mirror of
https://github.com/jbowdre/tailscale-docker.git
synced 2024-11-30 13:02:19 +00:00
update readme
This commit is contained in:
parent
1bb4f8694b
commit
fe4cba9c4f
1 changed files with 32 additions and 53 deletions
85
README.md
85
README.md
|
@ -1,62 +1,41 @@
|
|||
# Tailscale in Docker without elevated privileges
|
||||
# Tailscale in Docker with Serve/Funnel Support
|
||||
|
||||
See associated blog post: <https://asselin.engineer/tailscale-docker>
|
||||
This modification of the [official Tailscale Docker image](https://github.com/tailscale/tailscale/pkgs/container/tailscale) makes it easy to [Serve](https://tailscale.com/kb/1312/serve)/[Funnel](https://tailscale.com/kb/1223/funnel) another container without needing interactive configuration.
|
||||
|
||||
**Set the TAILSCALE_AUTH_KEY with your own ephemeral auth key**: <https://login.tailscale.com/admin/settings/keys>
|
||||
## Prereqs
|
||||
- A [pre-authentication key](https://tailscale.com/kb/1085/auth-keys) so the Tailscale container can log in to your tailnet.
|
||||
- [Tailscale Serve setup](https://tailscale.com/kb/1312/serve#setup)
|
||||
- [Tailscale Funnel setup](https://tailscale.com/kb/1223/funnel#setup)
|
||||
- [Tailscale Funnel ACL](https://tailscale.com/kb/1223/funnel#tailnet-policy-file-requirement)
|
||||
|
||||
> If you're planning to use Funnel, you may want to build the ACL around a tag (such as `tag:funnel`) and automatically apply that tag when you generate the pre-auth key.
|
||||
|
||||
## docker-compose
|
||||
|
||||
The examples detailed below are in the docker-compose folder.
|
||||
See [docker-compose.yml](/docker-compose-example/docker-compose.yml) for an example Compose config.
|
||||
|
||||
By default, no state is saved. The nodes are removed from the network when the tailscale container is terminated. This means the ip address is never the same.
|
||||
The `stateful-example` does save the tailscale node state to a docker volume.
|
||||
Expected environment variables:
|
||||
| Variable Name | Example | Description |
|
||||
| --- | --- | --- |
|
||||
| `TS_AUTHKEY` | `tskey-auth-somestring-somelongerstring` | used for unattened auth of the new node, get one [here](https://login.tailscale.com/admin/settings/keys) |
|
||||
| `TS_HOSTNAME` | `my-app` | optional Tailscale hostname for the new node |
|
||||
| `TS_STATEDIR` | `/var/lib/tailscale/` | required directory for storing Tailscale state, this should be mounted to the container for persistence |
|
||||
| `TS_OPT` | `--verbose=1` | optional additional [flags](https://tailscale.com/kb/1278/tailscaled#flags-to-tailscaled) for `tailscaled` |
|
||||
| `TS_SERVE_PORT` | `8080` | optional application port to expose with [Tailscale Serve](https://tailscale.com/kb/1312/serve) |
|
||||
| `TS_FUNNEL_PORT` | `8080` | optional application port to expose **publicly** with [Tailscale Funnel](https://tailscale.com/kb/1223/funnel) |
|
||||
|
||||
Requirements:
|
||||
- [docker-compose](https://docs.docker.com/compose/install/)
|
||||
You can drop these in a `.env` file alongside your `docker-compose.yml` to load them automatically - see [.env_template](/docker-compose-example/env_template) for an example.
|
||||
|
||||
Usage:
|
||||
````bash
|
||||
export TAILSCALE_AUTH_KEY="your-key"
|
||||
# set which project is used
|
||||
export PROJECT_DIRECTORY="docker-compose/simple-example"
|
||||
# Sart with rebuild if necessary:
|
||||
docker-compose --project-directory=${PROJECT_DIRECTORY} up -d --build
|
||||
# Show logs and tail (follow):
|
||||
docker-compose --project-directory=${PROJECT_DIRECTORY} logs --follow
|
||||
# Stop:
|
||||
docker-compose --project-directory=${PROJECT_DIRECTORY} down
|
||||
````
|
||||
### Usage
|
||||
- Copy the `image/` directory next to your `docker-compose.yml`.
|
||||
- Start with rebuild if necessary:
|
||||
`docker compose up -d --build`
|
||||
- Tail logs:
|
||||
`docker compose logs --follow`
|
||||
- Access tailscale container for troubleshooting:
|
||||
`docker exec -i -t tailscale ash`
|
||||
- Stop:
|
||||
`docker compose down`
|
||||
|
||||
### simple-example
|
||||
|
||||
As explained in the blog post, uses a docker-compose service to add the container in the VPN.
|
||||
|
||||
### complex-example
|
||||
|
||||
Not complex but more complex than the simple-example.
|
||||
A nginx layer is added. It manages two services in independent containers at urls `/service-one` and `/service-two`.
|
||||
|
||||
### stateful-example
|
||||
|
||||
Same as simple-example but uses a volume to save state. The goal is to be able to reuse the same tailscale hostname _and ip address_.
|
||||
Useful in situations where the tailscale magic DNS cannot be used.
|
||||
|
||||
## K8S
|
||||
|
||||
Same as the simple-example but on kubernetes.
|
||||
|
||||
Requirements:
|
||||
|
||||
- [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installing-with-a-package-manager)
|
||||
- [Kubectl](https://kubernetes.io/docs/tasks/tools/)
|
||||
|
||||
Usage:
|
||||
````bash
|
||||
# Create cluster
|
||||
kind create cluster --name tailscale
|
||||
kubectl get nodes
|
||||
# Deploy tailscale and demo webpage:
|
||||
kubectl apply -f k8s/simple-example/deployment.yaml
|
||||
# Delete cluster:
|
||||
kind delete cluster --name tailscale
|
||||
````
|
||||
## Credits
|
||||
Based on Louis-Philippe Asselin's [tailscale-docker](https://github.com/lpasselin/tailscale-docker).
|
Loading…
Reference in a new issue