TrueNAS + Nginx Proxy Manager + pfSense Setup Guide

Emanuel Rahn·March 3, 2025·0 comments

This guide walks through setting up TrueNAS behind Nginx Proxy Manager (NPM) with pfSense firewall, including proper WebSocket support and SSL certificates.

Prerequisites

  • TrueNAS instance running on a VM or physical server
  • Nginx Proxy Manager installed (on a separate VM or Docker container)
  • pfSense firewall in front of your network
  • Domain name with DNS configured (e.g., Cloudflare, Namecheap, etc.)
  • Let’s Encrypt SSL certificates (optional but highly recommended)

Network Diagram

Internet -> pfSense Firewall -> Nginx Proxy Manager -> TrueNAS VM

Step 1: pfSense Firewall Configuration

  1. Go to Firewall > NAT > Port Forward.
  2. Forward ports 80 (HTTP) and 443 (HTTPS) to your Nginx Proxy Manager VM.
  3. Ensure you have firewall rules allowing external traffic on those ports.
  4. (Optional) Set up Let’s Encrypt DNS Challenge if you’re using Cloudflare.

Step 2: Nginx Proxy Manager Setup

  1. Access the Nginx Proxy Manager dashboard.
  2. Go to Proxy Hosts.
  3. Add a new Proxy Host with the following:
    • Domain Names: yourdomain.com
    • Scheme: http or https (depending on your TrueNAS setup)
    • Forward Hostname/IP: Internal TrueNAS IP (e.g., 192.168.1.100)
    • Forward Port: 80 or 443
  4. Under SSL:
    • Enable Force SSL (if using HTTPS).
    • Request a Let’s Encrypt Certificate.
  5. SAVE the proxy host.

Step 3: Enable WebSockets in NPM

  1. Edit the Proxy Host.
  2. Go to the Advanced tab.
  3. Add the following lines:proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_cache_bypass $http_upgrade;
  4. Save and restart the proxy.

Step 4: TrueNAS Web Interface Settings

  1. Go to System Settings > General > GUI in TrueNAS.
  2. Set the GUI Protocol to HTTPS (if not already enabled).
  3. Restart the TrueNAS web service.

Troubleshooting

IssueFix
Web Interface Not LoadingCheck WebSocket support + Firewall rules
Certificate ErrorsEnsure DNS is properly set + Force SSL in NPM
Infinite Loading SpinnersEnable WebSockets in Nginx Proxy Manager
502 Bad GatewayCheck Forward Host IP and Port

Bonus Tips

  • Use ACME Certificates + DNS Challenge with pfSense for wildcard SSL certs.
  • Lock down access with GeoIP Filtering or IP Whitelisting.
  • Enable HSTS in NPM for added security.

That’s it! Now your TrueNAS instance is fully secured, accessible via domain name, and 100% WebSocket-compatible 🔥.

If you’d like help generating firewall rules or optimizing your network layout, let me know!

Emanuel Rahn

Related posts

Leave the first comment