CarterKoopa

Sorry, I haven't worked with TrueNAS Scale before, so I assumed you had some more command line access - my bad. Your best bet is probably then to put everything inside a Docker container. You could definitely do this with certbot independently and then install the certificates for whatever service you're using, but what is probably going to be simplest (especially if you've never worked with Docker before) is going to be to setup a reverse proxy. A reverse proxy can translate from a domain name request to a specific IP/port on your TrueNAS server, and installs a SSL certificate on the public-facing side of your server. Essentially, all the external traffic from your domain would first go through the reverse proxy and then be rerouted to whatever service you're to access. This is great since it allows you to serve multiple HTTP services through the same port/IP and will simply the configuration if you want to add or remove any services going forward. A great resource for setting this up with fairly little configuration is linuxserver.io's SWAG image. This will involve setting up a docker container on your TrueNAS server and then setting configuration files for all the services you want to access. Of course, a Cloudflare Zero Trust tunnel is always an option too and will simplify this at the expense of your data running through Cloudflare. Pointing a domain name right to your home network with an open port is inevitably going to create some security risks, and this is one way to mitigate it. Are you trying to access the actual TrueNAS UI, or a service hosted on TrueNAS?

What you're going to want to use to create and renew certificates is going to depend heavily on what the actual service is you are hosting. What service are you actually wanting to access via a domain and SSL? Broadly, you're probably going to want to use EFF's Certbot, which will automatically generate and renew Let's Encrypt SSL certificates. TrueNAS Scale is based on Debian Linux, but you'll need more information on the service itself you're actually hosting and what the backend of it is. Another potentially more secure option requiring less config is using a Cloudflare Zero Trust tunnel. Instead of port forwarding and setting up DDNS on your router, your traffic is tunneled directly to Cloudflare and then sent out into the world. Cloudflare adds a SSL certificates as it leaves thier proxy, and you can add a free Cloudflare certificate that lasts for 10+ years between the host on your computer and the Cloudflare endpoint. This eliminated the certificate issue and prevents you from having to open your network to the entire world.

If you're looking just for the mobile experience, this is exactly right - you want to use Nextcloud and then can use the interface to download files as needed. To actually access a Nextcloud instance away from your home network, your major options are to port forward the Nextcloud instance, setup a Cloudflare Argo tunnel to your instance, or setup a VPN (Wireguard or Tailscale) to access your home network from outside. Port forwarding will most likely be fine, but at the end of the day, it is opening your network to the entire world and a misconfigured firewall and land you in some hot water. While you're just getting started, I would personally recommend setting up a Tailscale network (tailnet as they call them). You'll install the client on the server and your phone/laptop that you're trying use remotely, and it can be a fairly zero-config setup (you'll just need to connect to the Tailscale IP address of your TrueNAS machine instead of the IP you use on your home network). This also removes a lot of the security worries since you aren't doing any port forwarding. Once you try it out for a while and figure out how you for sure want to access files, you can maybe spend some more time getting a Wireguard VPN or other solution setup.

All four of those should work for accessing data, but they are all fundamentally different approaches to doing it. The best solution would likely be a combination of more than one. First off, Nextcloud is a self-hosted file sharing platform, basically creating your own version of a service like Dropbox or Box. This is a completely self-contained web application that provides an easy way to share files hosted on your TrueNAS server. This is great, but without some additional work, it won't automatically allow you to remotely access your date - you'll be limited to accessing the Nextcloud interface through a browser on the same network as your TrueNAS server. On the other hand, ZeroTier, Tailscale, and Wireguard are all VPNs that allow you to securely access your network (read: your TrueNAS server and Nextcloud instance) when you're not physically connected to it through a tunnel. This is an alternative to doing something like setting up Nextcloud and port forwarding, which will allow clientless access through a web browser but will inherently create some security issues. However, unlike port forwarding, all of these will require some sort of client on the device trying to access the TrueNAS server. This is fine if it's just you accessing your laptop, but isn't as practical if you're trying to provide public access (although that's a separate beast). Between these three services, ZeroTier and Tailscale are a hosted service, where ZeroTier and Tailscale act as the host, where on Wireguard you'll configure the server yourself. If you have a decent internet connection, the latter can provide much better performance and you don't have to worry about your data being funneled through a third party, although it'll require quite a bit more setup and opening a port on your home router. Personally, I've used all of them. If you're just trying to mount a network share (SMB/NFS/etc.), then just setting up a Wireguard connection (if you have the time to configure/ability to port forward, otherwise Tailscale works great albeit with more limited bandwidth) is all you need to do. If you want the Dropbox-like interface, then doing a combination of Nextcloud and Wireguard or Tailscale is likely the best option. Nextcloud will also likely perform much better on mobile if that's something that is important to you, although you'll have to setup the Tailscale or Wireguard client on there too. If you know what you're doing and can properly secure it, you can also setup Nextcloud alone and port forward it. Hope this helps!

This is true, the 8th generation CPUs only work on Z370 and B3 boards. I'm partial to ASUS as I've always had a great experience with them, so I would recommend something like this .

Agreed, unless you're going to be running a lot of other things in the background, you don't really need a Xeon or another expensive CPU. I personally use an old Optiplex with an E8400 and I'm easily able to stream in a few different places at once and run a file share. If you are going to be transcoding all your streams, you may want to get something better than what I have, but I don't think you need a Xeon even if. Seeing as you can run Plex with a raspberry pi, you shouldn't need something too powerful. Sorry I sort of rambled on, but I hope this helps!

Here is a good video of how to make one. In my opinion, the best thing to use is plex since it has a huge community and tons of different features, along with being supported by almost every streaming device out there. You may have a little buffering using a pi, but from my experience, it works great!