Your Private Library of Alexandria: A Comprehensive Guide to Kavita and Nextcloud on TrueNAS SCALE

Andrzej Majewski Written in Nextcloud EN, TrueNAS EN

Linux devotee and Bournemouth-based IT expert, obsessed with homelabbing, server performance, and elegant Python code.

Table of Contents

Toggle

Introduction: Reclaim Control Over Your Digital Bookshelf

In the digital era, the concept of ownership has become fluid. We buy e-books, subscribe to digital magazines, and accumulate vast collections of PDF documents, yet we seldom have full control over them. Our collections are often scattered across various platforms and locked within proprietary ecosystems, such as Amazon Kindle or Apple Books, dependent on the whims of corporations that can change their terms of service or disappear from the market at any moment. This guide is a manifesto of digital sovereignty—a journey to reclaim full control over your own library and create a private, secure, and elegant sanctuary for the written word.

At the heart of our project lies a powerful trinity of open-source software that, together, creates a system surpassing the functionality of many commercial solutions. The foundation is TrueNAS SCALE, a hyper-converged operating system that transforms a home server into a reliable fortress for your data. Upon this foundation, we will build Nextcloud, our private command centre—a versatile cloud that will allow for easy management, synchronisation, and organisation of our library’s files from any device. The crowning achievement will be Kavita, a lightning-fast and aesthetically pleasing reading server that will turn our collection of files into a beautiful, interactive reading room, accessible both at home and on the go.

The path to creating this digital sanctuary, though incredibly satisfying, is fraught with technical nuances. This guide is a map for that journey, created based on real experiences and challenges encountered during configuration—from the intricacies of system permissions and container isolation to setting up secure remote access. It is not merely a set of instructions, but an in-depth analysis aimed not only at showing how to do something but also explaining why we do it in a particular way. The goal is to equip the reader with the knowledge and confidence to build a professional, stable, and fully personalised system for managing their digital library.

Section 1: The Architecture of Your Digital Empire: Understanding the Components

Before we begin the installation, it is crucial to understand the role each component plays in our architecture. The choice of software is not accidental—it creates a synergistic ecosystem where each element specialises in its task, leading to a more efficient and flexible solution than any monolithic system.

The Foundation: TrueNAS SCALE – More Than a Network Drive

Many users perceive a NAS (Network Attached Storage) server as just a network drive. TrueNAS SCALE goes far beyond this definition. It is a fully functional, free hyper-converged infrastructure (HCI) platform built on the solid foundations of Linux (Debian). This means it combines two key functions: advanced storage management and a platform for running applications in virtualised environments, such as Docker containers and KVM virtual machines.

The heart and soul of TrueNAS is the OpenZFS file system. This is what gives it an edge over simpler solutions. ZFS was designed from the ground up with data integrity and protection in mind, offering enterprise-class features that are now available to home users:

• Protection against “silent” data corruption: ZFS constantly verifies data checksums, automatically detecting and repairing errors that might go unnoticed on other file systems until a file becomes unreadable.
• Flexibility and protection: Features like unlimited, instantaneous snapshots allow for the creation of restore points for the entire file system, protecting against accidental data deletion or ransomware attacks.
• Performance: Advanced caching mechanisms, such as ARC (Adaptive Replacement Cache), intelligently use the server’s RAM to speed up access to the most frequently used files.

In our project, TrueNAS SCALE is not just a storage repository. It is an active platform that will host the Nextcloud and Kavita applications, providing them with a stable and secure environment in which to operate.

The Management Hub: Nextcloud – Your Private Data Centre

Nextcloud is much more than just an alternative to Google Drive or Dropbox. It is a powerful, open-source platform for collaboration and file synchronisation that gives the user 100% control over their data. In our digital library’s architecture, Nextcloud serves as the logistics centre. Its task is to provide a simple and universal way to manage files—adding new magazines, deleting old issues, or organising books into folders.

Thanks to clients for desktop computers (Windows, macOS, Linux) and mobile apps (iOS, Android), Nextcloud enables seamless file synchronisation between all our devices and the server. We can simply drag a new PDF file into the appropriate folder on our laptop, and it will automatically appear on the server, ready to be read by Kavita. This separation of roles is key: Nextcloud excels at the difficult task of managing and synchronising files, allowing Kavita to focus solely on what it does best—reading.

