Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Container] TSDProxy

Featured Replies

TSDProxy automatically creates Tailscale machines for your containers without requiring changes to the container. Easy to configure and deploy, based on Docker container labels.

 

This provides similar functionality to the "Use Tailscale" feature in the container settings, but without the problems resulting from that feature taking over the initialization of the container.

 

Configuration

  1. Install TSDProxy from Community Applications.
  2. (Optional) Install Label Manager from Community Applications.
    1. If you choose not to install Label Manager, see the instructions to manually configure the container.
  3. In the Unraid WebGUI, open Settings -> Label Manager.

  4. Select the container to configure.

  5. Select the desired settings and click Apply. (Usually, this will just be the "Enable" option.)

    1. The container will be restarted to apply the updated labels.

  6. Open the TSDProxy dashboard to connect the container to Tailscale:
    1. Click TSDProxy on the Docker tab, then WebUI
    2. Click the container, and log in to Tailscale.

 

Manually Configuring Containers

  1. Edit the container.
  2. In the container settings, click Add another Path, Port, Variable, Label or Device.
  3. Create a label to enable TSDProxy:
    1. Config Type: Label
    2. Name: tsdproxy.enable
    3. Key: tsdproxy.enable
    4. Value: true
  4. Create a label to make the machine persistent:
    1. Config Type: Label
    2. Name: tsdproxy.ephemeral
    3. Key: tsdproxy.ephemeral
    4. Value: false
  5. Save the container.
  6. Open the TSDProxy dashboard to connect the container to Tailscale:
    1. Click TSDProxy on the Docker tab, then WebUI
    2. Click the container, and log in to Tailscale.

Edited by EDACerton

  • Replies 63
  • Views 15.2k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Endling
    Endling

    After a good bit of trial and error I managed to get version 2 to work. I left the TSDProxy container settings and the labels that I had set on the other containers untouched. I modified the yaml and

  • I also have a new plugin called "Label Manager" coming that makes it easier to configure.... just waiting for Community Apps to pick it up.

  • EDACerton
    EDACerton

    So, long story short... The author of TSDProxy disappeared for a year, then came back and suddenly dropped v2, which completely breaks every existing config. So Label Manager doesn't work with it an

Posted Images

Well, this is genius! Don't need this at moment but I am sure I'll need it soon - THANK YOU!

  • Author
10 minutes ago, blaine07 said:

Well, this is genius! Don't need this at moment but I am sure I'll need it soon - THANK YOU!

I also have a new plugin called "Label Manager" coming that makes it easier to configure.... just waiting for Community Apps to pick it up.

Would this work to use on another docker using the "Network Type" > "Container" and just select TSDProxy container? 

  • Author
5 minutes ago, kri kri said:

Would this work to use on another docker using the "Network Type" > "Container" and just select TSDProxy container? 

You should not do this. The other containers just need the labels. 

4 hours ago, EDACerton said:

I also have a new plugin called "Label Manager" coming that makes it easier to configure.... just waiting for Community Apps to pick it up.

Awesome; can’t wait. I did set this up on a container to play with. Dead simple, worked perfect - sounds like new plugin will make it even easier!

 

We appreciate you! (I really need to look into what changes were made with Unraid 7 and Tailscale, too, as I upgraded to 7 a few evenings ago)

I just started using this and it's very cool, is it possible to share additional ports? for instance I want to share the container "retrom" with my friend, this container has a web UI that I would like to be accessible from https via https://retrom.my-tailnet.ts.net and right now this works great, but i'd also like to be able to share port 3000 via retrom.my-tailnet.ts.net:3000 for use with the retrom windows client is this possible?

Tested with a few apps, searxng, Pdf etc. works absolute great 😊.
 

Was previously using tailscale sidecar (also great but more complicated updating and generating new tailscale domains). Now running all Apps on my tailscale sub domains with your TSD app and Label Maker.

 

tried nextcloud-aio but failed - either got error of http to https error message or blank screen.

