tailscale-serve-proxy is a Docker image that integrates dockerized web
services into Tailscale as separate machines with their own hostnames.
Unlike the apprach of sharing the network interface between the Tailscale image and the service container, it provides a clean separation by implementing a reverse proxy server.
The proxy uses the Tailscale's serve functionality to provide HTTPS
termination. Note that HTTPS must be enabled on your Tailnet.
Plain HTTP requests are redirected to HTTPS.
Using docker-compose is recommended.
version: "3"
services:
proxy:
image: ghcr.io/awahlig/tailscale-serve-proxy:latest
volumes:
# Tailscale state must be preserved.
- ./tailscale:/var/lib/tailscale
environment:
# Name of the machine on the Tailnet.
- TAILSCALE_HOSTNAME=myapp
# URL of the web service to proxy.
- TSPROXY_UPSTREAM=http://app
# Your web service container.
app:
image: ...See the Tailscale Docker Mod documentation for a full list of supported variables.
After starting, visit the link from the container logs to add the machine to your Tailnet.
Using the serve functionality also means that requests sent to the backend
conatin Tailscale identity headers.
These can be used by the backend to identify Tailscale users visiting the
service.
Because tailscale is running inside the proxy container, the backend cannot use it to connect to other machines on the Tailnet.
This project is using the Apache 2.0 license.