Get started with Docker and Tailscale

  Рет қаралды 34,342

Tailscale

Tailscale

Күн бұрын

Пікірлер
@littlenewton6
@littlenewton6 4 ай бұрын
I love Tailscale and Alex's video, but I hate using Tailscale in Docker as a sidecar for each application's ingress. Sometimes I prefer using Cloudflare Tunnel because it allows me to create self-defined DNS records that point to the related application. What Tailscale only needs to do is enable users to create their own MagicDNS records. If you agree with me, please hit the like button so the developers can see it. 👍👍👍
@espressomatic
@espressomatic 2 ай бұрын
That's a viable use-case, but I *also* hate managing records at Cloudflare :) Especially since I already manage all the records for my local DNS. But if it's just allowing one or two services, then it's workable. To go all-in one can obviously make a wildcard A record at Cloudflare and point it at a Tailnet IP served by a reverse proxy. That's even easier than doing the docker solution proposed here, depending on the reverse proxy being used.
@OistheOne
@OistheOne 4 ай бұрын
Finally, the guide about installing it. I find docker confusing sometimes and appreciate the video
@codeman99-dev
@codeman99-dev 4 ай бұрын
Thanks for finally doing multiple containers. I've been asking for this for a while. Not a huge fan of needing a tailscale sidecar per service. Would be awesome if we could leverage dns inside of docker. Have a single tailscale container doing DHCP akin to dnsmasq. I tried to figure this out on my own, but got no-where fast.
@espressomatic
@espressomatic 2 ай бұрын
You can set up NGINX Reverse Proxy in a container alongside Tailscale, then point a wildcard at that. Now use that reverse proxy to set only the services you want - and they can be at any IP and port on your local subnet.
@germancasaresmarch
@germancasaresmarch 4 ай бұрын
Hi Alex! Thank you for your really informative videos! These are great! I was able to get everything from the video up and running on my own, but I was wondering if you could include an extra video/docs on how to setup a tailscale node + cloudflare custom dns for a particular domain! I tried to follow your previous video, but somehow I can't get it working on docker
@IroxX0
@IroxX0 4 ай бұрын
amazing - the simplicity over a reverse proxy is appealing - of course giving up some fine control, say css injection via proxy; the more services there are the more a reverse proxy with one sidecar seems to be the way forward
@j.Zephyr
@j.Zephyr 4 ай бұрын
I do this! And it's PERFECT for multiple Syncthing dockers and being able to sync without the relays. Personally my next step is to advertise multiple services with Traefik... And I can't gef my head around it
@zeroz2511
@zeroz2511 3 ай бұрын
I'm also trying to do it with traefik. I've still unsuccessful 😢
@Ausiaspl
@Ausiaspl 3 ай бұрын
Nice. It would be interesting to see a video where nextcloud is configured with the same principles. Nextcloud with https via tailscale.
@pax0707
@pax0707 4 ай бұрын
Interesting video. My prefered setup is TS+Pi-Hole+Unbound in an LXC as a DNS and then configuring it as a subnet router.
@tineshr_
@tineshr_ 2 ай бұрын
Hey do you have any guide on how to do that? Would like to try this
@alanjrobertson
@alanjrobertson Ай бұрын
Currently bingeing your back catalogue of videos, Alex - really enjoying them! Stirling PDF also looks incredibly handy, thanks for the tip - going to check it out! Would another option (to avoid having to use sidecars) be to setup Tailscale running on a reverse proxy like nginx proxy manager and then have access to services that way?
@gokcergokdal7133
@gokcergokdal7133 26 күн бұрын
Great video! Thanks.
@BomzhYT
@BomzhYT 4 ай бұрын
Is there some video about external access to NAS Synology-hosted docker containers through the Tailscale?
@EagleMitch
@EagleMitch 2 ай бұрын
Is there a way to have a container like Nginx Proxy Manager to connect to both the tailscale network and still listen for inbound connections from the lan as well? I am trying to spin up an NPM on a cloud vps and then have it proxy route it to an Emby server hosted in my home lab via talescale so that when I go to my public address for the NPM it will proxy that via the talescale network to my Emby server.