 

thanks again

  • Author
4 hours ago, canals_ding said:

Tested with a few apps, searxng, Pdf etc. works absolute great 😊.
 

Was previously using tailscale sidecar (also great but more complicated updating and generating new tailscale domains). Now running all Apps on my tailscale sub domains with your TSD app and Label Maker.

 

tried nextcloud-aio but failed - either got error of http to https error message or blank screen.

 

thanks again

I believe that nextcloud-aio serves HTTPS directly, you need to tell TSDProxy this. In Label Manager, click the button to switch to Advanced, and then set:

 

Scheme = HTTPS

TLS Validate = No

Thanks. I have done this. What happens is the Nextcloud initial config panel listing all the containers appears. When you have the option to click through to your admin site it just reopens the original dashboard and not the admin login page. Will keep on looking.
 

Quote

AH00489: Apache/2.4.62 (Unix) OpenSSL/3.3.2 configured -- resuming normal operations 2025-01-16T17:16:24.390123223Z [Thu Jan 16 17:16:24.388921 2025] [core:notice] [pid 143:tid 143] AH00094: Command line: 'httpd -D FOREGROUND' 2025-01-16T17:16:24.391817179Z {"level":"info","ts":1737047784.3916264,"msg":"using config from file","file":"/Caddyfile"} 2025-01-16T17:16:24.392949330Z {"level":"info","ts":1737047784.392757,"msg":"adapted config to JSON","adapter":"caddyfile"} 2025-01-16T17:18:06.429644555Z Deleting duplicate sessions


 


 

 

 

 

 

Any idea why containers that use TSDProxy show up with ERR-BuildInfo as part of the version ID? The screenshot below shows my Plex and Jellyfin containers with that info. The Jellyfin container is working with the iOS JF client but the Plex one isn't. Can't even get to the Plex via the Tailscale IP or the Tailnet name in a web browser.

 

TSDProxyERR-BuildInfo.thumb.jpg.13abac77183ec405e00254e2451aebad.jpg

  • Author
11 minutes ago, AgentXXL said:

Any idea why containers that use TSDProxy show up with ERR-BuildInfo as part of the version ID? The screenshot below shows my Plex and Jellyfin containers with that info. The Jellyfin container is working with the iOS JF client but the Plex one isn't. Can't even get to the Plex via the Tailscale IP or the Tailnet name in a web browser.

 

TSDProxyERR-BuildInfo.thumb.jpg.13abac77183ec405e00254e2451aebad.jpg

It shows that way because TSDProxy uses tsnet (a library that Tailscale provides) to manage connections. The admin interface doesn’t have a good way to distinguish that from the “traditional” Tailscale clients, so you end up with the weird version string. 
 

For the plex UI, you might need to specify the port in the advanced settings in Label Manager, it could be trying to proxy the wrong port from the container. 

Edited by EDACerton

30 minutes ago, EDACerton said:

It shows that way because TSDProxy uses tsnet (a library that Tailscale provides) to manage connections. The admin interface doesn’t have a good way to distinguish that from the “traditional” Tailscale clients, so you end up with the weird version string. 
 

For the plex UI, you might need to specify the port in the advanced settings in Label Manager, it might be trying to proxy the wrong port from the container. 

OK, so it's just a cosmetic thing then. When I see ERR, I usually assume that's because there is one.

 

Tried putting 32400 in for the port, but still no go. And now both Plex and JF aren't working. WTF did I do now... not even working locally. Back to it...

 

EDIT: Got Plex working locally again - just restarted the container and this time it worked.

Edited by AgentXXL

  • 2 weeks later...

Thanks a lot for your work ;)

  • 2 weeks later...

Struggling to get Actual Budget Server container to work with this. I've gone through the instructions at the top of this thread and the container shows on my machines page of my tailnet as connected, but I'm unable to connect to it using IP or TS URL provided.

 

What am I missing here?

 

Thanks

 

Edit: I can ping the container at the tailnet IP fine.