The Elegant Reading Room: Kavita – A Server Built for Readers

Kavita is the crown jewel of our system—it is a specialised media server, designed from the ground up with readers in mind. While Nextcloud has its own simple reading application, Kavita offers a superior experience, comparable to the best commercial applications. Its main strengths are:

• Speed and Performance: The interface is incredibly responsive, and the built-in readers are optimised for smooth browsing of even very large PDF files or comic book archives (CBZ/CBR).
• Rich Metadata: Kavita automatically scans files, fetching covers, summaries, and other metadata, presenting our collection as a visually appealing library, not just a list of files.
• Specialised Readers: It offers dedicated, customisable readers for various formats, including a “webtoon” mode (vertical scrolling) for webcomics, and an advanced EPUB reader with options for personalising font, margins, and colour themes.
• Mobile Access via PWA: Kavita utilises Progressive Web App (PWA) technology. This means we can “install” its website on the home screen of our smartphone or tablet. It then launches like a native full-screen application, without the browser’s address bar, offering an excellent user experience without needing to download anything from an app store.

In our system, Kavita acts as an elegant front-end that retrieves data prepared and organised by Nextcloud, then presents it in a way optimised for content consumption. Such a modular division of responsibilities is the foundation of a robust and scalable architecture.

Section 2: Laying the Foundations: Data Structure and Permissions in TrueNAS

Before we install any applications, we must prepare a solid foundation for our data. In the world of TrueNAS, this means creating a dedicated structure in the ZFS file system and, most importantly, precisely configuring access permissions. This stage is absolutely crucial. Experience shows that almost all subsequent, hard-to-diagnose application problems, such as “storage not available” or “access denied” errors, stem from incorrectly configured permissions at this lowest level. Treating this section with due attention is the best investment of time, which will save hours of frustrating troubleshooting in the future.

Planning the Space: A Dedicated Dataset for Media

The first step is to allocate a logical space for our books and magazines. Instead of creating ordinary folders, in TrueNAS, we will use datasets. They allow for much more granular management, such as setting different snapshot rules or permissions for different types of data.

The process is simple:

1. In the TrueNAS SCALE web interface, navigate to the Datasets section.
2. Select the storage pool where the data will be stored (e.g., Pool1), click the three dots, and choose Add Dataset.
3. We create a main dataset for our project, for example, named nextcloud. Its path will be: /mnt/Pool1/nextcloud.
4. Next, by clicking the three dots next to the newly created nextcloud dataset, we create two nested datasets within it: books and magazines.

This gives us a clear and manageable structure: /mnt/Pool1/nextcloud/books and /mnt/Pool1/nextcloud/magazines.

The Key to the Kingdom: An In-depth Analysis of ACL Permissions

This is the most important stage of the configuration. Applications in TrueNAS SCALE run in isolated containers as a special system user named apps. For applications like Nextcloud or Kavita to be able to read and write data in our newly created datasets, we must explicitly grant the apps user the appropriate permissions. We do this using Access Control Lists (ACLs).

Introduction to ACLs and the apps user

TrueNAS SCALE defaults to using the NFSv4 ACL type, which is more granular and complex than the traditional POSIX permissions known from Linux systems. Every official application from the TrueNAS catalogue is designed to work with this ACL type and is run as the apps user, which has the unique identifier (UID) 568 and belongs to the apps group (GID 568). This means that for everything to work correctly, the owner of our datasets must be this very apps user.

Step-by-Step Configuration

Let’s proceed to edit the permissions for our main dataset /mnt/Pool1/nextcloud. These changes will be inherited by the nested datasets books and magazines.

