TrueNAS Scale Setup

Last Edit: 2024.11.30

Overview

Intial TrueNAS Scale setup, post-installation.

Network

Interfaces

The primary interface of the TrueNAS server should have a static IP configuration. Edit the interface of choice.

Setting	Value	Description
`Name`	`eno1`	Interface name on system.
`DHCP`	`false`	Enable for dynamic IP address from network.
`Autoconfigure IPv6`	`false`	Enable to autoconfigure IPv6 on the interface.
`MTU`	`1500`	Use a standard MTU size for your environment.
`Aliases`	`172.16.13.13/24`	Define the static IP address for the system here, modify to match the network.

Hostname and Domain

Setting	Value	Description
`Hostname`	`coolnas`	System hostname, requires restart.
`Inherit domain from DHCP`	`false`	Enable to inherit domain from DHCP provider.
`Domain`	`local`	Keep as local unless on configured domain.
`Additional Domains`		Additional search domains.

Service Announcement

Setting	Value	Description
`NetBIOS-NS`	`false`	Enable to advertise NetBIOS Name for legacy clients.
`mDNS`	`false`	Enable to advertise via Multicast DNS.
`WS-Discovery`	`false`	Enable to advertise NetBIOS Name via WS-Discovery.

DNS Servers

Configure your preferred DNS providers. Quad9 and Cloudflare examples are provided.

Setting	Value	Description
`Nameserver 1`	`9.9.9.9`	Quad9 IPv4.
`Nameserver 2`	`149.112.112.112`	Quad9 IPv4.
`Nameserver 1`	`2620:fe::fe`	Quad9 IPv6.
`Nameserver 2`	`2620:fe::9`	Quad9 IPv6.
`Nameserver 1`	`1.1.1.1`	Cloudflare IPv4.
`Nameserver 2`	`1.0.0.1`	Cloudflare IPv4.
`Nameserver 1`	`2606:4700:4700::1111`	Cloudflare IPv6.
`Nameserver 2`	`2606:4700:4700::1001`	Cloudflare IPv6.

Default Gateway

Setting	Value	Description
`IPv4 Default Gateway`	`172.16.13.1`	Default IPv4 network gateway (router IP address).
`IPv6 Default Gateway`		Default IPv6 network gateway (router IP address).

Outbound Network

Allow All is enabled by default. Consider choosing Allow Specific and specifying the services that will be used. A good starting point is: ACME, Catalog(s) information, and Update.

Other Settings

Setting	Value	Description
`HTTP Proxy`		Configure if a proxy connection is preferred.
`Host Name Database`		Additional hosts to append to `/etc/hosts`.
`Enable Netwait Feature`	`false`	Deprecated. Enable to utilize Netwait IP List.

System Settings - General

GUI

Setting	Value	Description
`Theme`	`iX Dark`	Pick your poison.
`GUI SSL Certificate`	`truenas_default`	Self-signed certificate by default, can be changed after adding a new certificate.
`Web Interface IPv4 Address`	`172.16.13.13`	Set this to the static IP address of your TrueNAS server on the network. Available IPs will be presented in the dropdown.
`Web Interface IPv6 Address`	`::`	Disabled by default, can be left disabled in most cases.
`Web Interface HTTP Port`	`80`	Change this port so reverse proxy apps can use 80/443.
`Web Interface HTTPS Port`	`443`	Change this port so reverse proxy apps can use 80/443.
`HTTPS Protocols`	`TLSv1.3`	Allowed cryptographic protocols. Use TLS 1.3; stop using weak HTTPS.
`Web Interface HTTP -> HTTPS Redirect`	`true`	Enable this to prevent connections to the server over HTTP. Highly recommended, TrueNAS ships with a self-signed certificate.

Other Options

Setting	Value	Description
`Crash Reporting`	`false`	Enable to send crash reports to iXsystems.
`Usage Collection`	`false`	Enable to send usage statistics to iXsystems.
`Show Console Messages`	`false`	Enable to display console messages at the bottom of the dashboard.

Localization

Setting	Value	Description
`Language`	`English (en)`	Local language as configured in setup.
`Console Keyboard Map`	`English (US) (us)`	Keyboard to assume from the user.
`Timezone`	`America/New_York`	Timezone for the system.
`Date Format`	`2020-04-20`	Date format for the system.
`Time Format`	`12:00:00`	Clock format for the system.

NTP Servers

Use your time servers of choice; common providers include NTP Pool, NIST ITS, and Cloudflare.

Address	Burst	IBurst	Prefer	Min Poll	Max Poll
`0.pool.ntp.org`	false	true	false	6	10
`1.pool.ntp.org`	false	true	false	6	10
`2.pool.ntp.org`	false	true	false	6	10
`3.pool.ntp.org`	false	true	false	6	10

System Settings - Advanced

These settings can be left mostly unmodified, but should be reviewed. These will see more configuration during setup of other applications on the system.

Console

Setting	Value	Description
`Show Text Console without Password Prompt`	`false`	When false, require password to open browser console.
`Enable Serial Console`	`false`	Only enable this if you have and intend to use serial ports.
`MOTD Banner`	`Authorized Access Only`	Message to present users connecting via SSH, consider changing it from the default.

Setup Two-Factor

Enable two-factor authentication to improve the login security of a TrueNAS system.

Navigate to Credentials - 2FA to configure two-factor authentication as detailed in this section.

Configure 2FA

Modify the values of the Two-Factor Authentication User Settings if necessary. The default values for token generation are suitable for most. Consider enabling the 2FA requirement for SSH connections.

Setting	Value	Description
One-Time Password (OTP) Digits	`6`	Length of tokens, `6` is standard.
Interval	`30`	Interval, in seconds, between token regeneration.
Window	`0`	Grace period for tokens. `1` would be one before and one after the current token.
Enable Two-Factor Auth for SSH	`true`	Require token for SSH login.

Save 2FA

Before enabling two-factor authentication, add the TOTP key to your 2FA app of choice. Save the token by either:

Select Show QR and scan the key into an authenticator app.
Copy the Secret key into an authenticator app manually.
To avoid manual configuration, Provisioning URI can also be manually added to an authenticator app.

Enable 2FA

Select Enable Two-Factor Authentication to enable the configuration. Two-factor authentication will now be required for dashboard login and, if configured, SSH login.

TrueNas two-factor authentication management page.

References

iXsystems. “TrueNAS Documentation.” 2024. ↩︎