Edited by rickydg

  • Author
On 2/9/2025 at 9:47 AM, rickydg said:

Struggling to get Actual Budget Server container to work with this. I've gone through the instructions at the top of this thread and the container shows on my machines page of my tailnet as connected, but I'm unable to connect to it using IP or TS URL provided.

 

What am I missing here?

 

Thanks

 

Edit: I can ping the container at the tailnet IP fine.

That seems like a fairly simple container, it should work just fine at https://name.tailnet.ts.net/ . Did you add a port when you configured the labels?

  • 4 weeks later...

Hi,

 

How should the clients update? Mine are still on version 1.78.3.

 

image.png.3f7da437ee5614dc761c997ba9d8d623.png

This plugin (with the label plugin) is easier to use than the built in Use Tailscale toggle and it solved 2 issues I was having with random containers not working well with the Tailscale toggle right off the bat.  Thank you for this!

Im diving into this world currently and this plugin is helping a lot! Any suggestion on how I would setup a npm (nginx) container to proxy to other machines? I tried many plugins but always failing because of the ports used conflicting with Tailscale

I'm having also a small issue, trying to open the ipv4 of the single service I get automatically redirected to https and getting SSL errors, is there any setting I need to disable to prevent this?

On 3/8/2025 at 4:09 AM, Apocaliss92 said:

Im diving into this world currently and this plugin is helping a lot! Any suggestion on how I would setup a npm (nginx) container to proxy to other machines? I tried many plugins but always failing because of the ports used conflicting with Tailscale

What I ended up doing is setting up one of your VMs or servers as an exit node.  Add your subnets to the routes and then instead of using the tailnet IP use the "real" local IP and port in your browser.  Not ideal but that is the only way i have found to make it work.

Could TSDProxy be configured to expose its own web interface via the tailnet it manages, or would this create problematic dependency loops that might compromise reliability and troubleshooting capabilities?

  • 1 month later...

Is it possible to add the --snat-subnet-routes=false flag anywhere within the config or this docker container in Unraid? The only area it is currently accepted in the Unraid template is the 'Post Arguments' in Advanced View, but the container fails to start as the flag is not defined in the config.

 

Inb4 try using the Tailscale option on the Docker containers; I have at least 3 different containers that will not run using the Tailscale plugin but run fine with TSDProxy, however for some authentication services I would like to know the real IP of where it is being connected from instead of the Docker internal IP, and from what I've read --snat-subnet-routes=false should do that, I just haven't been able to get it working with TSDProxy.

  • Author
On 4/26/2025 at 10:41 AM, idkwatimdoin said:

Is it possible to add the --snat-subnet-routes=false flag anywhere within the config or this docker container in Unraid? The only area it is currently accepted in the Unraid template is the 'Post Arguments' in Advanced View, but the container fails to start as the flag is not defined in the config.

 

Inb4 try using the Tailscale option on the Docker containers; I have at least 3 different containers that will not run using the Tailscale plugin but run fine with TSDProxy, however for some authentication services I would like to know the real IP of where it is being connected from instead of the Docker internal IP, and from what I've read --snat-subnet-routes=false should do that, I just haven't been able to get it working with TSDProxy.

snat-subnet-routes is for subnet routers.

 

TSDProxy / tailscale serve is actually a reverse proxy. What you should be looking for is the X-Forwarded-For header that gets added to the request.

On 1/16/2025 at 6:37 PM, canals_ding said:

Thanks. I have done this. What happens is the Nextcloud initial config panel listing all the containers appears. When you have the option to click through to your admin site it just reopens the original dashboard and not the admin login page. Will keep on looking.

i has the same Issue, The AIO Container Interface loop, I use the TSDProxy as well. With Funnel (with Label Manager) i make the Nextcloud AIO accesable for the Internet, works but loops.

 

Solution was TSDProxy change from Latest to Next. Now it works fine.

Edited by Calidor

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.