Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Message added by EDACerton,

When requesting support, please include a Tailscale diag package with your request:

 

https://edac.dev/unraid/plugin-diagnostics/usage/

[Plugin] Tailscale

Featured Replies

Any idea/info on why this no longer works to disable advertising routes?

 

tailscale up --advertise-routes

 

The following also doesn't work

 

tailscale set --advertise-routes

 

As per the built-in help, not specifying a route should clear any existing

 

Quote

--advertise-routes string
        routes to advertise to other nodes (comma-separated, e.g. "10.0.0.0/8,192.168.0.0/24") or empty string to not advertise routes

 

 

I'm seeing some really weird behavior after the last few Unraid updates. In my AdGuard Home logs, I can see that the Unraid machine I'm running to host my pfSense VM is sending out DNS queries to AGH (on its Unraid-only IP) that I know are coming from other devices, like iPhones, Mac, my Thermostat, etc.

 

So trying to disable a number of things one at a time to get a grip on what's happening.

 

 

Edited by Espressomatic

  • Replies 1.7k
  • Views 376.5k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • EDACerton
    EDACerton

    This topic is not for support of the Tailscale docker integration. Please make a post in the appropriate OS support forum for issues related to the docker integration. Common Issues I

  • 2024.08.28   This update contains an important alert for Unraid Connect users. We recently determined that the Flash Backup feature of Unraid Connect would back up the Tailscale state file.

  • EDACerton
    EDACerton

    2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

Posted Images

  • Author
2 minutes ago, Espressomatic said:

Any idea/info on why this no longer works to disable advertising routes?

 

tailscale up --advertise-routes

 

The following also doesn't work to disable exit node

 

tailscale set --advertise-routes

 

As per the built-in help, not specifying a route should clear any existing

 

 

 

I'm seeing some really weird behavior after the last few Unraid updates. In my AdGuard Home logs, I can see that the machine I'm running to host my pfSense is sending out DNS queries to AGH that I know are coming from other devices, like iPhones, Mac, my Thermostat, etc.

 

So trying to disable a number of things one at a time to get a grip on what's happening.

 

 

I believe you need to use

 

tailscale set —advertise-routes “”

Unfortunately that doesn't work - "too many non-flag arguments:"

 

Ok, seemed to work after I hand-wrote the string. Cutting and pasting from the forum (excluding fancy quotes)  was generating an error, maybe the dashes were coming up as some other unicode character.

 

 

Edited by Espressomatic

1 hour ago, Espressomatic said:

I'm seeing some really weird behavior after the last few Unraid updates. In my AdGuard Home logs, I can see that the Unraid machine I'm running to host my pfSense VM is sending out DNS queries to AGH (on its Unraid-only IP) that I know are coming from other devices, like iPhones, Mac, my Thermostat, etc.

 

Turning off Tailscale (everywhere) seems to have resolved the above. Still testing/investigating.

 

 

  • Author
2 hours ago, Espressomatic said:

Unfortunately that doesn't work - "too many non-flag arguments:"

 

Ok, seemed to work after I hand-wrote the string. Cutting and pasting from the forum (excluding fancy quotes)  was generating an error, maybe the dashes were coming up as some other unicode character.

 

 

Sorry, was on my phone and couldn't get to the code block easily.

  • Author
1 hour ago, Espressomatic said:

 

Turning off Tailscale (everywhere) seems to have resolved the above. Still testing/investigating.

 

 

If that Unraid box is also running as a subnet router, I think this is expected... subnet routers SNAT traffic by default.

 

That behavior can be disabled via CLI, but if you do so you'd need to add static routes on your gateway to route return traffic correctly.

That box was advertising routes (Tailscale setting), but not set to use advertised routes - and no other machines were set to use advertised routes.

 

I just noticed that all 4 of my Unraid systems have "Enable IP forwarding" turned ON in TS settings. Is this the settings that would have turned the system advertising routes into a full-fledged subnet router?

 

Does the plugin use /etc/sysctl.d/99-tailscale.conf ? As that file has IP fwd set to 1 for both ipv4 and ipv6, even after turning it off in the UI.

 

I also found the option to turn off SNAT, preserving the IP when using a node in this way.  Going to try turning off IP fwd.

 

None of these settings were recently made/changed, but the behavior I initially described only started happening somewhat recently - which is what's thrown me for a loop.

 

 

Edited by Espressomatic

Indeed turning off IP FWD has remedied the issue, so thanks for the heads up on the subnet router feature.

 

 

Just nearly bricked my Unaraid os now with the tailscale plugin installed and currentyl in use.

I switched to advanced mode and disabled tailscale, while tailscale was still used in some docker containers.
Had to unplug my usb drive go to config/plugins/tailscale and adjust the config file so that it sets tailscale to enabled again.

For anyone having issues to connect to your docker containers via tailscale dns name...

 

What worked for me (and I know it sounds stupid...) was to enable "userspace networking" in the container, saving and thus restarting the container, and then disabling it again. And suddenly I can access this container via tailscale domain with https and everything. 