@elmoritz
@elmoritz 3 ай бұрын
Thank you Alex for sharing. I stumbled upon you videos and I must say I'm hooked. One thing I would love to do with Tailscale and especially with the sidecar-docker container, but I have difficulties to get it to work. I want to use traefik or Nginx Proxy Manager and make 80 and 443 publicly available, but the Dashboard on the 3rd Port should only be available within my tailnet. Any Ideas on that setup?
@ChadVanKlompenburg
@ChadVanKlompenburg 25 күн бұрын
Followed the directions exactly but had a small issue with the tailnet sidecar container - which in my particular instance required "privilaged: true" in the docker compose file for the tailnet container. Hopefully others will find this helpful if they were having issues with the tun device and CONFIG_TUN error messages showing up in their tailscale container.
@AzureSoukyuu
@AzureSoukyuu Ай бұрын
This video has left me, a newbie to docker and tailscale, more confused than I was before. It suggested the nginx container has functionality, but I don't see any. Spent a lot of time figuring out it's just a "hello world" example that even did not want to deploy, because there was no container tag defined in my ACLs, which of course I had no idea about, because it was only mentioned as an aside remark while creating the second container which actually did something... I'm sorry, but the script in this one is all over the place.
@jakeasmith
@jakeasmith 5 күн бұрын
Hiya! As someone who’s been in these weeds for quite awhile now, I really appreciated the tight script. (I was watching at 1.5x!) But I can absolutely understand how this would be confusing when you’re just starting out. Learning docker is challenge enough, and this video assumes a solid grasp of the basics then really piles on the advanced networking concepts and access control terminology. If you (or anyone else reading this) are having trouble filling in the blanks I highly encourage you to check out the deep dive here mentioned. It goes into a lot of the details you’re looking for about both Tailscale and an impressive deep dive on Docker networking. Best of luck!
@jakeasmith
@jakeasmith 5 күн бұрын
kzbin.info/www/bejne/qqLZp42efNeWn7Msi=IZ64i8TRSghnn5_r
@marknugent21
@marknugent21 4 ай бұрын
Great stuff Alex. Is there a way of doing this for containers like vaultwarden that expose the service on port 80? I can't seem to https/certs working without using a caddy instance for it as well.
@ggfools
@ggfools 4 ай бұрын
I think this is really cool but surely it must be possible to run a sincle tailscale container and connect to multiple other docker containers on the same network instead of needing to run a tailscale docker for each service?
@Tailscale
@Tailscale 4 ай бұрын
You can absolutely do this if you know your way around a reverse proxy with the caveat being that you’d not have individual names for services / nodes available or TLS via Serve.
@codeman99-dev
@codeman99-dev 4 ай бұрын
@@Tailscale I am extremely interested in having a single tailscale instance for a entire compose stack. Seems like Caddy + tailscale + some DNS service would be perfect. A single solution that let's me take advantage of wildcard domain names easily. I've tried to come up with something on my own, but have never got very far.
@espressomatic
@espressomatic 2 ай бұрын
@@codeman99-dev If you're using Caddy, or Traefik or NPM you can definitely do this. Ingress is via a single Tailnet IP tied to your reverse proxy via wildcard domain or subdomain. I have it working with NPM inside an LXC running on Unraid - just as easy in Proxmox and there are a couple of guides out there for that. The reverse proxy then points to the services I want exposed. DNS in my case is AdGuard Home (docker) + Unbound with overrides (on pfSense firewall appliance)
@JosephHarry
@JosephHarry 4 ай бұрын
I would love to see a guide where you could use a NPM front and then expose some containers on your tailnet though that container lets say on a VPS.
