June 10, 20242 yr Tailscale - Docker Container This provides the official tailscale/tailscale Docker container. This container is only intended for advanced networking configurations (br0 networks, creating a separate Tailscale node for sharing Docker containers, etc.), so it is expected that you know what you are doing. Support will not be provided for using this container to access Unraid resources (WebGUI, shares, etc.). To access Unraid resources, install the Tailscale plugin instead: Description Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex network configuration on your behalf so that you don't have to. Network connections between devices pierce through firewalls and routers as if they weren't there, allowing for direct connections without the need to manually configure port forwarding. Configuration This container can be configured as either an ephemeral or persistent Tailscale node. To create a persistent node: (Optional) Generate an authentication key in the Tailscale admin console. Set Hostname, State Storage, and (if applicable) Authentication Key in the container configuration. If you did not set an authentication key, open the container logs to obtain the login URL to join the node to your tailnet. Caution: If you use this method, you must complete the login within 60 seconds of the container starting. Otherwise, the container will stop, and you will need to start it again (with a new 60 second timer). To create an ephemeral node: Generate an ephemeral authentication key in the Tailscale admin console. Set Hostname and Authentication Key in the container configuration. Leave State Storage blank. Edited June 11, 20242 yr by EDACerton
August 12, 20241 yr Im trying to understand how this works. Im right if I think this works kinda like an reverse proxy? You put the tailscale node on its own network with its own IP, then connect containers to same network with their own IPs and then though this tailscale node you can share access to only the containers on the same network to other people?
August 13, 20241 yr 23 hours ago, isvein said: Im trying to understand how this works. Im right if I think this works kinda like an reverse proxy? You put the tailscale node on its own network with its own IP, then connect containers to same network with their own IPs and then though this tailscale node you can share access to only the containers on the same network to other people? I had the same question and found some guidance here:
August 13, 20241 yr 1 hour ago, vigs said: I had the same question and found some guidance here: For this kind of use, I have followed the latest Spaceinvader One videos using swag and it works But I wanted to put an minecraft server on tailscale too and be able to share this by itself and thats how I started looking into this container. But now I found out that if I add "--net=container:Tailscale-Docker" to the extra-parameters of the minecraft server and set network to "none", the minecraft container will use the network of this container and the address will be "ip-of-tailscail-docker:port-you-set-the-minecraft-server-to" The docker you connect this way will only be accessible over tailscale, even on an PC on same LAN since that container does not have its own IP on an bridged network And it worked
September 6, 20241 yr I recently found the video of spaceinvaderone and wanted to kinda copy his tailscale setup. (plugin tailscale) It works but I don't have SSL when I use it like he does it. So I searched and found another tutorial which seems to do exactly what I want: I created a custom network for tailscale-dockers. Then I setup the tailscale docker container assigned it to the custom docker network and then I setup the nginx reverse proxy container that uses the network of the tailscale docker container. I setup my domain from strato. the a record pointing to the IP of the tailscale docker container. I can login at nginx like that. o I figure that my setup is probably correct up to this point. Now I wanted to access my vaultwarden container. I setup a subdomain to my domain and pointed it to the ip of the tailscale docker too. I changed the existing conatiner to the custom docker network that I used for the tailscaler container. I setup a proxy host in nginx for my subdomain and pointed the it to the internal docker ip of the vaultwarden container. but somehow it does not work ... I logged into the nginx container and from there iam able to ping the vaultwarden container so it should work like that, or do I miss something:
September 6, 20241 yr I solved it. I used a different NGINX container which has the ports mapped like this: 80:80 443:443 The other container I used before did not do that and had an internal port of: 8080 4443 Thats why the Tailscale IP did not get forwarded from NGINX But it works now.
September 13, 20241 yr hello im using your docker and im trying to add the docker as an exit node but every time i do when i shut the docker down and then spin it back up its giving me an auth failure. i have the persistent node info filled out
September 13, 20241 yr Author Just now, darkkingwill said: hello im using your docker and im trying to add the docker as an exit node but every time i do when i shut the docker down and then spin it back up its giving me an auth failure. i have the persistent node info filled out That would sound like you're losing your state storage... did you keep that configured? Auth keys are one-time-use unless created as reusable.
September 14, 20241 yr i see the TS_EXTRA_ARGS. Is that were i put things like accepting routes and exit node? i have been using the console
September 14, 20241 yr i dont mess with the state storage. i just use tailscale set --advertise-routes=10.0.0.254/32 in the console and when i restart the container i get the failed to auth
September 21, 20241 yr I deployed the docker container and authed it, it's authorized and working in the Tailscale console. There are also no ACLs in place. The problem is that I can ping (normal ping) the container's Tailscale IP from other Tailscale devices, but this container can't ping any other device on the tailnet, not even itself. Why is that? Tailscale ping command works fine though Also, I would like to know if I could set this container to use another exit node, and then use this container as my gateway for other network devices. The way this would work is that this container connects to another exit node, and my network devices (TV, laptop...) use the container's IP as gateway, so everything would use the exit node's IP address. Is this even possible? Thank you!
October 10, 20241 yr Need some configuration help on admin portal i set nameserver to my pihole ip on the docker i set TS_ACCEPT_DNS to true, as exit node, and accept routes when i use the docker as exit node from other device it wont go through my pihole, if i dont use this docker as exit node, traffic goes through pihole previously i was using deasmi docker as exit node and it works fine please help update: i solve it by changing TS_USERSPACE to false. weird thing now is on tailscale admin, i see message "Unable to relay traffic" warning but everything seems working fine Edited October 10, 20241 yr by Kira
November 13, 20241 yr I'm unable to set the Tailscale-Docker container as an exit node. I've added --advertise-exit-node as an extra argument in the config, but it doesn't show up as being allowed to be enabled in the Tailscale admin page.
January 16, 20251 yr How can I force this container to use a certain exit node? I've tried adding --exit-node=IP in the extra parameters, but I can't seem to make it work
December 14, 2025Dec 14 Im trying to use this docker for external access to my servers and other dockers, but they keep giving me this error: "Unraid Docker Hook script throw an error!" forcing the docker to start without tailscale, and preventing external access. What is causing this problem, and how do i fix it?
March 22Mar 22 On 8/14/2024 at 2:38 AM, isvein said:For this kind of use, I have followed the latest Spaceinvader One videos using swag and it works But I wanted to put an minecraft server on tailscale too and be able to share this by itself and thats how I started looking into this container.But now I found out that if I add "--net=container:Tailscale-Docker" to the extra-parameters of the minecraft server and set network to "none", the minecraft container will use the network of this container and the address will be "ip-of-tailscail-docker:port-you-set-the-minecraft-server-to"The docker you connect this way will only be accessible over tailscale, even on an PC on same LAN since that container does not have its own IP on an bridged networkAnd it worked I'm looking for a way to share a certain container without changing the network
March 22Mar 22 23 minutes ago, TheExoticBeard said:I'm looking for a way to share a certain container without changing the networkConnect container to networkdocker network connect app-net myapp Brandon Martino - Personal SiteGuide-DockerNetworksBrandon Martino - Personal Site
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.