  • Author
7 hours ago, Alex.b said:

Hello,

I'm looking at the Tailscale documentation for Unraid but I'm stuck at one point :

 

When I click on the Viewing button I get this information:

 

image.png.c4586b2b482476047b4084018a95c8aa.png

 

I have a very basic Unraid configuration, no specific firewall like Pfsense or anything else. Just my server connected to my internet box.

Any ideas?

 

 

Update : maybe I've understood, is it because I haven't enabled HTTPS Certificates in the Tailscale web interface?

Enabled, nothing changes.

Do you have Tailscale installed and connected on the device you are using to manage the server?

  • Author
15 hours ago, DonPavlov said:

Just nearly bricked my Unaraid os now with the tailscale plugin installed and currentyl in use.

I switched to advanced mode and disabled tailscale, while tailscale was still used in some docker containers.
Had to unplug my usb drive go to config/plugins/tailscale and adjust the config file so that it sets tailscale to enabled again.

There is no connection between the Tailscale plugin and the option in the docker container settings.

On 1/13/2025 at 1:49 PM, nabbl said:

For anyone having issues to connect to your docker containers via tailscale dns name...

 

What worked for me (and I know it sounds stupid...) was to enable "userspace networking" in the container, saving and thus restarting the container, and then disabling it again. And suddenly I can access this container via tailscale domain with https and everything. 

Thanks, came here as I had the same problem and this resolved it.

 

EDIT: But now the docker can't connect to any indexers!

Edited by Hitcher

When pointing tailscale directly to a container is there benefit to enabling SSL certs?  I mean technically isn't it more private to not have a cert?  Are both encrypted end to end?

So trying to setup specific dockers on tailnet.  For some reason they won't load unless I manually type the port in.  I feel like I must be missing something simple. Anyone have an idea?

  • Author
7 hours ago, Gragorg said:

When pointing tailscale directly to a container is there benefit to enabling SSL certs?  I mean technically isn't it more private to not have a cert?  Are both encrypted end to end?

 

4 hours ago, Gragorg said:

So trying to setup specific dockers on tailnet.  For some reason they won't load unless I manually type the port in.  I feel like I must be missing something simple. Anyone have an idea?

This sounds like you're trying to use the docker integration. This is not an issue with the Tailscale plugin, please make a post in the Tailscale forum if you have issues with the integration.

 

However, I recommend using other methods to attach containers to Tailscale that do not involve the code injection that the Docker integration employs:

 

TSDProxy (which even works on Unraid 6): https://forums.unraid.net/topic/184654-container-tsdproxy/
Sidecar Containers: https://selfhosters.net/remote/tailscale/docker/#running-tailscale-as-a-sidecar-container

Edited by EDACerton

Quote

TSDProxy (which even works on Unraid 6): https://forums.unraid.net/topic/184654-container-tsdproxy/

The TSDProxy and Label manager is really slick.  For some reason full tailscale domain works fine but the tailscale ip4 address does not.  When I use the ip4 address i get

Secure Connection Failed

An error occurred during a connection to 100.112.92.14. Peer reports it experienced an internal error.

Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

 

HTTPS is enabled

Edited by Gragorg

  • Author
18 minutes ago, Gragorg said:

The TSDProxy and Label manager is really slick.  For some reason full tailscale domain works fine but the tailscale ip4 address does not.  When I use the ip4 address i get

Secure Connection Failed

An error occurred during a connection to 100.112.92.14. Peer reports it experienced an internal error.

Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

 

HTTPS is enabled

That's a limitation of `tailscale serve`, which is the functionality that TSDProxy uses internally. I know that the developer for TSDProxy is planning to include a workaround/solution for that in an upcoming release.

Ok thanks.  It would be nice if the windows version of tailscale would let you set the full domain as the default under Network device -- My Devices.  In the meantime I will watch for the update.

neverrrrrrrr mind.  I had to toggle advance view hahaha. 

 

Hi, i have two servers, and was looking to see how to enable the accept routes flag. 

Accept Routes No

 

Use Tailscale Subnets

When enabled, Unraid will accept routes advertised from subnet routers in the tailnet. When disabled, Unraid will not accept routes from subnet routers.

 

But i didn't see this as any options in the settings menu.  

Thanks!

Edited by grambo1980

Goodday,

 

I recently had an issue that apps could not load, and that docker could not update. I found this was a DNS issue, and now I found out that it looks like it is caused by the Tailscale plugin. The server was running fine now, and I installed Tailscale yesterday again, and now the server was again not able to connect to Github. 
I uninstalled the Tailscale plugin and immediately Unraid was able to connect again to Github.
What could be the reason that Tailscale causes Unraid not to DNS anymore?