1. In the Datasets section, find the nextcloud dataset, click the three dots, and select Edit Permissions.
2. In the opened ACL editor window, set the owner. In the Owner field, select the apps user from the list.
3. Next, in the Owner Group field, select the apps group.
4. Now we move to the Access Control List. We need to ensure that an entry for the apps user exists and that it has the correct permissions. Click Add Item and configure it as follows:
   • Who: User
   • User: apps
   • Permissions: Full Control
   • Flags: Inherit

Critical Settings That Cannot Be Skipped

Two settings in this window are absolutely crucial for avoiding future problems:

• Permissions: Modify vs. Full Control: At first glance, it might seem that Modify permissions (modify, read, write, delete) are sufficient. However, some applications, including Nextcloud, require Full Control permissions to function correctly. This gives the application the additional ability to manage permissions for the files it creates. Choosing Full Control is a safer and more reliable option that prevents a whole class of potential errors.
• Flags: Inherit: This is the most important option in the entire window. Setting this flag ensures that every new file and folder created within this dataset (e.g., by uploading a file through Nextcloud) will automatically inherit these same, correct permissions. Without this, a newly added magazine might be invisible to Kavita because it would not have the necessary read permissions.

Finally, before saving the changes, it is essential to tick the Apply permissions recursively box. This will apply the configured permissions not only to the dataset itself but also to all files and folders already within it. After completing these steps and saving the ACL, our data foundation is ready, solid, and correctly secured.

Section 3: Your Private File Cloud: Installing and Configuring Nextcloud

With our data space prepared and secured, we can proceed to install the first pillar of our system—the Nextcloud private cloud. It will serve as the gateway to our library, enabling easy file management from anywhere.

Application Installation

Installing Nextcloud in TrueNAS SCALE is a straightforward process. In the web interface, go to the Apps section, select the Available Applications tab, and search for nextcloud. Ensure that the selected application comes from the official TrueNAS Community catalogue. During installation, most options can be left at their default values, except for the administrator credentials, which you should configure.

Building a Bridge to Your Data: Container Isolation and Storage Mounting

A key concept in TrueNAS SCALE is container isolation. Each application, including Nextcloud, runs in its own, separate environment and, by default, has no access to the server’s main file system. For Nextcloud to “see” our previously prepared datasets, we need to build a bridge between them. This is done using the Additional Storage feature in the application settings.

1. In Apps -> Installed Applications, find Nextcloud and click Edit.
2. Scroll down to the Storage section and click Add next to Additional Storage.
3. Here, we configure the “bridge” by defining two paths:
   • Host Path: This is the actual, physical location of our data on the server. We will point to our main dataset here: /mnt/Pool1/nextcloud.
   • Mount Path in Pod: This is the virtual path under which the data from the Host Path will be visible inside the Nextcloud container. Enter a simple and memorable name, e.g., /my_data.

After saving these settings, TrueNAS will restart the Nextcloud application. From this point on, from the application’s perspective, a folder /my_data exists in its file system, which is a direct reflection of the contents of /mnt/Pool1/nextcloud on the server.

Unlocking Full Power: Editing config.php

By default, for security reasons, the official Nextcloud application on TrueNAS has the ability to add local folders from the server via the web interface disabled. We need to manually unlock this feature by editing the config.php configuration file. A common problem arises here: the minimalist application containers often do not include text editors like nano or vi. Instead of resorting to complex docker cp commands, we will use a much simpler and more elegant solution:

1. Create a temporary SMB share: In TrueNAS, under the Shares section, create a new SMB share. In the Path field, point to the exact path of the Nextcloud configuration folder: /mnt/Pool1/ix-applications/nextcloud/data/config. Give the share a unique name, e.g., nextcloud_config.
2. Mount the share on your computer: On your desktop computer (Windows, macOS, or Linux), connect to the newly created network share.
3. Edit the file: In the mounted folder, find the config.php file and open it in any graphical text editor.
4. Add the entry: Find the configuration array and, just before the closing parenthesis );, add a new line:'files_external_allow_create_new_local' => true,
5. Save and clean up: After saving the file, you can unmount the network share and delete the temporary nextcloud_config share from TrueNAS.

After this operation and a restart of the Nextcloud application, the option to add local storage will appear in its settings.

Finalising the Connection: Configuring “External Storage”

Now we need to inform the Nextcloud application itself that it should start using the folder made available to it.

