January 12, 20251 yr TSDProxy automatically creates Tailscale machines for your containers without requiring changes to the container. Easy to configure and deploy, based on Docker container labels. This provides similar functionality to the "Use Tailscale" feature in the container settings, but without the problems resulting from that feature taking over the initialization of the container. Configuration Install TSDProxy from Community Applications. (Optional) Install Label Manager from Community Applications. If you choose not to install Label Manager, see the instructions to manually configure the container. In the Unraid WebGUI, open Settings -> Label Manager. Select the container to configure. Select the desired settings and click Apply. (Usually, this will just be the "Enable" option.) The container will be restarted to apply the updated labels. Open the TSDProxy dashboard to connect the container to Tailscale: Click TSDProxy on the Docker tab, then WebUI Click the container, and log in to Tailscale. Manually Configuring Containers Edit the container. In the container settings, click Add another Path, Port, Variable, Label or Device. Create a label to enable TSDProxy: Config Type: Label Name: tsdproxy.enable Key: tsdproxy.enable Value: true Create a label to make the machine persistent: Config Type: Label Name: tsdproxy.ephemeral Key: tsdproxy.ephemeral Value: false Save the container. Open the TSDProxy dashboard to connect the container to Tailscale: Click TSDProxy on the Docker tab, then WebUI Click the container, and log in to Tailscale. Edited January 13, 20251 yr by EDACerton
January 12, 20251 yr Well, this is genius! Don't need this at moment but I am sure I'll need it soon - THANK YOU!
January 12, 20251 yr Author 10 minutes ago, blaine07 said: Well, this is genius! Don't need this at moment but I am sure I'll need it soon - THANK YOU! I also have a new plugin called "Label Manager" coming that makes it easier to configure.... just waiting for Community Apps to pick it up.
January 12, 20251 yr Would this work to use on another docker using the "Network Type" > "Container" and just select TSDProxy container?
January 12, 20251 yr Author 5 minutes ago, kri kri said: Would this work to use on another docker using the "Network Type" > "Container" and just select TSDProxy container? You should not do this. The other containers just need the labels.
January 12, 20251 yr 4 hours ago, EDACerton said: I also have a new plugin called "Label Manager" coming that makes it easier to configure.... just waiting for Community Apps to pick it up. Awesome; can’t wait. I did set this up on a container to play with. Dead simple, worked perfect - sounds like new plugin will make it even easier! We appreciate you! (I really need to look into what changes were made with Unraid 7 and Tailscale, too, as I upgraded to 7 a few evenings ago)
January 14, 20251 yr I just started using this and it's very cool, is it possible to share additional ports? for instance I want to share the container "retrom" with my friend, this container has a web UI that I would like to be accessible from https via https://retrom.my-tailnet.ts.net and right now this works great, but i'd also like to be able to share port 3000 via retrom.my-tailnet.ts.net:3000 for use with the retrom windows client is this possible?
January 16, 20251 yr Tested with a few apps, searxng, Pdf etc. works absolute great 😊. Was previously using tailscale sidecar (also great but more complicated updating and generating new tailscale domains). Now running all Apps on my tailscale sub domains with your TSD app and Label Maker. tried nextcloud-aio but failed - either got error of http to https error message or blank screen. thanks again
January 16, 20251 yr Author 4 hours ago, canals_ding said: Tested with a few apps, searxng, Pdf etc. works absolute great 😊. Was previously using tailscale sidecar (also great but more complicated updating and generating new tailscale domains). Now running all Apps on my tailscale sub domains with your TSD app and Label Maker. tried nextcloud-aio but failed - either got error of http to https error message or blank screen. thanks again I believe that nextcloud-aio serves HTTPS directly, you need to tell TSDProxy this. In Label Manager, click the button to switch to Advanced, and then set: Scheme = HTTPS TLS Validate = No
January 16, 20251 yr Thanks. I have done this. What happens is the Nextcloud initial config panel listing all the containers appears. When you have the option to click through to your admin site it just reopens the original dashboard and not the admin login page. Will keep on looking. Quote AH00489: Apache/2.4.62 (Unix) OpenSSL/3.3.2 configured -- resuming normal operations 2025-01-16T17:16:24.390123223Z [Thu Jan 16 17:16:24.388921 2025] [core:notice] [pid 143:tid 143] AH00094: Command line: 'httpd -D FOREGROUND' 2025-01-16T17:16:24.391817179Z {"level":"info","ts":1737047784.3916264,"msg":"using config from file","file":"/Caddyfile"} 2025-01-16T17:16:24.392949330Z {"level":"info","ts":1737047784.392757,"msg":"adapted config to JSON","adapter":"caddyfile"} 2025-01-16T17:18:06.429644555Z Deleting duplicate sessions
January 23, 20251 yr Any idea why containers that use TSDProxy show up with ERR-BuildInfo as part of the version ID? The screenshot below shows my Plex and Jellyfin containers with that info. The Jellyfin container is working with the iOS JF client but the Plex one isn't. Can't even get to the Plex via the Tailscale IP or the Tailnet name in a web browser.
