Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Docker] Tailscale

Featured Replies

Tailscale - Docker Container

 

This provides the official tailscale/tailscale Docker container. This container is only intended for advanced networking configurations (br0 networks, creating a separate Tailscale node for sharing Docker containers, etc.), so it is expected that you know what you are doing.

 

Support will not be provided for using this container to access Unraid resources (WebGUI, shares, etc.). To access Unraid resources, install the Tailscale plugin instead:

 

 

 

Description

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex network configuration on your behalf so that you don't have to. Network connections between devices pierce through firewalls and routers as if they weren't there, allowing for direct connections without the need to manually configure port forwarding.

 

Configuration

This container can be configured as either an ephemeral or persistent Tailscale node.    

 

To create a persistent node:   

  1. (Optional) Generate an authentication key in the Tailscale admin console.   
  2. Set Hostname, State Storage, and (if applicable) Authentication Key in the container configuration.   
  3. If you did not set an authentication key, open the container logs to obtain the login URL to join the node to your tailnet. Caution: If you use this method, you must complete the login within 60 seconds of the container starting. Otherwise, the container will stop, and you will need to start it again (with a new 60 second timer).

 

To create an ephemeral node:   

  1. Generate an ephemeral authentication key in the Tailscale admin console.   
  2. Set Hostname and Authentication Key in the container configuration. Leave State Storage blank.

Edited by EDACerton

  • 2 months later...

Im trying to understand how this works.
Im right if I think this works kinda like an reverse proxy?
You put the tailscale node on its own network with its own IP, then connect containers to same network with their own IPs and then though this tailscale node you can share access to only the containers on the same network to other people?

23 hours ago, isvein said:

Im trying to understand how this works.
Im right if I think this works kinda like an reverse proxy?
You put the tailscale node on its own network with its own IP, then connect containers to same network with their own IPs and then though this tailscale node you can share access to only the containers on the same network to other people?

I had the same question and found some guidance here:

 

1 hour ago, vigs said:

I had the same question and found some guidance here:

 

For this kind of use, I have followed the latest Spaceinvader One videos using swag and it works :)
But I wanted to put an minecraft server on tailscale too and be able to share this by itself and thats how I started looking into this container.

But now I found out that if I add "--net=container:Tailscale-Docker" to the extra-parameters of the minecraft server and set network to "none", the minecraft container will use the network of this container and the address will be "ip-of-tailscail-docker:port-you-set-the-minecraft-server-to"

The docker you connect this way will only be accessible over tailscale, even on an PC on same LAN since that container does not have its own IP on an bridged network

And it worked :)

  • 4 weeks later...

I recently found the video of spaceinvaderone and wanted to kinda copy his tailscale setup. (plugin tailscale) It works but I don't have SSL when I use it like he does it. So I searched and found another tutorial which seems to do exactly what I want:
 

 


I created a custom network for tailscale-dockers. Then I setup the tailscale docker container assigned it to the custom docker network and then I setup the nginx reverse proxy container that uses the network of the tailscale docker container.

I setup my domain from strato. the a record pointing to the IP of the tailscale docker container. I can login at nginx like that.
o I figure that my setup is probably correct up to this point.

Now I wanted to access my vaultwarden container.

I setup a subdomain to my domain and pointed it to the ip of the tailscale docker too. I changed the existing conatiner to the custom docker network that I used for the tailscaler container. I setup a proxy host in nginx for my subdomain and pointed the it to the internal docker ip of the vaultwarden container. but somehow it does not work ...

I logged into the nginx container and from there iam able to ping the vaultwarden container so it should work like that, or do I miss something:

I solved it. I used a different NGINX container which has the ports mapped like this: 

80:80
443:443

The other container I used before did not do that and had an internal port of:
8080
4443
Thats why the Tailscale IP did not get forwarded from NGINX

But it works now.

hello im using your docker and im trying to add the docker as an exit node but every time i do when i shut the docker down and then spin it back up its giving me an auth failure. 

i have the  persistent node info filled out

  • Author
Just now, darkkingwill said:

hello im using your docker and im trying to add the docker as an exit node but every time i do when i shut the docker down and then spin it back up its giving me an auth failure. 

i have the  persistent node info filled out

That would sound like you're losing your state storage... did you keep that configured? Auth keys are one-time-use unless created as reusable.

i see the TS_EXTRA_ARGS. Is that were i put things like accepting routes and exit node?

i have been using the console

 

i dont mess with the state storage. i just use tailscale set --advertise-routes=10.0.0.254/32 in the console and when i restart the container i get the failed to auth

I deployed the docker container and authed it, it's authorized and working in the Tailscale console. There are also no ACLs in place.

The problem is that I can ping (normal ping) the container's Tailscale IP from other Tailscale devices, but this container can't ping any other device on the tailnet, not even itself. Why is that? Tailscale ping command works fine though

 

Also, I would like to know if I could set this container to use another exit node, and then use this container as my gateway for other network devices. The way this would work is that this container connects to another exit node, and my network devices (TV, laptop...) use the container's IP as gateway, so everything would use the exit node's IP address. Is this even possible?
Thank you!

  • 3 weeks later...

Need some configuration help

 

on admin portal i set nameserver to my pihole ip

 

on the docker i set TS_ACCEPT_DNS to true, as exit node, and accept routes

 

when i use the docker as exit node from other device it wont go through my pihole, if i dont use this docker as exit node, traffic goes through pihole

 

previously i was using deasmi docker as exit node and it works fine

 

please help

 

update: i solve it by changing TS_USERSPACE to false. weird thing now is on tailscale admin, i see message "Unable to relay traffic" warning but everything seems working fine

Edited by Kira

  • 1 month later...

I'm unable to set the Tailscale-Docker container as an exit node. I've added --advertise-exit-node as an extra argument in the config, but it doesn't show up as being allowed to be enabled in the Tailscale admin page.

  • 2 months later...

How can I force this container to use a certain exit node? I've tried adding --exit-node=IP in the extra parameters, but I can't seem to make it work

  • 10 months later...

Im trying to use this docker for external access to my servers and other dockers, but they keep giving me this error: "Unraid Docker Hook script throw an error!" forcing the docker to start without tailscale, and preventing external access. What is causing this problem, and how do i fix it?

  • 3 months later...
On 8/14/2024 at 2:38 AM, isvein said:

For this kind of use, I have followed the latest Spaceinvader One videos using swag and it works :)
But I wanted to put an minecraft server on tailscale too and be able to share this by itself and thats how I started looking into this container.

But now I found out that if I add "--net=container:Tailscale-Docker" to the extra-parameters of the minecraft server and set network to "none", the minecraft container will use the network of this container and the address will be "ip-of-tailscail-docker:port-you-set-the-minecraft-server-to"

The docker you connect this way will only be accessible over tailscale, even on an PC on same LAN since that container does not have its own IP on an bridged network

And it worked :)


I'm looking for a way to share a certain container without changing the network

23 minutes ago, TheExoticBeard said:


I'm looking for a way to share a certain container without changing the network

Connect container to network

docker network connect app-net myapp

Brandon Martino - Personal Site
No image preview

Guide-DockerNetworks

Brandon Martino - Personal Site

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.