DNS rebind protection?

[Blackline]

When I try to access truenas via a public url (truenas.my.domain) from INSIDE the network, I get the following message:
```
Connecting to TrueNAS ... Make sure the TrueNAS system is powered on and connected to the network.
```

I had similar issues with the fritzbox, it was a DNS rebind protection I had to disable for my domain. I already tried to deactivate the truenas firewall with `/etc/rc.d/ipfw onestop` but no luck. As the reverse proxy I am using `nginx proxy manager`, and I tried all possible combinations of HTTP/HTTPS, with or without SSL, port 80/443.

Any ideas?

 

[Patrick M. Hausen]

The TrueNAS UI does not work through a proxy as far as I know.

https://jira.ixsystems.com/browse/NAS-105554

You could try to analyse the websocket connections and come up with a suitable proxy configuration

 

[Blackline]

You did it :D it works, I had to enable websockets. Did not know it was because of this, yay!

 

[Ericloewe]

You probably don't want to expose the WebGUI to the internet, especially not on Port 80 of truenas.subdomain.tld.

 

[Blackline]

You mean due to hackers/bots trying to get access? Or just general concern?

 

[Ericloewe]

Is there another concern beyond "hackers/bots trying to get access"? Honest question.

 

[Blackline]

Of course, not having it public faced would be the "safest" solution, but what could really happen with a strong password? I assume the web interface of Truenas is not specifically designed to withstand such attacks, compared to maybe SSH or a VPN

Nginx Proxy Manager can utilize ACL, so maybe that additional layer should be enough, as it is actually made for preventing access.

 

[Ericloewe]

I assume the web interface of Truenas is not specifically designed to withstand such attacks, compared to maybe SSH or a VPN

Correct, it has never been a priority.