EDACerton Posted June 10 Share Posted June 10 (edited) Tailscale - Docker Container This provides the official tailscale/tailscale Docker container. This container is only intended for advanced networking configurations (br0 networks, creating a separate Tailscale node for sharing Docker containers, etc.), so it is expected that you know what you are doing. Support will not be provided for using this container to access Unraid resources (WebGUI, shares, etc.). To access Unraid resources, install the Tailscale plugin instead: Description Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex network configuration on your behalf so that you don't have to. Network connections between devices pierce through firewalls and routers as if they weren't there, allowing for direct connections without the need to manually configure port forwarding. Configuration This container can be configured as either an ephemeral or persistent Tailscale node. To create a persistent node: (Optional) Generate an authentication key in the Tailscale admin console. Set Hostname, State Storage, and (if applicable) Authentication Key in the container configuration. If you did not set an authentication key, open the container logs to obtain the login URL to join the node to your tailnet. Caution: If you use this method, you must complete the login within 60 seconds of the container starting. Otherwise, the container will stop, and you will need to start it again (with a new 60 second timer). To create an ephemeral node: Generate an ephemeral authentication key in the Tailscale admin console. Set Hostname and Authentication Key in the container configuration. Leave State Storage blank. Edited June 11 by EDACerton 1 Quote Link to comment
isvein Posted August 12 Share Posted August 12 Im trying to understand how this works. Im right if I think this works kinda like an reverse proxy? You put the tailscale node on its own network with its own IP, then connect containers to same network with their own IPs and then though this tailscale node you can share access to only the containers on the same network to other people? Quote Link to comment
vigs Posted August 13 Share Posted August 13 23 hours ago, isvein said: Im trying to understand how this works. Im right if I think this works kinda like an reverse proxy? You put the tailscale node on its own network with its own IP, then connect containers to same network with their own IPs and then though this tailscale node you can share access to only the containers on the same network to other people? I had the same question and found some guidance here: Quote Link to comment
isvein Posted August 13 Share Posted August 13 1 hour ago, vigs said: I had the same question and found some guidance here: For this kind of use, I have followed the latest Spaceinvader One videos using swag and it works But I wanted to put an minecraft server on tailscale too and be able to share this by itself and thats how I started looking into this container. But now I found out that if I add "--net=container:Tailscale-Docker" to the extra-parameters of the minecraft server and set network to "none", the minecraft container will use the network of this container and the address will be "ip-of-tailscail-docker:port-you-set-the-minecraft-server-to" The docker you connect this way will only be accessible over tailscale, even on an PC on same LAN since that container does not have its own IP on an bridged network And it worked Quote Link to comment
matuopm Posted September 6 Share Posted September 6 I recently found the video of spaceinvaderone and wanted to kinda copy his tailscale setup. (plugin tailscale) It works but I don't have SSL when I use it like he does it. So I searched and found another tutorial which seems to do exactly what I want: I created a custom network for tailscale-dockers. Then I setup the tailscale docker container assigned it to the custom docker network and then I setup the nginx reverse proxy container that uses the network of the tailscale docker container. I setup my domain from strato. the a record pointing to the IP of the tailscale docker container. I can login at nginx like that. o I figure that my setup is probably correct up to this point. Now I wanted to access my vaultwarden container. I setup a subdomain to my domain and pointed it to the ip of the tailscale docker too. I changed the existing conatiner to the custom docker network that I used for the tailscaler container. I setup a proxy host in nginx for my subdomain and pointed the it to the internal docker ip of the vaultwarden container. but somehow it does not work ... I logged into the nginx container and from there iam able to ping the vaultwarden container so it should work like that, or do I miss something: 1 Quote Link to comment
matuopm Posted September 6 Share Posted September 6 I solved it. I used a different NGINX container which has the ports mapped like this: 80:80 443:443 The other container I used before did not do that and had an internal port of: 8080 4443 Thats why the Tailscale IP did not get forwarded from NGINX But it works now. Quote Link to comment
darkkingwill Posted Friday at 11:51 PM Share Posted Friday at 11:51 PM hello im using your docker and im trying to add the docker as an exit node but every time i do when i shut the docker down and then spin it back up its giving me an auth failure. i have the persistent node info filled out Quote Link to comment
EDACerton Posted Friday at 11:54 PM Author Share Posted Friday at 11:54 PM Just now, darkkingwill said: hello im using your docker and im trying to add the docker as an exit node but every time i do when i shut the docker down and then spin it back up its giving me an auth failure. i have the persistent node info filled out That would sound like you're losing your state storage... did you keep that configured? Auth keys are one-time-use unless created as reusable. Quote Link to comment
darkkingwill Posted Saturday at 12:04 AM Share Posted Saturday at 12:04 AM i see the TS_EXTRA_ARGS. Is that were i put things like accepting routes and exit node? i have been using the console Quote Link to comment
darkkingwill Posted Saturday at 12:20 AM Share Posted Saturday at 12:20 AM i dont mess with the state storage. i just use tailscale set --advertise-routes=10.0.0.254/32 in the console and when i restart the container i get the failed to auth Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.