14 hours ago, TallMan206 said:

Goodday,

 

I recently had an issue that apps could not load, and that docker could not update. I found this was a DNS issue, and now I found out that it looks like it is caused by the Tailscale plugin. The server was running fine now, and I installed Tailscale yesterday again, and now the server was again not able to connect to Github. 
I uninstalled the Tailscale plugin and immediately Unraid was able to connect again to Github.
What could be the reason that Tailscale causes Unraid not to DNS anymore?

 

It's the same problem on my end; I noticed it after my NPM wasn't renewing certificates... once TS was disabled, it was working again.

  • Author
3 minutes ago, sdballer said:

 

It's the same problem on my end; I noticed it after my NPM wasn't renewing certificates... once TS was disabled, it was working again.

Turn off “Use Tailscale DNS” in the advanced settings of the plugin. 

anyone have an issue when trying to set the Tailscale Server Port or Tailscale Serve Protocol Port and get this error? 

 

tailscale serve flag provided but not defined: -https446

 

Here is my container run command:

docker run
  -d
  --name='nextcloud'
  --entrypoint='/opt/unraid/tailscale'
  --net='towernet'
  --pids-limit 2048
  -e TZ="America/Chicago"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Tower"
  -e HOST_CONTAINERNAME="nextcloud"
  -e 'PUID'='99'
  -e 'PGID'='100'
  -e 'UMASK'='022'
  -e TAILSCALE_HOSTNAME='nextcloud'
  -e TAILSCALE_ALLOW_LAN_ACCESS='false'
  -e TAILSCALE_USE_SSH='false'
  -e TAILSCALE_USERSPACE_NETWORKING='false'
  -e TAILSCALE_SERVE_PORT='445'
  -e TAILSCALE_SERVE_PROTOCOL_PORT='446'
  -e TAILSCALE_TROUBLESHOOTING='true'
  -e ORG_ENTRYPOINT="/init"
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='https://[IP]:[PORT:443]'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/nextcloud-logo.png'
  -l net.unraid.docker.tailscale.webui='https://[hostname][magicdns]'
  -l net.unraid.docker.tailscale.hostname='nextcloud'
  -p '2443:443/tcp'
  -v '/mnt/user/drive/nextcloud/':'/data':'rw'
  -v '/mnt/user/appdata/nextcloud':'/config':'rw'
  -v '/usr/local/share/docker/tailscale_container_hook':'/opt/unraid/tailscale'
  --cap-add=NET_ADMIN
  --device='/dev/net/tun' 'lscr.io/linuxserver/nextcloud'

d363dd41140770029d59bbf8cd45097c5e8ece375674e5052e1334912ae81990

 

I'm trying to use this with my nextcloud container but it also uses port 443:

nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address in use)

 

  • Author
12 minutes ago, paulynomial said:

anyone have an issue when trying to set the Tailscale Server Port or Tailscale Serve Protocol Port and get this error? 

 

tailscale serve flag provided but not defined: -https446

 

Here is my container run command:

docker run
  -d
  --name='nextcloud'
  --entrypoint='/opt/unraid/tailscale'
  --net='towernet'
  --pids-limit 2048
  -e TZ="America/Chicago"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Tower"
  -e HOST_CONTAINERNAME="nextcloud"
  -e 'PUID'='99'
  -e 'PGID'='100'
  -e 'UMASK'='022'
  -e TAILSCALE_HOSTNAME='nextcloud'
  -e TAILSCALE_ALLOW_LAN_ACCESS='false'
  -e TAILSCALE_USE_SSH='false'
  -e TAILSCALE_USERSPACE_NETWORKING='false'
  -e TAILSCALE_SERVE_PORT='445'
  -e TAILSCALE_SERVE_PROTOCOL_PORT='446'
  -e TAILSCALE_TROUBLESHOOTING='true'
  -e ORG_ENTRYPOINT="/init"
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='https://[IP]:[PORT:443]'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/nextcloud-logo.png'
  -l net.unraid.docker.tailscale.webui='https://[hostname][magicdns]'
  -l net.unraid.docker.tailscale.hostname='nextcloud'
  -p '2443:443/tcp'
  -v '/mnt/user/drive/nextcloud/':'/data':'rw'
  -v '/mnt/user/appdata/nextcloud':'/config':'rw'
  -v '/usr/local/share/docker/tailscale_container_hook':'/opt/unraid/tailscale'
  --cap-add=NET_ADMIN
  --device='/dev/net/tun' 'lscr.io/linuxserver/nextcloud'

d363dd41140770029d59bbf8cd45097c5e8ece375674e5052e1334912ae81990

 

I'm trying to use this with my nextcloud container but it also uses port 443:

nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
nginx: [emerg] bind() to [::]:443 failed (98: Address in use)

 

This sounds like you're trying to use the docker integration. This is not an issue with the Tailscale plugin, please make a post in the Tailscale forum if you have issues with the integration.
 

As another consideration, that’s a LSIO container. LSIO has its own Tailscale mod that will likely work better with the container:


https://selfhosters.net/remote/tailscale/docker/#using-the-tailscale-docker-mod-for-linuxserverio-containers

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.