I'm attempting to reverse proxy an external instance of TrueNAS SCALE Web UI through Traefik using Kubernetes CRDs. Everything works up to a point, but the frontend fails to load correctly when accessed via the domain.
Setup
- TrueNAS SCALE: Fangtooth 25.04, running on a separate machine (
{domainIP}) - Traefik: v35.0.1 (Helm, CRD mode)
- Cert-Manager: v1.17.1 with Let's Encrypt DNS-01 (Cloudflare)
- TLS: Working and valid via cert-manager
Kubernetes Configuration
IngressRouteusingscheme: httpsandserversTransportto skip TLS verification- K8s
Serviceis headless (clusterIP: None) with a manually definedEndpointSlicepointing to{domainIP}:443 - Middleware forwarding headers (with and without):
X-Forwarded-Host: truenas.mydomain.comX-Forwarded-Proto: httpsX-Real-IP: <clusterIP>
- Path match:
PathPrefix(/ui)with host match ontruenas.mydomain.com
Observations
- TLS and routing to the backend are working
curlfrom an internal pod tohttps://{domainIP}withHost: truenas.mydomain.comreturns full HTML- Main issue: In the browser,
https://truenas.mydomain.comfail to load or return 404s - No entries in TrueNAS nginx logs, indicating early request rejection or misrouting
- Removing Host header rewrites has no effect; TrueNAS accepts the domain header directly
What I've Tried
- Various
PathPrefixmatches (with and without trailing slash) - Middleware header injection
- Direct curl testing (working as expected)
- Browsing via domain (fails after initial HTML load)
- Rewriting Location headers (unsupported in CRD mode)
Request
Has anyone successfully reverse proxied the TrueNAS SCALE GUI through Traefik using Kubernetes CRDs? Specifically:
- Any required configuration to get static assets and frontend logic to work via the domain?
- Known issues with Traefik + TrueNAS GUI asset routing?
Thanks in advance.