1. Log in to the Nextcloud web interface as an administrator.
2. Go to Settings -> Administration -> External storage.
3. In the “Add storage” form, fill in the fields:
   • Folder name: A friendly name that will be visible in the file list, e.g., Main Data.
   • Add storage: Select Local from the list.
   • Configuration (Path): This is the most important field. Enter the exact same path that was defined as the Mount Path in Pod in the application settings in TrueNAS, which in our example is: /my_data.
   • Available for: Select the users or groups who should have access to this folder.

After saving, a new folder Main Data will appear in the Nextcloud file list, and its content will be a perfect reflection of what is in /mnt/Pool1/nextcloud.

Troubleshooting Nextcloud (Special Section)

Even with careful configuration, the interaction between the file system, the container, and the application can lead to problems. Here are the most common ones, along with solutions diagnosed during a real deployment:

• Problem 1: Error “Storage is temporarily not available” or “Service Unavailable” (HTTP 503).This error almost always indicates a permissions problem. The application is trying to access its files, but the operating system is not allowing it. The first step is to return to Section 2 of this guide and meticulously verify all ACL settings for the dataset. Ensure that the owner is apps and has Full Control permissions with the Inherit flag, and that the changes have been applied recursively.
• Problem 2: Unable to create folders despite correct ACLs; messages about existing folders that are not visible.This is a more complex issue that occurs when Nextcloud’s internal file index (stored in the database) becomes inconsistent with the actual content of the file system. This can be caused by a conflict between the desktop client synchronisation and the “External storage” mechanism. The client tries to upload files to the default Nextcloud location, while we expect them in the mounted folder. The application creates folders, but in a location invisible to us, leading to “folder already exists” errors.Solution: We need to force Nextcloud to perform a complete rescan of the files and rebuild its index. The command-line tool occ is used for this.
  1. Connect to the TrueNAS server console (e.g., via SSH).
  2. Enter the Nextcloud container using the command:docker exec -it <container_name> /bin/bash (replace <container_name> with the actual name, e.g., ix-nextcloud-nextcloud-1)
  3. Inside the container, run the scan for all users, executing the command as the web server user (www-data):sudo -u www-data php /var/www/html/occ files:scan –all
  4. After the scan is complete, exit the container (with the exit command) and restart the Nextcloud application in the TrueNAS interface.This process fixes inconsistencies in the application’s database, resolving issues with “invisible” folders and restoring full write functionality.

Section 4: Your Personal Reading Room: Installing and Configuring Kavita

Once our file management hub, Nextcloud, is fully operational, it is time to create an elegant space for reading. Installing and configuring Kavita is much simpler, provided we understand its specific requirements for data structure.

Application Installation

Just like with Nextcloud, we install Kavita from the official TrueNAS Community catalogue. In the Apps section, search for kavita and follow the installer’s instructions, configuring the administrator credentials.

Pointing to the Source

Kavita, like Nextcloud, runs in an isolated container and needs a “bridge” to our datasets. This process is analogous to what we did for Nextcloud, but we will perform it twice—once for books and once for magazines.

1. In the Kavita application settings in TrueNAS (Apps -> Installed Applications -> kavita -> Edit), go to the Storage section.
2. Using Additional Storage, add two entries:
   • First entry (Books):
     • Host Path: /mnt/Pool1/nextcloud/books
     • Mount Path in Pod: /books
   • Second entry (Magazines):
     • Host Path: /mnt/Pool1/nextcloud/magazines
     • Mount Path in Pod: /magazines
3. After saving the configuration, the Kavita application will be restarted. From now on, two folders will be visible inside its container: /books and /magazines, which point directly to our data.

Creating Libraries

After logging into the Kavita web interface, we need to inform it where our collections are located and what type they are.

1. Navigate to Server Settings -> Libraries.
2. Click Add Library.
3. Create the first library for books:
   • Name: Books
   • Type: Book (this is a universal type for EPUB and PDF files)
   • Folder: After clicking Browse, select the /books folder.
4. Next, by clicking Add Library again, create the second library for magazines:
   • Name: Magazines
   • Type: Book
   • Folder: Select the /magazines folder.

After saving, Kavita will begin scanning the specified folders for files.

