dsmith44

That's spot on. Security will be down to the ACLs you have setup in tailscale, which I think by default is any<>any, but doesn't have to be. This is a bit of a rabbit hole though, and not something we can really provide support on here. Tailscale ACL documentation

The domain must be the one you setup in the tailscale admin portal, under DNS->Tailnet name. Nothing else will work.

If you don't use Tailscale ssh then you will connect to the host and not the container, as the container is running in host networking mode. This is how I run it, so I can just ssh to my unraid server using the tailscale ip address.

Hi @ubermetroid & @Cyborg What are you trying to do here? If you open a console to the docker container, and have enabled HTTPS certs and magic DNS in you tailnet it will issue a cert. /app # ./tailscale cert unraid.not-mine.ts.net Wrote public cert to unraid.not-mine.ts.net.crt Wrote private key to unraid.not-mine.ts.net.key /app # What you are to do with this though I don't know, as it will just have unraid.not-mine.ts.net as a hostname. If you tried to use this for unraid itself you will get errors if you ever connect to it without using the full tailscale address. So while this works it's totally unsupported as has no sensible use case I can see.

I have pushed 1.34.0==1.34 but have not changed latest tag and won't for a while due to usual .0,.1,.2 in quick sucession.

The purpose of this container is to allow access to unraid itself over tailscale and as such uses host based networking. If you did manage to get this working you would be somewhat on your own.

latest = 1.32.3 = 1.32 Largely a security fix for Windows versions

latest = 1.32.2 = 1.32

If you can connect with 100.x.x.x:port then tailscale is working, so not sure this is the right place to ask I'm afraid.

That's not quite true. The tailscale daemon runs in the container, but as the container is set to use host networking it's using the unraid network stack. @RyanRoberts210 try using the tailscale ip addresses directly instead of discovery, that should work to my mind.

1.30 = 1.30.2 = latest new version pushed

What do you mean by 'I can't access anytbing'? Can you ping the IP address of the unraid box over tailscale ( the 100.x.x.x adress ) ?

On that subject get a cheap USB serial adapter and connect it to something else I have mine connected to a pinhole, then I always have a serial console.

I don’t think there is a Slackware build provided by tailscale. So if you want - get golang installed, compile from source (https://github.com/tailscale/tailscale) and setup, that will probably work. How you get it to start at boot, not stop with array etc I don’t know. Would probably warrant a plug-in being written or put in a feature request Dean

Maybe - You are on your own however I think that if you are running tailscale in host mode, the default, then any other containers running in host mode should be able to connect to tailscale ip addresses. However I have never tested this, won't be testing it, and certainly won't be support it as a use case. Sorry.

I'm sorry, this isn't really a tailscale docker issue. I would suggest talking to nextcloud maintainers and/or wider unraid community. This is behaving exactly as planned. However a few comments. Unraid isn't using the tailscale cert, so it exists in the docker container data in /mnt/user/appdata tailscale somewhere, but unraid won't be picking that up. You may not want it to anyway as then _only_ the unraid.<server-alias>.ts.net will ever be valid. If you do, I'd look into putting something inti /boot/config/go to put the certs in the right place, but you'd have to ask elsewhere for where that is.

Are the routes enabled in the tailscale admin console? If not they won't work. https://tailscale.com/kb/1019/subnets/ If they are I'd check the networking mode of the docker container. From your description I think you will need to ensure it's running in host mode, ie. using the network stack of the main unraid server. To be honest this is unsupported config for this container. If you read back in the history, and is really just there via the additional flags for people that need it, understand it and can troubleshoot. I'm just not setup to do network troublshooting. My advice for exit nodes it not to run them in docker, put tailscale on a firewall/raspberry pi/anything else. Inside docker, in unraid, is always going to be complicated to diagnose without intimate knowledge of how docker networking interacts with underlying unraid config, linux kernel and tailscale.

latest = 1.28.0 = 1.28

As I have said before.... Please note I normally skip 1.xx.0 releases as there are often bug fix releases shortly afterwards. In any event I will wait at least two weeks after a 1.xx.0 release before updating latest, or normally even pushing a build. I have now added this to the front page of this support article. However I have now pushed dev-1.28.0, but this is untested, so use at your own risk.

1.26.1 == 1.26 == latest - New version pushed.

There quite open about how it all works, and from my understanding their piece just facilitates the setup of connections, they never see the keys. https://tailscale.com/blog/how-tailscale-works/

I have uploaded version 1.26.0 but have not updated latest tag, I'll wait a week or so. https://hub.docker.com/layers/unraid-tailscale/deasmi/unraid-tailscale/1.26/images/sha256-d5e42c4cefaefbf2cd0fd714960ad992532b1c80793ca469c0911fbc7750fc43?context=explore

I am not entirely clear this is anything to do with tailscale, as the address of the server over tailscale is going to start 100.x.x.x not 10. or 192. If you are running a container in bridge mode and it listens on port 8080 for example then you should be able to connect to http://100.x.x.x:8080 from any tailscale connected device.

Thank you for spotting. With the XML changes needed for the new version I'd uploaded an invalid file. I'm hoping now fixed and will re-appear.

A quick update for people on two open issues. Firstly the TSL certificate issues, this all seems happily fixed now. I'm also happy to report that the download feature can now be used as well. I will be pushing these features as latest tag as well as 1.24.2-downloads, as there is already a 1.24.2. Latest now has this supported pease use that ongoing. Please see instructions at the top of this thread. @martial @hvddrift @plantsandbinary @Rocka374 @wolfNZ I think you were all looking for a soltion to the certificate issue, hope this helps. @FoxyNC Your downloads can now work ! I'd also like to thank https://github.com/hugochinchilla for beta testing the downloads