From fe4cba9c4f1bb5afb7e2057190bfa36cde5d1032 Mon Sep 17 00:00:00 2001
From: John Bowdre <john@bowdre.net>
Date: Fri, 29 Dec 2023 12:55:34 -0600
Subject: [PATCH] update readme

---
 README.md | 85 +++++++++++++++++++++----------------------------------
 1 file changed, 32 insertions(+), 53 deletions(-)

diff --git a/README.md b/README.md
index 096c044..0b7c790 100644
--- a/README.md
+++ b/README.md
@@ -1,62 +1,41 @@
-# Tailscale in Docker without elevated privileges
+# Tailscale in Docker with Serve/Funnel Support
 
-See associated blog post: <https://asselin.engineer/tailscale-docker>
+This modification of the [official Tailscale Docker image](https://github.com/tailscale/tailscale/pkgs/container/tailscale) makes it easy to [Serve](https://tailscale.com/kb/1312/serve)/[Funnel](https://tailscale.com/kb/1223/funnel) another container without needing interactive configuration.
 
-**Set the TAILSCALE_AUTH_KEY with your own ephemeral auth key**: <https://login.tailscale.com/admin/settings/keys>
+## Prereqs
+- A [pre-authentication key](https://tailscale.com/kb/1085/auth-keys) so the Tailscale container can log in to your tailnet.
+- [Tailscale Serve setup](https://tailscale.com/kb/1312/serve#setup)
+- [Tailscale Funnel setup](https://tailscale.com/kb/1223/funnel#setup)
+- [Tailscale Funnel ACL](https://tailscale.com/kb/1223/funnel#tailnet-policy-file-requirement)
+
+> If you're planning to use Funnel, you may want to build the ACL around a tag (such as `tag:funnel`) and automatically apply that tag when you generate the pre-auth key.
 
 ## docker-compose
 
-The examples detailed below are in the docker-compose folder.
+See [docker-compose.yml](/docker-compose-example/docker-compose.yml) for an example Compose config.
 
-By default, no state is saved. The nodes are removed from the network when the tailscale container is terminated. This means the ip address is never the same.
-The `stateful-example` does save the tailscale node state to a docker volume.
+Expected environment variables:
+| Variable Name | Example | Description |
+| --- | --- | --- |
+| `TS_AUTHKEY` | `tskey-auth-somestring-somelongerstring` | used for unattened auth of the new node, get one [here](https://login.tailscale.com/admin/settings/keys) |
+| `TS_HOSTNAME` | `my-app` | optional Tailscale hostname for the new node |
+| `TS_STATEDIR` | `/var/lib/tailscale/` | required directory for storing Tailscale state, this should be mounted to the container for persistence |
+| `TS_OPT` | `--verbose=1` | optional additional [flags](https://tailscale.com/kb/1278/tailscaled#flags-to-tailscaled) for `tailscaled` |
+| `TS_SERVE_PORT` | `8080` | optional application port to expose with [Tailscale Serve](https://tailscale.com/kb/1312/serve) |
+| `TS_FUNNEL_PORT` | `8080` | optional application port to expose **publicly** with [Tailscale Funnel](https://tailscale.com/kb/1223/funnel) |
 
-Requirements:
-- [docker-compose](https://docs.docker.com/compose/install/)
+You can drop these in a `.env` file alongside your `docker-compose.yml` to load them automatically - see [.env_template](/docker-compose-example/env_template) for an example.
 
-Usage:
-````bash
-export TAILSCALE_AUTH_KEY="your-key"
-# set which project is used
-export PROJECT_DIRECTORY="docker-compose/simple-example"
-# Sart with rebuild if necessary:
-docker-compose --project-directory=${PROJECT_DIRECTORY} up -d --build
-# Show logs and tail (follow):
-docker-compose --project-directory=${PROJECT_DIRECTORY} logs --follow
-# Stop:
-docker-compose --project-directory=${PROJECT_DIRECTORY} down
-````
+### Usage
+- Copy the `image/` directory next to your `docker-compose.yml`.
+- Start with rebuild if necessary:
+`docker compose up -d --build`
+- Tail logs:
+`docker compose logs --follow`
+- Access tailscale container for troubleshooting:
+`docker exec -i -t tailscale ash`
+- Stop:
+`docker compose down`
 
-### simple-example
-
-As explained in the blog post, uses a docker-compose service to add the container in the VPN.
-
-### complex-example
-
-Not complex but more complex than the simple-example.
-A nginx layer is added. It manages two services in independent containers at urls `/service-one` and `/service-two`.
-
-### stateful-example
-
-Same as simple-example but uses a volume to save state. The goal is to be able to reuse the same tailscale hostname _and ip address_.
-Useful in situations where the tailscale magic DNS cannot be used.
-
-## K8S
-
-Same as the simple-example but on kubernetes.
-
-Requirements:
-
-- [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installing-with-a-package-manager)
-- [Kubectl](https://kubernetes.io/docs/tasks/tools/)
-
-Usage:
-````bash
-# Create cluster
-kind create cluster --name tailscale
-kubectl get nodes
-# Deploy tailscale and demo webpage:
-kubectl apply -f k8s/simple-example/deployment.yaml
-# Delete cluster:
-kind delete cluster --name tailscale
-````
+## Credits
+Based on Louis-Philippe Asselin's [tailscale-docker](https://github.com/lpasselin/tailscale-docker).
\ No newline at end of file