[Docker] Tailscale

[EDACerton]

Tailscale - Docker Container

 

This provides the official tailscale/tailscale Docker container. This container is only intended for advanced networking configurations (br0 networks, creating a separate Tailscale node for sharing Docker containers, etc.), so it is expected that you know what you are doing.

 

Support will not be provided for using this container to access Unraid resources (WebGUI, shares, etc.). To access Unraid resources, install the Tailscale plugin instead:

 

 

 

Description

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex network configuration on your behalf so that you don't have to. Network connections between devices pierce through firewalls and routers as if they weren't there, allowing for direct connections without the need to manually configure port forwarding.

 

Configuration

This container can be configured as either an ephemeral or persistent Tailscale node.    

 

To create a persistent node:   

1. (Optional) Generate an authentication key in the Tailscale admin console.   
2. Set Hostname, State Storage, and (if applicable) Authentication Key in the container configuration.   
3. If you did not set an authentication key, open the container logs to obtain the login URL to join the node to your tailnet. Caution: If you use this method, you must complete the login within 60 seconds of the container starting. Otherwise, the container will stop, and you will need to start it again (with a new 60 second timer).

 

To create an ephemeral node:   

1. Generate an ephemeral authentication key in the Tailscale admin console.   
2. Set Hostname and Authentication Key in the container configuration. Leave State Storage blank.

Edited June 11 by EDACerton

[isvein]

Im trying to understand how this works.
Im right if I think this works kinda like an reverse proxy?
You put the tailscale node on its own network with its own IP, then connect containers to same network with their own IPs and then though this tailscale node you can share access to only the containers on the same network to other people?

[vigs]

23 hours ago, isvein said:

Im trying to understand how this works.
Im right if I think this works kinda like an reverse proxy?
You put the tailscale node on its own network with its own IP, then connect containers to same network with their own IPs and then though this tailscale node you can share access to only the containers on the same network to other people?

I had the same question and found some guidance here:

 

[isvein]

1 hour ago, vigs said:

I had the same question and found some guidance here:

 

For this kind of use, I have followed the latest Spaceinvader One videos using swag and it works
But I wanted to put an minecraft server on tailscale too and be able to share this by itself and thats how I started looking into this container.

But now I found out that if I add "--net=container:Tailscale-Docker" to the extra-parameters of the minecraft server and set network to "none", the minecraft container will use the network of this container and the address will be "ip-of-tailscail-docker:port-you-set-the-minecraft-server-to"

The docker you connect this way will only be accessible over tailscale, even on an PC on same LAN since that container does not have its own IP on an bridged network

And it worked

[matuopm]

I recently found the video of spaceinvaderone and wanted to kinda copy his tailscale setup. (plugin tailscale) It works but I don't have SSL when I use it like he does it. So I searched and found another tutorial which seems to do exactly what I want:
 

 

I created a custom network for tailscale-dockers. Then I setup the tailscale docker container assigned it to the custom docker network and then I setup the nginx reverse proxy container that uses the network of the tailscale docker container.

I setup my domain from strato. the a record pointing to the IP of the tailscale docker container. I can login at nginx like that.
o I figure that my setup is probably correct up to this point.

Now I wanted to access my vaultwarden container.

I setup a subdomain to my domain and pointed it to the ip of the tailscale docker too. I changed the existing conatiner to the custom docker network that I used for the tailscaler container. I setup a proxy host in nginx for my subdomain and pointed the it to the internal docker ip of the vaultwarden container. but somehow it does not work ...

I logged into the nginx container and from there iam able to ping the vaultwarden container so it should work like that, or do I miss something:

[matuopm]

I solved it. I used a different NGINX container which has the ports mapped like this: 

80:80
443:443

The other container I used before did not do that and had an internal port of:
8080
4443
Thats why the Tailscale IP did not get forwarded from NGINX

But it works now.

[darkkingwill]

hello im using your docker and im trying to add the docker as an exit node but every time i do when i shut the docker down and then spin it back up its giving me an auth failure. 

i have the  persistent node info filled out

[EDACerton]

Just now, darkkingwill said:

hello im using your docker and im trying to add the docker as an exit node but every time i do when i shut the docker down and then spin it back up its giving me an auth failure. 

i have the  persistent node info filled out

That would sound like you're losing your state storage... did you keep that configured? Auth keys are one-time-use unless created as reusable.

[darkkingwill]

i see the TS_EXTRA_ARGS. Is that were i put things like accepting routes and exit node?

i have been using the console

 

[darkkingwill]

i dont mess with the state storage. i just use tailscale set --advertise-routes=10.0.0.254/32 in the console and when i restart the container i get the failed to auth