The Secret to a Correct Scan: The “Empty Library” Problem Solved

At this point, many users encounter a problem: even though PDF or EPUB files are in the correct folders and permissions are correct, the library in Kavita remains empty. This is not a bug, but a feature resulting from the application’s design philosophy.

Media servers like Kavita, Plex, or Jellyfin are not simple file browsers. They are library management tools that impose their own metadata-based logic on the file structure. Kavita expects each separate item—each book, each magazine issue, each comic book volume—to be in its own dedicated subfolder. This allows it to correctly identify the “series” (the folder name) and its content (the file inside).

• Incorrect Structure (will not work):/magazines/ ├── magazine_A_01-2024.pdf └── magazine_A_02-2024.pdf
• Correct Structure (will work):/magazines/ ├── Magazine A (01-2024)/ │ └── magazine_A_01-2024.pdf └── Magazine A (02-2024)/ └── magazine_A_02-2024.pdf

After organising the files in this way and re-running the scan in Kavita (Force Scan), the library will correctly populate with content, presenting the cover of each issue as a separate item. Understanding this principle is key to a smooth experience not only with Kavita but with most self-hosted media software.

Section 5: Convenient Desktop Access: Network File Sharing

For our library to be easy to maintain, we need a simple way to add new files directly from our computer. The best method is to share our datasets over the local network. TrueNAS offers two popular protocols for this purpose: SMB (Samba) and NFS. The choice between them has significant implications for ease of configuration and trouble-free operation.

The Great Debate: SMB versus NFS on a Home Network

Although both protocols are used for file sharing, they do so in fundamentally different ways, which has a direct impact on the home user.

• NFS (Network File System): This is the native protocol for Linux/UNIX environments. In theory, it offers slightly lower overhead and potentially higher performance on networks consisting exclusively of Linux machines. However, its permissions model, based on user (UID) and group (GID) identifiers, is a source of endless problems in mixed environments. As real-world difficulties have shown, correctly mapping users between the TrueNAS server and a client computer (e.g., Ubuntu or macOS) can be complicated and lead to difficult-to-diagnose “access denied” or “permission denied” errors, even when the configuration appears correct.
• SMB (Server Message Block): This is the native protocol for Windows systems, but thanks to the Samba implementation, it is perfectly supported on all platforms, including macOS and Linux. Its biggest advantage is an authentication model based on a username and password. Instead of worrying about matching UIDs/GIDs, we simply create a dedicated user on the server (e.g., smb_user with a password) and grant it permissions to the folder. When connecting from any computer on the network, we provide these login credentials and gain access. This is a much simpler model to understand, implement, and manage in a typical home network.

Verdict: For our purpose—easily and reliably adding files to the library from various computers—SMB is a decidedly simpler, more flexible, and less error-prone choice.

Guide: Configuring an SMB Share in TrueNAS

Sharing our data via SMB is extremely simple:

1. In the TrueNAS interface, navigate to the Shares section.
2. Next to Windows (SMB) Shares, click Add.
3. In the Path field, select our main dataset, which is /mnt/Pool1/nextcloud.
4. In the Name field, enter a simple name under which the share will be visible on the network, e.g., nextcloud.
5. After saving the share, ensure that the SMB service is enabled in the Services section.

The final step is to grant permissions to this share for a specific user. Create a new, local user in TrueNAS (e.g., named smb_user) and add them to the ACL for the nextcloud dataset (following the instructions in Section 2), giving them Full Control permissions.

Guide: Automatically Mounting the Share in Ubuntu via /etc/fstab

To avoid having to manually connect to the network share every time you start your computer, we can configure Ubuntu to do it automatically. We will use the /etc/fstab file for this.

