this post was submitted on 11 Jul 2023
8 points (83.3% liked)

Selfhosted

40359 readers
278 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I've been trying to figure this out off and on for months without any luck. This is my first homelab setup in a while. I have Proxmox running a few VMs, one is Truenas with some drives in direct passthrough. I also have a Proxmox container running Docker which is running a few things, Traefik being one of them.

I've got http/https working and figure out LetsEncypt certs via DNS checks through blood, sweat, and tears, but I cannot -- for the life of me -- figure out how to get Traefik to handle smb for that Truenas server so I don't have to have 2 different DNS entries (1 pointing to Traefik for web and one pointing right at the VM for smb).

I found the ports Truenas claims to use for smb (and other services) here and how to capture TCP and UDP entrypoints on Traefik here, but I can't seem to find the right combo for my Docker compose and Traefik setup.

Anybody else figure this out?

edit: My fat thumbs on mobile create a lot of typos. I also added the entrypoints documentation URL

top 12 comments
sorted by: hot top controversial new old
[–] nick_99 2 points 1 year ago (1 children)

I'm not sure if you can proxy smb as it's not http/s data. If using NGiNX you could use something like the stream config, but there's not really an advantage.

[–] [email protected] 1 points 1 year ago (1 children)

I'm not sure that's right, in the routers section of the Traefik docs they say...

UDP routers can only target UDP services (and not HTTP or TCP services).

Feels possible, just not widely documented. I could be completely wrong, though.

[–] nick_99 2 points 1 year ago

Oh ok. That's awesome. I didn't know it could do UDP/TCP proxying. That's awesome.

[–] [email protected] 1 points 1 year ago (2 children)

I have a feeling routing SMB traffic through Traefik is going to be a performance and latency nightmare. Is your TrueNAS VM's network interface bridged to your home network? If so, use a static IP and just have clients connect directly. If not, your best bet is likely iptables NAT to forward a port from your Proxmox servers IP to the TrueNAS VM.

[–] [email protected] 1 points 1 year ago (1 children)

I've got a static IP for Truenas now with an internal DNS entry pointing directly to it for smb and another DNS entry pointing to Traefik for the web UI. Annoying to have 2 names for it and was hoping to not have to, but this may be where/how things stay.

[–] [email protected] 1 points 1 year ago (1 children)

Annoying yes, but I'd argue that's likely the simplest and most performant approach. At best (IPTables NAT), you'd be adding in an extra network hop to your SMB connections which would effect latency, and SMB is fairly latency sensitive especially for small files. And at worst (Traefik), you'd adding in a user-space layer 7 application that needs to forward every bit of traffic going over your SMB connection.

[–] [email protected] 1 points 1 year ago
[–] [email protected] 0 points 1 year ago (1 children)

PS. Also to confirm since you mention LetsEncrypt, you aren't planning to expose your smb server over the internet are you?

[–] [email protected] 1 points 1 year ago (1 children)

Not all. This is all internal. I got annoyed with with insecure warnings for all the internal stuff that runs on SSL and fell down the Traefik rabbit hole after watching TechnoTim's video on the topic.

[–] [email protected] 1 points 1 year ago

Here is an alternative Piped link(s): https://piped.video/liV3c9m_OX8

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[–] huskypenguin 1 points 1 year ago

I have never heard of running SMB through a reverse proxy, and I don't think it's a good idea. Just use a vpn to your network with a direct connection, or better yet deploy a nextcloud instance and use that.

[–] [email protected] 1 points 1 year ago