I recently set up something similar to this. I can’t comment on your specific hardware, but I was very frustrated with the limitations of TrueNAS and ended up using Debian and Cockpit with BTRFS for the drives.

I started with two 18TB drives with no RAID, and have since added two 26TB drives with everything’s using RAID1 and ~45TB of usable storage. Converting and adding drives was very simple, but also time consuming of course.

Happy to help!

You can find a bit more information at the URL below, and feel free to message me if you run into any issues getting it set up.

https://letsencrypt.org/docs/challenge-types/#dns-01-challenge

Cheers to your journey so far, and to your continued success!

You can absolutely do free SSL certs with Let’s Encrypt without exposing your infrastructure to the internet. Just use DNS based validation instead of HTTP, copy the required TXT records to your domain as instructed, wait for any cache/TTL of any old records to expire (generally 1-2 hours by default), and finally complete the validation.

You’ll need to renew the certs every 3 months, which could be annoying if done manually. If your Registrar has a decent API, writing a script could be a fun automation project. Alternatively I can also send you scripts that I used to use for that purpose.

As a sanity check, I just completed the same setup that you described (Ubuntu Server 24.04 running in a Proxmox VM, Domain name pointing to a CNAME that points to the Dynamic IP, using the installer script, enabled CrowdSec, etc.), and everything worked out of the box. A couple of things I noticed that would also be worth checking now that I’m more familiar with this specific setup are:

• In the config/config.yml file, verify that the dashboard_url is set to the FQDN of the full URL (e.g. pangolin.mydomain.com), and that the base_domain is set to the root/apex domain (e.g. mydomain.com).
• Double check those DNS records. As the haiku goes: it’s not DNS, it couldn’t be DNS, it was DNS. dig pangolin.mydomain.com or dig @1.1.1.1 pangolin.mydomain.com should show the CNAME that points to the A record.
• A 404 page not found error is normal when connecting to the IP address directly rather than using the domain name. I was successfully able to access the dashboard using the FQDN from a local and external network. Depending on your network, you might want to set up a local DNS record that points to the internal IP address as well (though this should be optional in most cases to my knowledge).

I hope that helps!

According to the docs, you should be using UDP port 51820 (unless you changed the port in the docker compose file).

You should also check the dynamic config file to be sure that it’s using the correct domain name. See this page: https://docs.fossorial.io/Getting%20Started/Manual%20Install%20Guides/docker-compose

If you’re still having issues, make sure the containers are running with docker compose stats and check the logs with docker compose logs -f. It might also be worth checking the domain name to be sure that it’s resolving to the correct IP address, both locally and externally.

How does this differ from something like synapse?