1. Install tools: First, ensure that the cifs-utils package is installed:sudo apt-get update && sudo apt-get install cifs-utils
2. Create a mount point: Create an empty folder where the contents of the network share will appear:sudo mkdir /media/our_library
3. Create a credentials file: Storing the password directly in /etc/fstab is insecure. A better solution is to create a separate, protected file:
   • Create the file: nano ~/.smbcredentials
   • In the file, enter the credentials in the format:username=smb_user password=user_password
   • Secure the file by setting the appropriate permissions: chmod 600 ~/.smbcredentials
4. Add an entry to /etc/fstab: Open the /etc/fstab file with administrator privileges (sudo nano /etc/fstab) and add a new line at the end, replacing the IP address, paths, and username with your own details://192.168.0.13/nextcloud /media/our_library cifs credentials=/home/username/.smbcredentials,uid=1000,gid=1000,iocharset=utf8,vers=3.0 0 0
   • //192.168.0.13/nextcloud: The network address and name of the SMB share.
   • /media/our_library: The local mount point.
   • credentials=...: The path to the credentials file.
   • uid=1000,gid=1000: Sets the local user and group as the owners of the mounted folder, ensuring full write permissions.
   • vers=3.0: Forces the use of a modern and secure version of the SMB protocol.

After saving the /etc/fstab file and restarting the computer, the library folder will be automatically available at /media/our_library, ready for easily adding new books and magazines.

Section 6: A Library in Your Pocket: Mobile and Remote Access

We have created a powerful system, but its true value is revealed when we can use it freely, wherever we are. In this section, we will configure access to our library from mobile devices and secure remote access from anywhere in the world, without exposing our home network to danger.

An App without the App Store: Kavita as a Progressive Web App (PWA)

One of Kavita’s strongest features is its modern web interface, which was designed as a Progressive Web App (PWA). PWA is a technology that allows a website to behave like a native mobile application. We can “install” it on the home screen of a smartphone or tablet, and when launched, it will open in full screen, without the browser’s address bar, offering a smooth and integrated experience.

Installing a PWA is extremely simple and does not require a visit to any app store:

• On iOS devices (iPhone/iPad):
  1. Open the Safari browser and navigate to the local address of our Kavita instance (e.g., http://192.168.0.13:5000).
  2. Tap the “Share” icon (a square with an arrow pointing up).
  3. From the list of options, select “Add to Home Screen”.
  4. Confirm the name and tap “Add”. A Kavita icon will appear on your home screen.
• On Android devices:
  1. Open the Chrome browser and go to the local Kavita address.
  2. Tap the three-dot menu in the top-right corner.
  3. From the menu, select “Install app” or “Add to Home screen”.
  4. The Kavita icon will be added to your app list and home screen.

Thanks to PWA, reading on the go becomes as convenient as using a dedicated application, while maintaining full privacy and control.

A Secure Gateway to the World: Nginx Proxy Manager and Cloudflare

To access our library from outside the home network, we could simply forward ports on our router. However, this is an insecure solution as it exposes our server directly to attacks from the internet and also reveals our home IP address. A much safer and more professional approach is to use a reverse proxy in conjunction with the Cloudflare service.

Goal: We want to access our library via a friendly address, e.g., kavita.mydomain.com, with SSL encryption, without opening multiple ports, and without revealing our IP address.

Step 1: Configuring Cloudflare

Cloudflare is a service that will act as an intermediary between the internet and our server. It offers a free plan that is perfectly sufficient for our needs.

1. Registration and adding a domain: Create a free account on Cloudflare and add your domain (if you don’t have one, you can register one cheaply). Cloudflare will instruct you on how to change the nameservers at your domain registrar.
2. Creating an API token: Our proxy server will need a way to automatically prove that it owns the domain to obtain an SSL certificate. This is crucial, especially with a dynamic IP address.
   • In the Cloudflare dashboard, go to My Profile -> API Tokens -> Create Token.
   • Use the Edit zone DNS template.
   • In the Zone Resources section, select the specific domain the token should apply to.
   • After creating the token, copy it and save it in a safe place. It will be needed only once.

Step 2: Installing and Configuring Nginx Proxy Manager (NPM)

NPM is an easy-to-manage reverse proxy with a graphical interface. It will run on our TrueNAS server and act as a “traffic controller”.

