I’ve been trying to figure this out off and on for months without any luck. This is my first homelab setup in a while. I have Proxmox running a few VMs, one is Truenas with some drives in direct passthrough. I also have a Proxmox container running Docker which is running a few things, Traefik being one of them.
I’ve got http/https working and figure out LetsEncypt certs via DNS checks through blood, sweat, and tears, but I cannot – for the life of me – figure out how to get Traefik to handle smb for that Truenas server so I don’t have to have 2 different DNS entries (1 pointing to Traefik for web and one pointing right at the VM for smb).
I found the ports Truenas claims to use for smb (and other services) here and how to capture TCP and UDP entrypoints on Traefik here, but I can’t seem to find the right combo for my Docker compose and Traefik setup.
Anybody else figure this out?
edit: My fat thumbs on mobile create a lot of typos. I also added the entrypoints documentation URL
I have a feeling routing SMB traffic through Traefik is going to be a performance and latency nightmare. Is your TrueNAS VM’s network interface bridged to your home network? If so, use a static IP and just have clients connect directly. If not, your best bet is likely iptables NAT to forward a port from your Proxmox servers IP to the TrueNAS VM.
I’ve got a static IP for Truenas now with an internal DNS entry pointing directly to it for smb and another DNS entry pointing to Traefik for the web UI. Annoying to have 2 names for it and was hoping to not have to, but this may be where/how things stay.
Annoying yes, but I’d argue that’s likely the simplest and most performant approach. At best (IPTables NAT), you’d be adding in an extra network hop to your SMB connections which would effect latency, and SMB is fairly latency sensitive especially for small files. And at worst (Traefik), you’d adding in a user-space layer 7 application that needs to forward every bit of traffic going over your SMB connection.
Fair take.
PS. Also to confirm since you mention LetsEncrypt, you aren’t planning to expose your smb server over the internet are you?
Not all. This is all internal. I got annoyed with with insecure warnings for all the internal stuff that runs on SSL and fell down the Traefik rabbit hole after watching TechnoTim’s video on the topic.
Here is an alternative Piped link(s): https://piped.video/liV3c9m_OX8
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.