I’ve been enjoying HexOS, Eshtek’s NAS software, and have uploaded most of my files. It works well, but it still feels unfinished. Rather than waiting for improvements, I decided to bypass the gaurdrails and dive further into TrueNAS.
Following up with HexOS
After playing with HexOS for a little bit, I ran into a problem. Mainly, the software is still very much in a beta state. It’s not that it is particularly unstable or breakable. Rather, it hasn’t received any major updates since my purchase.
At the moment, the HexOS UI only really supports two applications: Plex and Immich. While I love Immich, Plex felt quite noisy. Instead of showing my meager media library, I was bombarded by their streaming offers and advertisements. Unlike Plex, Jellyfin only shows the media I already own. There are no advertisements! The only problem, HexOS does not yet support it.
Installing Jellyfin
I wanted to wait until Jellyfin was officially supported by HexOS. However, after waiting a few weeks without much news, I finally gave in. Instead of waiting for Eshtek to implement the single click option, I decided to just follow this guide for TrueNAS. Because HexOS wraps TrueNAS, and the NAS still exposes the existing TrueNAS UI, I can follow any publicly available guide for TrueNAS.
Although the difficulty of configuring my own NAS has been hyped up, I didn’t find installing Jellyfin to be that hard. All I really had to set up was a few mounts so that Jellyfin can access my meager media library.
Otherwise, I kept all the default options.
It just works!
Demonstrative screenshot from the demo Jellyfin instance.
Jellyfin worked great! But as my household became interested, I realized accessing it wasn’t as user-friendly as the UI. By default, services like Immich and Jellyfin run on different ports, which aren’t easy to remember.
Custom Hosts
Since all my services share the same local IP, they are only differentiated by their assigned port numbers. Self-hosted enthusiasts cannot expect their significant others to remember that Immich is on port 30041 and Jellyfin is on 30013. Instead of providing each member of my family a cheat sheet, I set up subdomains (e.g., jellyfin.domain.com) for easier access.
This will involve a few steps. First, I will need to point my domain towards an IP address. Next, I will need to setup my NAS to reverse proxy requests based on the domain. Finally, I want to set up SSL to secure my services.
DNS
Setting up DNS is fairly straight forward through Cloudflare’s Dashboard. Since I want my setup to remain private, exposing services online wasn’t an option. Plus, proxying Jellyfin through Cloudflare can cause issues. Luckily, I already have a VPN setup for my local network at home. If I simply setup DNS to point to the static IP address my NAS already uses, it just works for the low price of free!
The only downside is that I need to be connected to my VPN. I am aware of services like Tailscale, but I decided this was simpler to start with. I may change my mind later.
Reverse Proxy
The straightforward choice for this project was nginx proxy manager. It’s fairly mature and has most of the features I’d like to use. Like Jellyfin, it is not officially supported by HexOS. It was fairly easy to setup nginx-proxy-manager (NPM) using TrueNAS.
For each service, I was able to assign a custom subdomain.
Next, TrueNAS is currently using port 80 to serve the admin UI. Instead, we want nginx to start proxying http traffic on that port. We can fix this by navigating to System > General Settings > GUI Settings in the TrueNAS UI. I was then able to update the port that the UI used.
I then updated the App settings for NPM and now my custom domains work!
The only caveat is that I ran into an issue with slow deploy times. If I needed to restart NPM, it would take up to 30 minutes for the service to come back up. I did find this thread on the truenas forms, but it didn’t seem to resolve my issue. What I believe is happening is that NPM runs chown as a part of its setup. chown is not very performant when run on HDD pools like mine. I did try using the recommend environmental variable overrides:
S6_STAGE2_HOOK=sed -i $d /etc/s6-overlay/s6-rc.d/prepare/30-ownership.shBut it didn’t seem to help me. For now, this setup is good enough for my use case.
UPDATE - 2/26/25
I found this github thread
It recommended changing the user and group IDs to 0
Restarting the container works perfectly for me
SSL Certificates
Last, but not least, I wanted to make sure that all my services had proper encryption. This was actually the easy step of all. NPM allows you to create and assign SSL Certs for all your proxy hosts via LetsEncrypt.
Instead of creating a cert for each subdomain, I created one cert that should cover any subdomain I decide to add. This will make certificate management much easier. As a final step, I assigned my new certificate to each proxy host I introduced from before.
Conclusion
Surprisingly, everything just works! It took some time reading through documentation, and I still am not happy with how slow nginx boots up. Perhaps this is a good excuse to buy some SSDs for a new pool?
Overall, I am happy with the new set up. TrueNAS wasn’t too bad to use, and the process was straightforward.
On the other hand, I am increasingly questioning the HexOS use case. I understand that software development is not easy. However, I am not too sure about the current state of development. So far, there has not been a new major release. The main selling point of HexOS is its simplicity. If I have to go into TrueNAS every time I want to accomplish something, what is the point of HexOS? At this point, I would have liked to see additional officially supported apps.
There were a few complications I ran into in this process. However, I wonder if Eshtek will be able to simplify the steps any further. For example, I ran into issues running nginx-proxy-management on a HDD pool. Will they be able to identify the issue, and then automatically mitigate it? There must be many thousands of such edge cases out there. It would have been very helpful if HexOS did all that work for me. But now that I have seen some of these edge cases that HexOS ought to cover for me, I am not sure how feasible it is for HexOS to fix all these issues on my behalf.
HexOS has potential, but without a clear development roadmap, its future is uncertain. Until major updates arrive, I can’t fully recommend it — especially when TrueNAS remains the real backbone of my setup.