1. Freeing up ports 80 and 443: By default, the TrueNAS web interface may occupy the standard HTTP (80) and HTTPS (443) ports. Before installing NPM, you must change these ports in the TrueNAS settings (System Settings -> General) to something else, e.g., 81 and 444.
2. Installing NPM: Install the nginx-proxy-manager application from the TrueNAS Community catalogue. During installation, ensure that in the Network Configuration section, the HTTP Port and HTTPS Port are set to 80 and 443, respectively.
3. First login: Access the NPM admin panel at the server’s IP address and the web port (default 81 or as configured, e.g., http://192.168.0.13:81). The default login credentials are admin@example.com with the password changeme, which you must change immediately.
4. Creating an SSL certificate:
   • In the NPM panel, go to SSL Certificates -> Add SSL Certificate -> Let’s Encrypt.
   • In the Domain Names field, enter your domain as a wildcard, e.g., *.mydomain.com.
   • Enable the Use a DNS Challenge option.
   • As the DNS Provider, select Cloudflare.
   • In the Credentials File Content field, paste the API token copied from Cloudflare earlier.
   • After accepting the terms and saving, NPM will automatically obtain a valid SSL certificate for your domain and all its subdomains.
5. Configuring the proxy host for Kavita:
   • Go to Hosts -> Proxy Hosts -> Add Proxy Host.
   • In the Details tab:
     • Domain Names: kavita.mydomain.com
     • Scheme: http
     • Forward Hostname / IP: the local IP address of the TrueNAS server (e.g., 192.168.0.13)
     • Forward Port: the port on which Kavita is running (e.g., 5000)
     • Enable the Block Common Exploits and Websockets Support options.
   • In the SSL tab:
     • SSL Certificate: Select the previously created wildcard certificate from the list.
     • Enable the Force SSL and HTTP/2 Support options.

After saving, NPM will automatically direct all incoming traffic for https://kavita.mydomain.com to our local Kavita instance, encrypting all communication.

With this configuration, we achieve secure, professional remote access. Our home IP address remains hidden, and all communication is encrypted. Adding access to other services, such as Nextcloud, is as simple as creating another proxy host (e.g., cloud.mydomain.com)—without needing to open additional ports on the router.

Conclusion: Your Private Digital Sanctuary

Having navigated through the various stages of configuration, from fundamental file system settings to advanced network setup, we have created something much more than just a file server. We have built a fully functional, private digital ecosystem that gives us complete control over one of our most valuable assets—the knowledge and entertainment contained within our library.

This system is based on robust and proven technologies. The reliable ZFS foundation in TrueNAS SCALE protects the integrity of every bit of our data. The versatility of Nextcloud ensures seamless file management and synchronisation, providing a solid logistical backbone. Finally, the elegance and speed of Kavita transform raw files into a beautiful, interactive reading room. The entire setup, tied together with secure remote access via Nginx Proxy Manager and Cloudflare, creates an enterprise-class solution, available in the comfort of your own home.

The value of this project extends beyond pure technology. It is a practical application of the idea of digital sovereignty. The effort invested in the configuration results in a system that is entirely ours—private, free from commercial restrictions, subscriptions, and tracking. We decide who has access to our books, how they are presented, and on which devices we can read them.

Creating such a powerful and integrated system is only possible thanks to the efforts of thousands of developers and enthusiasts from around the world who create and develop open-source software. Projects like TrueNAS, Nextcloud, and Kavita are a testament to the power of collaboration and the shared goal of creating tools that empower the user. We hope this guide has not only served as a map to achieve your goal but has also inspired you to further explore the fascinating world of self-hosting and open-source software.

Andrzej Majewski

My fascination with technology began during my IT studies at the University of Zielona Góra. Since relocating to the UK in 2015 and settling permanently in Bournemouth, I’ve turned that passion into a career dedicated to high-performance infrastructure. I am a Linux enthusiast at heart, a commitment that extends from my professional work at SolutionsInc to my extensive personal homelab. Whether I’m managing complex server architectures via ISPConfig, building VoIP systems with Phones Rescue, or developing automation tools in Python, I thrive on the challenge of crafting efficient, open-source solutions. In 2015, I moved to the UK permanently to expand my professional horizons. Since then, I have established and grown three specialist brands: SolutionsInc (focused on ERPNext systems), SolutionsWeb (bespoke WordPress development and hosting), and Phones Rescue (professional FreePBX-based VoIP solutions).With over 20 years of hands-on technical experience, I pride myself on bridging the gap between complex engineering and practical business efficiency for my clients.