@Tailscale
@Tailscale 4 ай бұрын
So the front end is in one physical location and the backend in another? Sure we can try take a look at a video like that. -Alex
@j.Zephyr
@j.Zephyr 4 ай бұрын
I'm trying to do this with Traefik, since it can be all defined in the Docker compose! Thx
@JosephHarry
@JosephHarry 4 ай бұрын
@@Tailscale yeah I have it mostly working with tailscale on the host, but it only mostly works. Trying to get remote access to home assistant without being on the tailscale network, but using tailscale for the VPN
@enissay9950
@enissay9950 4 ай бұрын
In case the tailscale connection fails for some reason, the service will still connect to local internet!! Is there anyway to make sure only remote connection is possible (through the remote node I mean) ?!
@jasontucker_
@jasontucker_ 4 ай бұрын
What’s the best process to do with when using Unraid? Unraid uses the Tailscale plugin as the suggested method. Are we just adding the environment variables into the docker setup screens for the container?
@39zack
@39zack 4 ай бұрын
Same. Right now Im using the method Spaceinvader One has 2 videos on, that uses the plugin and the mod to slipstream tailscale into any LinuxserverIO container. So if you have containers not made by linuxserverIO, you need to setup yjr mod on yjr linuxserver swag container and configure swag config files. It works, but the mod has not been updated for a year and it seems some people think its not maintained any more so who knows when this method stops working. This official method seems to be pretty new, so hopefully someone figure it out.
@samhill3153
@samhill3153 4 ай бұрын
Thanks for the guide! Got everything to work except the SSL certificates. Is there an ongoing issue with those? No matter what I try I cannot resolve with https. Curl domain name spits out an error.
@hprompt166
@hprompt166 Ай бұрын
I run tailscale on a proxmox lxc container, it advertise routes and exit node. Are there settings for auto restart to do so if I'm remote to regain access to my homelab?
@zz-9463
@zz-9463 4 ай бұрын
thanks for the great video! I'm thinking of creating a home server using my M1 Mac mini, which is running Talescale client. Within the Mac mini, I want to run a whole bunch of container services such as Stirling-PDF, self-hosted object store, and etc. My question is that as long as my Mac mini server is running on my Talenet, no matter where I'm in the world, I should be able to access my services, right?
@Tailscale
@Tailscale 4 ай бұрын
Yep! Should work the same as shown in the video with the caveat that volume mounts in macos might require some slight tweaking. -Alex
@JamesWebster1975
@JamesWebster1975 4 ай бұрын
@@Tailscale how might the volume mounts might require tweaking for Mac? I've successfully followed this up to the part where Stirling is having SSL certs provisioned, thats where it falls over for me.
@avanaraveloson5017
@avanaraveloson5017 4 ай бұрын
will my docker containers be accessible on my LAN if my internet connection is down?
@Tom-u8p4b
@Tom-u8p4b 4 ай бұрын
Same question here Alex. I heard you talk on the selfhosted podcast about a similar issue... Do you have a solution for this? Let's say there is a notes app with documentation about the home network, but then the internet goes down and you need access to your notes tot fix it, bit you can't because... the internet is down? 😊
@RonalddeVilliers
@RonalddeVilliers Ай бұрын
Can you do step by step setup for Tailscale docker on MikroTik routerOS
@pablillocea
@pablillocea 4 ай бұрын
Just tried it out and everything worked up until the certificate bit. For some reason I'm getting errors related to connection refused (while the http address works just fine)
@pablillocea
@pablillocea 4 ай бұрын
My issue is that I do have tailscale on the host as well.
@blq
@blq 4 ай бұрын
I’m having the same issue, I got the certificates, they show up on each container in Tailscale, but I can’t access them via https on my iPhone, http works fine
@leonpatrick
@leonpatrick 4 ай бұрын
Same here http works when I have 8080 at the end and for some reason the conatiner is not getting a lets encrypt cert. Tried with Both NixOS and Ubuntu server.
@leonpatrick
@leonpatrick 4 ай бұрын
@@pablillocea its an ACL issue. look at example-acls.hujson in the docker guid examples and look for funnel.
