I'm not sure if you can proxy smb as it's not http/s data. If using NGiNX you could use something like the stream config, but there's not really an advantage.
this post was submitted on 11 Jul 2023
8 points (83.3% liked)
Selfhosted
38768 readers
174 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
I'm not sure that's right, in the routers section of the Traefik docs they say...
UDP routers can only target UDP services (and not HTTP or TCP services).
Feels possible, just not widely documented. I could be completely wrong, though.
Oh ok. That's awesome. I didn't know it could do UDP/TCP proxying. That's awesome.
I have a feeling routing SMB traffic through Traefik is going to be a performance and latency nightmare. Is your TrueNAS VM's network interface bridged to your home network? If so, use a static IP and just have clients connect directly. If not, your best bet is likely iptables NAT to forward a port from your Proxmox servers IP to the TrueNAS VM.
I've got a static IP for Truenas now with an internal DNS entry pointing directly to it for smb and another DNS entry pointing to Traefik for the web UI. Annoying to have 2 names for it and was hoping to not have to, but this may be where/how things stay.
Annoying yes, but I'd argue that's likely the simplest and most performant approach. At best (IPTables NAT), you'd be adding in an extra network hop to your SMB connections which would effect latency, and SMB is fairly latency sensitive especially for small files. And at worst (Traefik), you'd adding in a user-space layer 7 application that needs to forward every bit of traffic going over your SMB connection.
Fair take.
PS. Also to confirm since you mention LetsEncrypt, you aren't planning to expose your smb server over the internet are you?
Not all. This is all internal. I got annoyed with with insecure warnings for all the internal stuff that runs on SSL and fell down the Traefik rabbit hole after watching TechnoTim's video on the topic.
Here is an alternative Piped link(s): https://piped.video/liV3c9m_OX8
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source, check me out at GitHub.
I have never heard of running SMB through a reverse proxy, and I don't think it's a good idea. Just use a vpn to your network with a direct connection, or better yet deploy a nextcloud instance and use that.
Following