Backup Truenas Files/Dataset to remote host using Tailscale

Prerequisites

• working Truenas Server
• remote Server:
  • running docker
  • and docker compose
  • having enough storage for the backup

Setup Remote Server

Basic Setup

create a docker-compose.yml file with the following content

services:  
  tailscale:
    image: tailscale/tailscale:latest
    environment:
      - TS_AUTHKEY=<your tailscale auth key>
      - TS_STATE_DIR=/var/lib/tailscale
    volumes:
      - /path/for/tailscale/config:/var/lib/tailscale
    cap_add:
      - net_admin
      - sys_module
    restart: unless-stopped
  webdav:
    image: dgraziotin/nginx-webdav-nononsense:latest
    environment:
      - WEBDAV_USERNAME=username
      - WEBDAV_PASSWORD=supersecretpassword
      # - CLIENT_MAX_BODY_SIZE=5G # must end with M(egabytes) or G(igabytes)
      # - TIMEOUTS_S=1200 # seconds
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      # see https://hub.docker.com/r/dgraziotin/nginx-webdav-nononsense
    volumes:
      - /path/for/files:/data
    network_mode: service:tailscale
    depends_on:
      - tailscale
    restart: unless-stopped

Get a tailscale auth key and replace <your tailscale auth key> in the docker compose. Also replace the paths

• /path/for/tailscale/config with the path for the tailscale config
• /path/for/files with the folder for the Files

On my setup I’m currently using a SMB mount on the remote for file storage

.htpasswd for Auth

soon…

Add SSL Certs (optional)

soon…

Setup Truenas Server

Setup Tailscale

1. Get another tailscale auth key for your Truenas server
2. Add Tailscale as a Truenas App
   1. make sure Network Configuration ⇒ Host Network is checked
3. Test the Tailscale setup
   1. go to System ⇒ Shell
   2. enter ip addr
      • you should see an interface with the name tailscale0
   3. try to ping your remote server trough Tailscale
      • get your Tailscale IP of the remote client on the Tailscale Website
      • ping <yourIP>

Setup a Backup Job

1. Go to Data Protection
2. Add a `Cloud Sync Task
   1. Add new Credentials
      • Provider: WebDAV
      • URL: http://<ip> (or https://example.com with SSL)
      • WebDAV Service: `OTHER“
      • Username: as set on the remote`
      • Password: as set on the remote
   2. What and When
      • Direction: PUSH (pushing the files to the remote)
      • Transfer Mode: usually SYNC (see Help: Transfer Mode)
      • Directory/Files: local folder to sync
      • Folder: folder on the remote (must exist on the remote)
   3. Save
3. Enable Remote encryption (optional)
   1. Find the Sync Task and click the edit icon
   2. Under Advanced Options enable Remote Encryption
   3. Set a LONG and SECURE Encryption Password and Encryption Salt
      • Always securely back up this password / salt! Losing the encryption password will result in data loss.
   4. Save

Sources:

• https://tailscale.com/blog/docker-tailscale-guide
• https://hub.docker.com/r/dgraziotin/nginx-webdav-nononsense