No-IP -> Linksys Router -> FreeNAS server


#1

My ISP, Cox, uses DHCP to dynamically change the IP address of my router. So I have to use a ddns to use a constant domain name.

My router is a Linksys WRT1900ACS, which only supports 2 ddns providers: no-ip and dyn.com. So I don’t have much choice. I’ve been using no-ip successfully for several years.

I’m in the process of configuring a FreeNAS server. And the problem I have is simple. The external domain names point to my router, but inside on the local network I have another NAS drive already running, plus computers, streaming devices, etc. So even port forwarding is complex.

I’ve tried lots of things to validate a certificate, but so far have been unsuccessful.

So my question is simple: How do I work behind the firewall to configure the FreeNAS when the domain name applies to the WAN connection to the router?

My domain is:
shangri-la.ddns.net, nirvana.myvnc.com, and tomahawk.ddns.net

I ran this command:
certbot certonly

It produced this output:
Lots of stuff. Read the description above. If the output is still necessary, I’ll supply the details.

My web server is (include version):
Not really using a web server.

The operating system my web server runs on is (include version):
FreeNAS 11.2 (FreeBSD 11.2)

My hosting provider, if applicable, is:
N/A

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
? FreeNAS has a GUI. I’m using a combination of GUI & CLI.


#2

Either port forward 80/443 to a jail on the FreeNAS box, or use DNS validation. The certificate itself can be uploaded and activated using the FreeNAS API. Here’s one way of doing it:


#3

Thanks, Dan.

One bit of confusion I have with instructions like these is that they apply to web pages and, ergo, web servers. But I’m not planning on hosting a web site or running a web server. Instead, I’ll mainly be running a Plex server and hosting WebDAV storage. (WebDAV, of course, is based on http/https.)

Plex routinely uses port 32400, and WebDAV uses 5005 & 5006. Also, ports 80 & 443 are already being forwarded to another NAS on my local network. The article you reference, which I believe is yours, mentions using Cloudfare for the DNS Challenge method. In turn, Cloudfare talks about “personal web sites, blogs,” etc., which would imply ports 80 & 443, no?

So do I also have to run a web server, or can I somehow get by without one? How?

Sorry to be so thick on this. I’m not very knowledgeable about these things.


#4

Not necessarily. Cloudflare can do a lot for your web services, but my writeup for FreeNAS just uses it for DNS service–which they’ll do at no cost. And they’re only used as an example, as many other DNS providers are also supported by acme.sh (see https://github.com/Neilpang/acme.sh/blob/master/dnsapi/README.md for the list).


#5

Thanks again for the quick reply.

This may be a bit OT. I read the Cloudfare weg site and see that it does much more than validate certificates for web sites. But for Cloudfare to do its magic, do you have to give it a web site address? Or, e.g., could I just give it an address for, say, a port-forwarded WebDAV storage?


#6

CloudFlare is a glorified DNS hosting provider. Using CloudFlare would involve actually purchasing a domain of your own (some TLDs can be purchased for free, check freenom.com). Then, you’d need to setup CNAME (alias) records that point your CloudFlare domain names at your No-IP hostname. So myserver.example.com would point to shangri-la.ddns.net which points to your current IP. And the certificates you create would then all be for things in example.com.

Realistically for most things you’re hosting internally, it’s going to be easier to use DNS based challenge validation rather than HTTP. Most of the available ACME clients have CloudFlare support built-in as well as other popular DNS providers.

For Plex specifically, you don’t need to worry about generating a cert as they do it for you when you connect via https://app.plex.tv/desktop. They actually generate a real cert on your install as well, but its for a name that you would likely never use to get to it (e.g. *.asdfqwer123456789.plex.direct).


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.