January 23, 20251 yr Author 11 minutes ago, AgentXXL said: Any idea why containers that use TSDProxy show up with ERR-BuildInfo as part of the version ID? The screenshot below shows my Plex and Jellyfin containers with that info. The Jellyfin container is working with the iOS JF client but the Plex one isn't. Can't even get to the Plex via the Tailscale IP or the Tailnet name in a web browser. It shows that way because TSDProxy uses tsnet (a library that Tailscale provides) to manage connections. The admin interface doesn’t have a good way to distinguish that from the “traditional” Tailscale clients, so you end up with the weird version string. For the plex UI, you might need to specify the port in the advanced settings in Label Manager, it could be trying to proxy the wrong port from the container. Edited January 23, 20251 yr by EDACerton
January 23, 20251 yr 30 minutes ago, EDACerton said: It shows that way because TSDProxy uses tsnet (a library that Tailscale provides) to manage connections. The admin interface doesn’t have a good way to distinguish that from the “traditional” Tailscale clients, so you end up with the weird version string. For the plex UI, you might need to specify the port in the advanced settings in Label Manager, it might be trying to proxy the wrong port from the container. OK, so it's just a cosmetic thing then. When I see ERR, I usually assume that's because there is one. Tried putting 32400 in for the port, but still no go. And now both Plex and JF aren't working. WTF did I do now... not even working locally. Back to it... EDIT: Got Plex working locally again - just restarted the container and this time it worked. Edited January 23, 20251 yr by AgentXXL
February 9, 20251 yr Struggling to get Actual Budget Server container to work with this. I've gone through the instructions at the top of this thread and the container shows on my machines page of my tailnet as connected, but I'm unable to connect to it using IP or TS URL provided. What am I missing here? Thanks Edit: I can ping the container at the tailnet IP fine. Edited February 9, 20251 yr by rickydg
February 13, 20251 yr Author On 2/9/2025 at 9:47 AM, rickydg said: Struggling to get Actual Budget Server container to work with this. I've gone through the instructions at the top of this thread and the container shows on my machines page of my tailnet as connected, but I'm unable to connect to it using IP or TS URL provided. What am I missing here? Thanks Edit: I can ping the container at the tailnet IP fine. That seems like a fairly simple container, it should work just fine at https://name.tailnet.ts.net/ . Did you add a port when you configured the labels?
March 8, 20251 yr This plugin (with the label plugin) is easier to use than the built in Use Tailscale toggle and it solved 2 issues I was having with random containers not working well with the Tailscale toggle right off the bat. Thank you for this!
March 8, 20251 yr Im diving into this world currently and this plugin is helping a lot! Any suggestion on how I would setup a npm (nginx) container to proxy to other machines? I tried many plugins but always failing because of the ports used conflicting with Tailscale
March 9, 20251 yr I'm having also a small issue, trying to open the ipv4 of the single service I get automatically redirected to https and getting SSL errors, is there any setting I need to disable to prevent this?
March 12, 20251 yr On 3/8/2025 at 4:09 AM, Apocaliss92 said: Im diving into this world currently and this plugin is helping a lot! Any suggestion on how I would setup a npm (nginx) container to proxy to other machines? I tried many plugins but always failing because of the ports used conflicting with Tailscale What I ended up doing is setting up one of your VMs or servers as an exit node. Add your subnets to the routes and then instead of using the tailnet IP use the "real" local IP and port in your browser. Not ideal but that is the only way i have found to make it work.
March 19, 20251 yr Could TSDProxy be configured to expose its own web interface via the tailnet it manages, or would this create problematic dependency loops that might compromise reliability and troubleshooting capabilities?
April 26, 20251 yr Is it possible to add the --snat-subnet-routes=false flag anywhere within the config or this docker container in Unraid? The only area it is currently accepted in the Unraid template is the 'Post Arguments' in Advanced View, but the container fails to start as the flag is not defined in the config. Inb4 try using the Tailscale option on the Docker containers; I have at least 3 different containers that will not run using the Tailscale plugin but run fine with TSDProxy, however for some authentication services I would like to know the real IP of where it is being connected from instead of the Docker internal IP, and from what I've read --snat-subnet-routes=false should do that, I just haven't been able to get it working with TSDProxy.
May 1, 20251 yr Author On 4/26/2025 at 10:41 AM, idkwatimdoin said: Is it possible to add the --snat-subnet-routes=false flag anywhere within the config or this docker container in Unraid? The only area it is currently accepted in the Unraid template is the 'Post Arguments' in Advanced View, but the container fails to start as the flag is not defined in the config. Inb4 try using the Tailscale option on the Docker containers; I have at least 3 different containers that will not run using the Tailscale plugin but run fine with TSDProxy, however for some authentication services I would like to know the real IP of where it is being connected from instead of the Docker internal IP, and from what I've read --snat-subnet-routes=false should do that, I just haven't been able to get it working with TSDProxy. snat-subnet-routes is for subnet routers. TSDProxy / tailscale serve is actually a reverse proxy. What you should be looking for is the X-Forwarded-For header that gets added to the request.
May 4, 20251 yr On 1/16/2025 at 6:37 PM, canals_ding said: Thanks. I have done this. What happens is the Nextcloud initial config panel listing all the containers appears. When you have the option to click through to your admin site it just reopens the original dashboard and not the admin login page. Will keep on looking. i has the same Issue, The AIO Container Interface loop, I use the TSDProxy as well. With Funnel (with Label Manager) i make the Nextcloud AIO accesable for the Internet, works but loops. Solution was TSDProxy change from Latest to Next. Now it works fine. Edited May 4, 20251 yr by Calidor
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.