tailscale-docker/README.md

42 lines
2.6 KiB
Markdown
Raw Normal View History

2023-12-29 18:55:34 +00:00
# Tailscale in Docker with Serve/Funnel Support
2022-08-22 18:03:01 +00:00
2023-12-29 18:55:34 +00:00
This modification of the [official Tailscale Docker image](https://github.com/tailscale/tailscale/pkgs/container/tailscale) makes it easy to [Serve](https://tailscale.com/kb/1312/serve)/[Funnel](https://tailscale.com/kb/1223/funnel) another container without needing interactive configuration.
2022-08-22 18:03:01 +00:00
2023-12-29 18:55:34 +00:00
## Prereqs
- A [pre-authentication key](https://tailscale.com/kb/1085/auth-keys) so the Tailscale container can log in to your tailnet.
- [Tailscale Serve setup](https://tailscale.com/kb/1312/serve#setup)
- [Tailscale Funnel setup](https://tailscale.com/kb/1223/funnel#setup)
- [Tailscale Funnel ACL](https://tailscale.com/kb/1223/funnel#tailnet-policy-file-requirement)
2022-08-22 18:03:01 +00:00
2023-12-29 18:55:34 +00:00
> If you're planning to use Funnel, you may want to build the ACL around a tag (such as `tag:funnel`) and automatically apply that tag when you generate the pre-auth key.
2022-08-22 18:03:01 +00:00
2023-12-29 18:55:34 +00:00
## docker-compose
2022-08-22 18:03:01 +00:00
2023-12-29 18:55:34 +00:00
See [docker-compose.yml](/docker-compose-example/docker-compose.yml) for an example Compose config.
Expected environment variables:
| Variable Name | Example | Description |
| --- | --- | --- |
| `TS_AUTHKEY` | `tskey-auth-somestring-somelongerstring` | used for unattened auth of the new node, get one [here](https://login.tailscale.com/admin/settings/keys) |
| `TS_HOSTNAME` | `my-app` | optional Tailscale hostname for the new node |
| `TS_STATE_DIR` | `/var/lib/tailscale/` | required directory for storing Tailscale state, this should be mounted to the container for persistence |
| `TS_TAILSCALED_EXTRA_ARGS` | `--verbose=1` | optional additional [flags](https://tailscale.com/kb/1278/tailscaled#flags-to-tailscaled) for `tailscaled` |
2023-12-30 03:58:39 +00:00
| `TS_EXTRA_ARGS` | `--ssh` | optional additional [flags](https://tailscale.com/kb/1241/tailscale-up) for `tailscale up` |
2023-12-29 18:55:34 +00:00
| `TS_SERVE_PORT` | `8080` | optional application port to expose with [Tailscale Serve](https://tailscale.com/kb/1312/serve) |
| `TS_FUNNEL` | `1` | if set (to anything), will proxy `TS_SERVE_PORT` **publicly** with [Tailscale Funnel](https://tailscale.com/kb/1223/funnel) |
2023-12-29 18:55:34 +00:00
You can drop these in a `.env` file alongside your `docker-compose.yml` to load them automatically - see [.env_template](/docker-compose-example/env_template) for an example.
### Usage
- Copy the `image/` directory next to your `docker-compose.yml`.
- Start with rebuild if necessary:
`docker compose up -d --build`
- Tail logs:
`docker compose logs --follow`
2023-12-29 19:47:00 +00:00
- Access `tailscale`` container for troubleshooting:
`docker exec -it tailscale ash`
2023-12-29 18:55:34 +00:00
- Stop:
`docker compose down`
## Credits
Based on Louis-Philippe Asselin's [tailscale-docker](https://github.com/lpasselin/tailscale-docker).