TrueNAS CE runs Linux and Docker Compose under the hood. It offers a GUI and deploying Foundry is relatively simple.
These instructions assume that you are at least somewhat-familar with TrueNAS and ZFS. Start there, make sure you have TrueNAS CE installed and at least one ZFS pool configured. Tested on CE 25.04 in May 2025.
In the UI under Datasets, create two datasets. For example apps/foundry-app and apps/foundry-data, under the pool name. Do not place it under ix-applications, that is a system-managed dataset.
Preset has to be Generic or Apps for foundry-app, to avoid permissions errors.
You can use SMB for foundry-data.
These can be under a common parent dataset. For example, I have apps as a case-sensitive, Generic, not shared dataset, then foundry-app under it the same, and foundry-data under it as SMB, case-insensitive.
Go to the official Foundry site, log in, and under Purchased Licenses download for Operating System Node.js - not Linux. This gives you a ZIP file.
On TrueNAS CE, enable the SSH service under System Settings -> Services. If you aren't using SSH keys, edit it and configure it to Allow password authentication.
Using either WinSCP or scp directly, copy the ZIP file to the admin user of TrueNAS CE. If using scp from PowerShell this is scp <FoundryVTT-version.zip> <admin-user>@<IP-of-TrueNAS>:.
Using either PuTTY or ssh directly, log into your TrueNAS server. If using ssh from PowerShell this is ssh <admin-user>@<IP-of-TrueNAS>. Once in, sudo unzip <FoundryVTT-version.zip> -d /mnt/<POOLNAME>/apps/foundry-app. This unzips the file you copied to the server into the dataset you created, as user root.
That was the hardest part, particularly if you were not familiar with scp/ssh yet.
In the TrueNAS UI, go to Apps, click on Discover Apps in the top right and then Custom App in the top right.
Any settings I do not mention stay at default, which is most of them.
Give it an Application Name, e.g. foundry
"Image Configuration" Repository is node
"Image Configuration" Tag is 22, or whatever node version is Active LTS
"Image Configuration Pull Policy is Always
"Container Configuration" Hostname is foundry. This makes sure the license stays active across restarts. Any hostname will do, here.
"Container Configuration" Entrypoint, hit the Add button 1 time, and enter:
node"Container Configuration" Command, hit the Add button 4 times, and enter:
/app/main.js--port=30000--headless--dataPath=/data"Container Configuration" Restart Policy is Unless Stopped
"Network Configuration" Ports, hit the Add button, and enter:
Container Port to 30000Node Port to 30000Portal Configuration, click "Add":
Name to FoundryProtocol for Portal leave at HTTP Protocol for nowUse Node IPPort to 30000Path to /"Storage Configuration", under Storage hit Add button twice, and enter:
Type 1st entry, set to Host PathMount Path 1st entry, set to /dataHost Path 1st entry, navigate to /mnt/<POOLNAME>/apps/foundry-dataType 2nd entry, set to Host PathMount Path 2nd entry, set to /appHost Path 2nd entry, navigate to /mnt/<POOLNAME>/apps/foundry-appAnd that's it, deploy your app!
If everything worked, the app should eventually show Running, and you can see its logs under Workloads. If there are issues, the logs will show you what they are.
You can now connect to Foundry at http://<IP-of-TrueNAS>:30000 and give it a license.
The instructions below assume that the only app you want to access via 443 is this single Foundry instance. If you have multiple apps, you'd need to place a reverse proxy like Nginx between. That is described in the TrueNAS forums
You can of course at this point forward 30000 at your router and have your users connect to that. But how cool would it be if they could use a domain name, and TLS worked for video/voice chat?
A record with your external (public) IP. Make this Proxied, which is the default.cd /mnt/<POOLNAME>/apps/foundry-data/Config, and first nano cloudflare.pem, paste the PEM contents and Ctrl-X to save, then nano cloudflare.key, paste the key contents and Ctrl-X to save.Certificate to cloudflare.pem and the Key to cloudflare.keyProtocol for Portal to HTTPS Protocol. Update to save changes.https://<IP-of-TrueNAS>:30000443 to go to <IP-of-TrueNAS> and port 30000.Use the DDNS-Updater community app to set up dynamic DNS.
A new major version of FoundryVTT may require a manual upgrade, instead of using the built-in updater. This was the case for Foundry 13.
foundry-data volume. If not, make one now. This will allow you to roll back if there are issues with the upgradeGeneric or Apps. Give it a name, e.g. foundry-13/app Host Path entry to the new dataset you createdThis will start the new version, and you can then proceed to upgrade modules, migrate Worlds, and so on.
Once you are happy with the upgrade, the old Foundry app (but not Foundry data!) dataset can be deleted.