx Proxy Manager. Nginx Proxy Manager Documentation. 2024. ↩︎
Nginx Proxy Manager. “Nginx Proxy Manager GitHub.” 2024. ↩︎