diff --git a/README.md b/README.md index 0b48fd8..93e7852 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,19 @@ -# tailscale-docker -Tailscale in Docker without elevated privileges +# Tailscale in Docker + +Tailscale in Docker without elevated privileges. See associated blog post: https://asselin.engineer/tailscale-docker + +**Replace TAILSCALE_AUTH_KEY in `*/tailscale/start.sh` with your own**: https://login.tailscale.com/admin/settings/keys + +## simple-example + +As explained in the blog post, uses a docker-compose service to add the container in the VPN. + +## complex-example + +Not complex but more complex than the simple-example. +A nginx layer is added. It manages two services in independent containers at locations `/service-one` and `/service-two`. + +## TODO + +- auth key as a secret +- force reuse hostname in tailscale instead of adding suffix. Example: first start is assigned `hostname`. Then, if container is recreated, Tailscale assigns `hostname-1` \ No newline at end of file diff --git a/complex-example/docker-compose.yml b/complex-example/docker-compose.yml new file mode 100644 index 0000000..e26e6c7 --- /dev/null +++ b/complex-example/docker-compose.yml @@ -0,0 +1,16 @@ +version: "3.9" +services: + tailscale: + build: + context: ./tailscale + nginx: + build: + context: ./nginx + depends_on: + - service-one + - service-two + network_mode: "service:tailscale" + service-one: + image: nginxdemos/hello + service-two: + image: nginxdemos/hello diff --git a/complex-example/nginx/Dockerfile b/complex-example/nginx/Dockerfile new file mode 100644 index 0000000..109d173 --- /dev/null +++ b/complex-example/nginx/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx:1.21 +# based on debian:bullseye-slim +COPY conf.d /etc/nginx/conf.d \ No newline at end of file diff --git a/complex-example/nginx/conf.d/default.conf b/complex-example/nginx/conf.d/default.conf new file mode 100644 index 0000000..e952418 --- /dev/null +++ b/complex-example/nginx/conf.d/default.conf @@ -0,0 +1,18 @@ +server { + listen 80 default_server; + server_name _; + + location /service-one { + proxy_pass http://service-one/; + proxy_set_header Host $http_host; + access_log /dev/stdout; + error_log /dev/stdout; + } + + location /service-two { + proxy_pass http://service-two/; + proxy_set_header Host $http_host; + access_log /dev/stdout; + error_log /dev/stdout; + } +} \ No newline at end of file diff --git a/complex-example/tailscale/Dockerfile b/complex-example/tailscale/Dockerfile new file mode 100644 index 0000000..29eb6e3 --- /dev/null +++ b/complex-example/tailscale/Dockerfile @@ -0,0 +1,4 @@ +FROM tailscale/tailscale:v1.29 +COPY start.sh /usr/bin/start.sh +RUN chmod +x /usr/bin/start.sh +CMD "start.sh" \ No newline at end of file diff --git a/complex-example/tailscale/start.sh b/complex-example/tailscale/start.sh new file mode 100644 index 0000000..5de2d3f --- /dev/null +++ b/complex-example/tailscale/start.sh @@ -0,0 +1,7 @@ +#!/bin/ash +echo "Starting TS daemon" +tailscaled --tun=userspace-networking & +sleep 5 +tailscale up --authkey=TAILSCALE_AUTH_KEY --hostname=complex-example +tailscale status +sleep infinity \ No newline at end of file diff --git a/simple-example/docker-compose.yml b/simple-example/docker-compose.yml new file mode 100644 index 0000000..f29d145 --- /dev/null +++ b/simple-example/docker-compose.yml @@ -0,0 +1,8 @@ +version: "3.9" +services: + tailscale: + build: + context: ./tailscale + some-service-1: + image: nginxdemos/hello + network_mode: "service:tailscale" diff --git a/simple-example/tailscale/Dockerfile b/simple-example/tailscale/Dockerfile new file mode 100644 index 0000000..29eb6e3 --- /dev/null +++ b/simple-example/tailscale/Dockerfile @@ -0,0 +1,4 @@ +FROM tailscale/tailscale:v1.29 +COPY start.sh /usr/bin/start.sh +RUN chmod +x /usr/bin/start.sh +CMD "start.sh" \ No newline at end of file diff --git a/simple-example/tailscale/start.sh b/simple-example/tailscale/start.sh new file mode 100644 index 0000000..5e42e1c --- /dev/null +++ b/simple-example/tailscale/start.sh @@ -0,0 +1,7 @@ +#!/bin/ash +echo "Starting TS daemon" +tailscaled --tun=userspace-networking & +sleep 5 +tailscale up --authkey=TAILSCALE_AUTH_KEY --hostname=simple-docker-compose +tailscale status +sleep infinity \ No newline at end of file