TrueNAS Scale Setup

Last Edit: 2023.10.22

Overview

Intiial TrueNAS Scale setup, post-installation.

Network

Interfaces

The primary interface of the TrueNAS server should have a static IP configuration. Edit the interface of choice.

SettingValueDescription
Nameeno1Interface name on system.
DHCPfalseEnable for dynamic IP address from network.
Autoconfigure IPv6falseEnable to autoconfigure IPv6 on the interface.
MTU1500Use a standard MTU size for your environment.
Aliases172.16.13.13/24Define the static IP address for the system here, modify the value to match your network.

Hostname and Domain

SettingValueDescription
HostnamecoolnasSystem hostname, requires restart.
Inherit domain from DHCPfalseEnable to inherit domain from DHCP provider.
DomainlocalKeep as local unless on configured domain.
Additional DomainsAdditional search domains.

Service Announcement

SettingValueDescription
NetBIOS-NSfalseEnable to advertise NetBIOS Name for legacy clients.
mDNSfalseEnable to advertise via Multicast DNS.
WS-DiscoveryfalseEnable to advertise NetBIOS Name via WS-Discovery.

DNS Servers

Configure your preferred DNS providers. Quad9 and Cloudflare examples are provided.

SettingValueDescription
Nameserver 19.9.9.9Quad9 IPv4.
Nameserver 2149.112.112.112Quad9 IPv4.
Nameserver 12620:fe::feQuad9 IPv6.
Nameserver 22620:fe::9Quad9 IPv6.
Nameserver 11.1.1.1Cloudflare IPv4.
Nameserver 21.0.0.1Cloudflare IPv4.
Nameserver 12606:4700:4700::1111Cloudflare IPv6.
Nameserver 22606:4700:4700::1001Cloudflare IPv6.

Default Gateway

SettingValueDescription
IPv4 Default Gateway172.16.13.1Default IPv4 network gateway (router IP address).
IPv6 Default GatewayDefault IPv6 network gateway (router IP address).

Outbound Network

In an ideal world, toggle Allow Specific and select required services. At minimum Allow All will allow TrueNAS to function properly.

Other Settings

SettingValueDescription
HTTP ProxyConfigure if a proxy connection is preferred.
Enable Netwait FeaturefalseEnable to utilize Netwait IP List.
Host Name DatabaseAdditional hosts to append to /etc/hosts.

System Settings - General

GUI

SettingValueDescription
ThemeiX DarkPick your poison.
GUI SSL Certificatetruenas_defaultSelf-signed certificate by default, can be changed after adding a new certificate.
Web Interface IPv4 Address172.16.13.13Set this to the static IP address of your TrueNAS server on the network. Available IPs will be presented in the dropdown.
Web Interface IPv6 Address::Disabled by default, can be left disabled in most cases.
Web Interface HTTP Port80
Web Interface HTTPS Port443
HTTPS ProtocolsTLSv1.3Allowed cryptographic protocols. Use TLS 1.3; stop using weak HTTPS.
Web Interface HTTP -> HTTPS RedirecttrueEnable this to prevent connections to the server over HTTP. Highly recommended, TrueNAS ships with a self-signed certificate.

Other Options

SettingValueDescription
Crash ReportingfalseEnable to send crash reports to iXsystems.
Usage CollectionfalseEnable to send usage statistics to iXsystems.
Show Console MessagesfalseEnable to display console messages in browser windows.

Localization

SettingValueDescription
LanguageEnglish (en)Local language as configured in setup.
Console Keyboard MapEnglish (US) (us)Keyboard to assume from the user.
TimezoneAmerica/New_YorkTimezone for the system.
Date Format2020-04-20Date format for the system.
Time Format12:00:00Clock format for the system.

NTP Servers

Use your time servers of choice; common providers include NTP Pool, NIST ITS, and Cloudflare.

AddressBurstIBurstPreferMin PollMax Poll
0.pool.ntp.orgfalsetruefalse610
1.pool.ntp.orgfalsetruefalse610
2.pool.ntp.orgfalsetruefalse610

System Settings - Advanced

These settings can be left mostly unmodified, but should be reviewed. These will see more configuration during setup of other applications on the system.

Console

SettingValueDescription
Show Text Console without Password PromptfalseWhen false, require password to open browser console.
Enable Serial ConsolefalseOnly enable this if you have and intend to use serial ports.
MOTD BannerAuthorized Access OnlyMessage to present users connecting via SSH, consider changing it from the default.

Setup Two-Factor

Enable two-factor authentication to improve the login security of a TrueNAS system.

Navigate to Credentials - 2FA to configure two-factor authentication as detailed in this section.

Configure 2FA

Modify the values of the Two-Factor Authentication User Settings if necessary. The default values for token generation are suitable for most. Consider enabling the 2FA requirement for SSH connections.

SettingValueDescription
One-Time Password (OTP) Digits6Length of tokens, 6 is standard.
Interval30Interval, in seconds, between token regeneration.
Window0Grace period for tokens. 1 would be one before and one after the current token.
Enable Two-Factor Auth for SSHtrueRequire token for SSH login.

Save 2FA

Before enabling two-factor authentication, add the TOTP key to your 2FA app of choice. Save the token by either:

  • Select Show QR and scan the key into an authenticator app.
  • Copy the Secret key into an authenticator app manually.
  • To avoid manual configuration, Provisioning URI can also be manually added to an authenticator app.

Enable 2FA

Select Enable Two-Factor Authentication to enable the configuration. Two-factor authentication will now be required for dashboard login and, if configured, SSH login.

TrueNas two-factor authentication management page.

References

1