From 1009329b4962f035bcc7341f73eaf2e2a5b8d67f Mon Sep 17 00:00:00 2001
From: Louis-Philippe Asselin <Louis-Philippe.Asselin@Bentley.com>
Date: Mon, 22 Aug 2022 14:03:01 -0400
Subject: [PATCH] working examples simple and complex

---
 README.md                                 | 21 +++++++++++++++++++--
 complex-example/docker-compose.yml        | 16 ++++++++++++++++
 complex-example/nginx/Dockerfile          |  3 +++
 complex-example/nginx/conf.d/default.conf | 18 ++++++++++++++++++
 complex-example/tailscale/Dockerfile      |  4 ++++
 complex-example/tailscale/start.sh        |  7 +++++++
 simple-example/docker-compose.yml         |  8 ++++++++
 simple-example/tailscale/Dockerfile       |  4 ++++
 simple-example/tailscale/start.sh         |  7 +++++++
 9 files changed, 86 insertions(+), 2 deletions(-)
 create mode 100644 complex-example/docker-compose.yml
 create mode 100644 complex-example/nginx/Dockerfile
 create mode 100644 complex-example/nginx/conf.d/default.conf
 create mode 100644 complex-example/tailscale/Dockerfile
 create mode 100644 complex-example/tailscale/start.sh
 create mode 100644 simple-example/docker-compose.yml
 create mode 100644 simple-example/tailscale/Dockerfile
 create mode 100644 simple-example/tailscale/start.sh

diff --git a/README.md b/README.md
index 0b48fd8..93e7852 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,19 @@
-# tailscale-docker
-Tailscale in Docker without elevated privileges
+# Tailscale in Docker
+
+Tailscale in Docker without elevated privileges. See associated blog post: https://asselin.engineer/tailscale-docker
+
+**Replace TAILSCALE_AUTH_KEY in `*/tailscale/start.sh` with your own**: https://login.tailscale.com/admin/settings/keys
+
+## simple-example
+
+As explained in the blog post, uses a docker-compose service to add the container in the VPN.
+
+## complex-example
+
+Not complex but more complex than the simple-example.
+A nginx layer is added. It manages two services in independent containers at locations `/service-one` and `/service-two`.
+
+## TODO
+
+- auth key as a secret
+- force reuse hostname in tailscale instead of adding suffix. Example: first start is assigned `hostname`. Then, if container is recreated, Tailscale assigns `hostname-1`
\ No newline at end of file
diff --git a/complex-example/docker-compose.yml b/complex-example/docker-compose.yml
new file mode 100644
index 0000000..e26e6c7
--- /dev/null
+++ b/complex-example/docker-compose.yml
@@ -0,0 +1,16 @@
+version: "3.9"
+services:
+  tailscale:
+    build:
+      context: ./tailscale
+  nginx:
+    build:
+      context: ./nginx
+    depends_on:
+      - service-one
+      - service-two
+    network_mode: "service:tailscale"
+  service-one:
+    image: nginxdemos/hello
+  service-two:
+    image: nginxdemos/hello
diff --git a/complex-example/nginx/Dockerfile b/complex-example/nginx/Dockerfile
new file mode 100644
index 0000000..109d173
--- /dev/null
+++ b/complex-example/nginx/Dockerfile
@@ -0,0 +1,3 @@
+FROM nginx:1.21
+# based on debian:bullseye-slim
+COPY conf.d /etc/nginx/conf.d
\ No newline at end of file
diff --git a/complex-example/nginx/conf.d/default.conf b/complex-example/nginx/conf.d/default.conf
new file mode 100644
index 0000000..e952418
--- /dev/null
+++ b/complex-example/nginx/conf.d/default.conf
@@ -0,0 +1,18 @@
+server {
+    listen 80 default_server;
+    server_name _;
+
+    location /service-one {
+        proxy_pass http://service-one/;
+        proxy_set_header Host $http_host;
+        access_log /dev/stdout;
+        error_log /dev/stdout;
+    }
+    
+    location /service-two {
+        proxy_pass http://service-two/;
+        proxy_set_header Host $http_host;
+        access_log /dev/stdout;
+        error_log /dev/stdout;
+    }
+}
\ No newline at end of file
diff --git a/complex-example/tailscale/Dockerfile b/complex-example/tailscale/Dockerfile
new file mode 100644
index 0000000..29eb6e3
--- /dev/null
+++ b/complex-example/tailscale/Dockerfile
@@ -0,0 +1,4 @@
+FROM tailscale/tailscale:v1.29
+COPY start.sh /usr/bin/start.sh
+RUN chmod +x /usr/bin/start.sh
+CMD "start.sh"
\ No newline at end of file
diff --git a/complex-example/tailscale/start.sh b/complex-example/tailscale/start.sh
new file mode 100644
index 0000000..5de2d3f
--- /dev/null
+++ b/complex-example/tailscale/start.sh
@@ -0,0 +1,7 @@
+#!/bin/ash
+echo "Starting TS daemon"
+tailscaled --tun=userspace-networking &
+sleep 5
+tailscale up --authkey=TAILSCALE_AUTH_KEY --hostname=complex-example
+tailscale status
+sleep infinity
\ No newline at end of file
diff --git a/simple-example/docker-compose.yml b/simple-example/docker-compose.yml
new file mode 100644
index 0000000..f29d145
--- /dev/null
+++ b/simple-example/docker-compose.yml
@@ -0,0 +1,8 @@
+version: "3.9"
+services:
+  tailscale:
+    build:
+      context: ./tailscale
+  some-service-1:
+    image: nginxdemos/hello
+    network_mode: "service:tailscale"
diff --git a/simple-example/tailscale/Dockerfile b/simple-example/tailscale/Dockerfile
new file mode 100644
index 0000000..29eb6e3
--- /dev/null
+++ b/simple-example/tailscale/Dockerfile
@@ -0,0 +1,4 @@
+FROM tailscale/tailscale:v1.29
+COPY start.sh /usr/bin/start.sh
+RUN chmod +x /usr/bin/start.sh
+CMD "start.sh"
\ No newline at end of file
diff --git a/simple-example/tailscale/start.sh b/simple-example/tailscale/start.sh
new file mode 100644
index 0000000..5e42e1c
--- /dev/null
+++ b/simple-example/tailscale/start.sh
@@ -0,0 +1,7 @@
+#!/bin/ash
+echo "Starting TS daemon"
+tailscaled --tun=userspace-networking &
+sleep 5
+tailscale up --authkey=TAILSCALE_AUTH_KEY --hostname=simple-docker-compose
+tailscale status
+sleep infinity
\ No newline at end of file