February 25, 20251 yr So I managed to install Home Assistant as a Docker container and get it to work. But I though that I need to be able to reach it remotely as well and therefor activated Tailscale. I've been playing with Tailscale before and have my own tailnet and what not. But when I turn on Tailscale for my HA instance it falls apart. The new node named hass.my-tailnet is visible and connected in the Tailscale dashboard but the choice 'Tailscale WebUI' under the HA button in Docker does not work at all. This and all the different URLs the Tailscale dashboard provides all lead to 'DNS_PROBE_FINISHED_NXDOMAIN'. So what am I missing here? The idea is to expose several of my upcoming containers via Tailscale. Am I fooling myself when I think this is possible?
February 26, 20251 yr 6 hours ago, Arneby said: This and all the different URLs the Tailscale dashboard provides all lead to 'DNS_PROBE_FINISHED_NXDOMAIN'. The machine from which you are trying to connect is also in your Tailnet and connected to your Tailnet correct? I'm not 100% sure if this is necessary for HA but maybe you have to add the container IP as a trusted proxy but I could be wrong about that. 6 hours ago, Arneby said: So what am I missing here? The idea is to expose several of my upcoming containers via Tailscale. Do other containers work?
February 26, 20251 yr Author Turned out the Tailscale extension was not activated on this Mac after all. Weird but ok. With that fixed I got one step further but now I get "400: bad request" instead. I guess it's HA itself telling me this. No idea on how to setup the containers IP as a trusted proxy I'm afraid. No other containers up and running just yet.
February 27, 20251 yr 12 hours ago, Arneby said: Turned out the Tailscale extension was not activated on this Mac after all. Weird but ok. Okay, first problem solved... 12 hours ago, Arneby said: With that fixed I got one step further but now I get "400: bad request" instead. I guess it's HA itself telling me this. Exactly. 12 hours ago, Arneby said: No idea on how to setup the containers IP as a trusted proxy I'm afraid. You have to add this to your HA configuration.yaml and use your Tailscale IP: http: use_x_forwarded_for: true trusted_proxies: - xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx If you just have only one IP then simply leave the second line out and you obviously have to replace xxx.xxx.xxx.xxx with the Tailscale IP from the container, I just put the second line in if you already have another proxy configured.
February 28, 20251 yr Author I have now added both a Tailscale IP (not sure it's the right one though) and all the CloudFlare proxy servers under http: in configuration.yaml and restarted the Container. But still get 400: Bad request both for my CF Tunnel host name and for my Tailscale Web UI connection. At the same time UptimeKuma and Unraid GUI itself works perfectly with my CF Tunnel. Can I somehow turn off all this in my opinion stupid security in HA? I don't want multi layered security. I trust CF with this server and instance. Edited February 28, 20251 yr by Arneby
February 28, 20251 yr 3 hours ago, Arneby said: At the same time UptimeKuma and Unraid GUI itself works perfectly with my CF Tunnel. Can you please try to connect to HA with http://YOURTSIP:8123 from a machine which is in your Tailnet (please change the port if it's not the correct one but 8123 is the default IIRC).
February 28, 20251 yr Author I'm starting to think that all this is above my paygrade to put it nicely. My overall knowledge here is just too low and I keep thinking that this is security by obscurity rather than actual logic. Been trying to use ChatGPT Plus as well but while I get some 75% correct answers another 25% is outdated or just dreamt up BS - which ChatGPT happily admits to when I point it out. I will have to give this a rest for now and come back when I've saved up some more mental energy. Thank you for your help this far.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.