@xxVG_Lunaticxx
@xxVG_Lunaticxx 2 ай бұрын
I'm adding to comment thread as I have the same issue/experience. I got AudioBookshelf (ABS) setup by replacing the Mealie config with ABS and it works over HTTP while HTTPS is refused. The Tailscale console admin shows that TLS cert was requested and displays expiry information.
@rexnihilo5583
@rexnihilo5583 3 ай бұрын
Where are you setting the port? the only time i see 80 for nginx or 8080 for pdf is when you write and then delete it because it doesnt go there.
@user-yo4fe8ql5t
@user-yo4fe8ql5t 2 ай бұрын
This is great. But in order to access these services, I need to be logged on my Tailnet and also have Internet access. What happens if my Internet is down? Is it possible to have the best of both worlds: a reverse proxy for local access and Tailscale for remote access?
@ipodmaurits
@ipodmaurits 22 күн бұрын
Hey, is it possible to do this with keeping local access to it intact? Like i would like to access it locally but also via tailscale. I tried this with jellyfin and now it's only accessible via tailscale which is not ideal
@39zack
@39zack 4 ай бұрын
I use Unraid so Im not used to read or understand docker compose files, but if I understood this correct, the service in the stack (say nginx) network get set directly to the Tailscale-node network? So if you have more than one service under tailscale in the same stack they cant be on same port, correct?
@Tailscale
@Tailscale 4 ай бұрын
Unraid has a compose plugin available. Maybe that’d help? We recommend one sidecar per service. -Alex
@gauravsinghsays
@gauravsinghsays 4 ай бұрын
What are the advantages of hosting tailscale in docker?
@39zack
@39zack 4 ай бұрын
Isolation. If you share connection with others you can share one and one service instead of the entire server or network
@thinkdomotic4915
@thinkdomotic4915 4 ай бұрын
❤👍
@enissay9950
@enissay9950 4 ай бұрын
So basically we need to spin an extra tailscale container for each other container we need to use!? why not use a single tailscale instance and run all the containers we need on a different port?
@39zack
@39zack 4 ай бұрын
You can do that too. Build tailscale into an reverse proxy and configure it
@rohitjawale777
@rohitjawale777 4 ай бұрын
Nah, portainer was good
@kamilmodest
@kamilmodest 3 ай бұрын
That sounds overcomplicated to be honest. What if I already have nginx and the local DNS configured that resolves app_name.banana.home to my local IP and application port in my local network and I just want to expose it to the tailscale network. I don't want to run an additional tailscale container per each application 🙈
A deep dive into using Tailscale with Docker
31:58
Tailscale
Рет қаралды 67 М.
黑天使被操控了#short #angel #clown
00:40
Super Beauty team
Рет қаралды 61 МЛН
Support each other🤝
00:31
ISSEI / いっせい
Рет қаралды 79 МЛН
Docker Image BEST Practices - From 1.2GB to 10MB
7:15
Better Stack
Рет қаралды 98 М.
Simple HTTPs for Docker! // Traefik Tutorial (updated)
38:06
Christian Lempa
Рет қаралды 55 М.
Host Your Own AI Code Assistant with Docker, Ollama and Continue!
17:49
Wolfgang's Channel
Рет қаралды 106 М.
Podman vs Docker in 2024: What's Really Different?
6:15
Better Stack
Рет қаралды 50 М.
No more docker sidecars! TSDProxy for Tailscale
9:19
Tailscale
Рет қаралды 10 М.
Remotely access any system with a PiKVM and Tailscale
21:09
Tailscale
Рет қаралды 17 М.
docker stack is my new favorite way to deploy to a VPS
27:47
Dreams of Code
Рет қаралды 120 М.
Traefik 3 and FREE Wildcard Certificates with Docker
39:37
Techno Tim
Рет қаралды 154 М.
18 Weird and Wonderful ways I use Docker
26:18
NetworkChuck
Рет қаралды 431 М.
黑天使被操控了#short #angel #clown
00:40
Super Beauty team
Рет қаралды 61 МЛН