ich777/tailscale
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2024-12-19. You can view files and clone it, but cannot push or open issues or pull requests.
26 Commits 1 Branch 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Christoph Hummer c527fa5b50 README.md aktualisiert
2024-09-25 13:46:20 +02:00
scripts
scripts/start.sh aktualisiert
2024-09-24 10:45:30 +02:00
Dockerfile
Dockerfile aktualisiert
2024-09-24 09:49:17 +02:00
LICENSE
LICENSE hinzugefügt
2024-09-25 13:40:23 +02:00
README.md
README.md aktualisiert
2024-09-25 13:46:20 +02:00
tailscale.sh
tailscale.sh aktualisiert
2024-09-25 12:01:44 +02:00

README.md

Tailscale Container Script

What this is...

This script is mainly designed to easily allow you to add a Docker container from me or even some Alpine/Debian based containers which use s6-overlay as a base (LinuxServer.io, Organizr v2,...) to your Tailnet on unRAID.

Table of Contents

  1. Add script to container from ich777
  2. Add script to s6-overlay container
  3. Option 1: Simple Access
  4. Option 2: Advanced Access
  5. Option 3: Exit Node
  6. Utilize Exit Node in Container
  7. SSH Tailnet Access
  8. Tailnet Serve
  9. Tailnet Funnel
  10. Available Variables

Add script to container from ich777

  1. Download the RAW Tailscale script to your server
  2. Place the script on a persistent storage location eg: /mnt/user/appdata/scripts/tailscale.sh
  3. Make sure the script is executable
    Do this by opening a terminal from Unraid, navigate to the directory (cd /mnt/user/appdata/scripts) and make it executable (chmod +x tailscale.sh)
  4. Edit the Container that you want to add to your Tailnet
  5. At the Container template at the bottom click + Add another Path, Port, Variable, Label or Device
  6. At Container Path use this path: /opt/scripts/user.sh and for the host path use the path where you placed the script (/mnt/user/appdata/scripts/tailscale.sh) <- please note that you have to manually add /tailscale.sh at the end from the path
  7. Click Add
  8. At Key use: TAILSCALE_HOSTNAME at Value enter your preferred host name that should show up in your Tailnet eg: valheim
  9. Click Add
  10. Click Apply
  11. After the container started, click on the container icon on the Docker page in unRAID and on Logs
  12. Watch the logs and look for the line: Download from Tailscale version <TAILSCALE_VERSION> successful!
  13. Please go back to Table of Contents and follow further instructions depending on your use case.

Add script to s6-overlay container

  1. Download the RAW Tailscale script to your server
  2. Place the script on a persistent storage location eg: /mnt/user/appdata/scripts/tailscale.sh
  3. Make sure the script is executable
    Do this by opening a terminal from unRAID, navigate to the directory (cd /mnt/user/appdata/scripts) and make it executable (chmod +x tailscale.sh)
  4. Edit the Container that you want to add to your Tailnet
  5. At the Container template at the bottom click + Add another Path, Port, Variable, Label or Device
  6. At Container Path use this path: /etc/cont-init.d/90-tailscale and for the host path use the path where you placed the script (/mnt/user/appdata/scripts/tailscale.sh) <- please note that you have to manually add /tailscale.sh at the end from the path
  7. Click Add
  8. At Key use: TAILSCALE_HOSTNAME at Value enter your preferred host name that should show up in your Tailnet eg: valheim
  9. Click Add
  10. Click Apply
  11. After the container started, click on the container icon on the Docker page in unRAID and on Logs
  12. Watch the logs and look for the line: Download from Tailscale version <TAILSCALE_VERSION> successful!, if you have any error in the log at the Tailscale execution or the container is in a restart loop this solution isn't compatible with the container and you have to remove the mount for the script including the TAILSCALE_HOSTNAME variable
    Please open a issue if you think something else went wrong, needs to be fixed or should be looked into if this script can support the container
  13. Please go back to Table of Contents and follow further instructions depending on your use case.

Option 1: Simple Access

In this mode the container will be added to your Tailnet so that it is accessible from your Tailnet but it wont be able to resolve other Tailnet devices.
This mode is ideal if you want to add a Game Server to your Tailnet or if you wan to share a VPN container as a exit node (see: Exit Node).

  1. All necessary variables for this mode where already set up in Add script to container from ich777 or Add script to s6-overlay container
  2. Open the container logs and look for these lines:
To authenticate, visit:

        https://login.tailscale.com/a/aaaaaaaaaaaaa

ATTENTION: It might be possible that you have to scroll up to the very top of the log window to actually get the link 3. Click on the link to add the container to your Tailnet 4. After you've added the container to your Tailnet the container will automatically continue the startup process 5. Close the log window from the container

NOTE: In this mode you can't communicate with other containers/hosts on your Tailnet or utilize the container as an Exit Node.
If you do need access to other container please see Option 2: Advanced Access.

Option 2: Advanced Access

In this mode the container will be added to your Tailnet so that it is accessible from your Tailnet and to communicate with your other Tailnet devices.
This mode is ideal if you want to use a Container (eg: Firefox, Chromium,...) to manage and access the WebUI from other containers.

  1. Add the tailscale.sh script and host name to your container as described in Add script to container from ich777 or Add script to s6-overlay container
  2. At the Container template enable Advanced View by clicking Basic View at the very top
  3. At Extra Parameters (right below the line WebUI) add: --cap-add=NET_ADMIN <- make sure it isn't already in there
  4. At the bottom click + Add another Path, Port, Variable, Label or Device
  5. From the drop down menu select Device
  6. At Value use: /dev/net/tun
  7. Click Add
  8. Click Apply
  9. Open the container logs and look for these lines:
To authenticate, visit:

        https://login.tailscale.com/a/aaaaaaaaaaaaa

ATTENTION: It might be possible that you have to scroll up to the very top of the log window to actually get the link 10. Click on the link to add the container to your Tailnet 11. After you've added the container to your Tailnet the container will automatically continue the startup process 12. Close the log window from the container

To use another container as Exit Node please follow: Utilize Exit Node in Container

Option 3: Exit Node

In this mode the container will be added to your Tailnet so that it is accessible and usable as Exit Node in your Tailnet but it wont be able to resolve other Tailnet devices, for further information see the Tailscale documentation here.
This mode is ideal if you wan to share a VPN container as a exit node.

  1. Add the tailscale.sh script and host name to your container as described in Add script to container from ich777 or Add script to s6-overlay container
  2. At the Container template at the bottom click + Add another Path, Port, Variable, Label or Device
  3. From the drop down menu select Variable
  4. At Key use: TAILSCALE_EXIT_NODE at Value use true
  5. Click Add
  6. Click Apply
  7. Open the container logs and look for these lines:
To authenticate, visit:

        https://login.tailscale.com/a/aaaaaaaaaaaaa

ATTENTION: It might be possible that you have to scroll up to the very top of the log window to actually get the link 11. Click on the link to add the container to your Tailnet 12. After you've added the container to your Tailnet the container will automatically continue the startup process 13. Close the log window from the container

Utilize Exit Node in Container

This will allow a container to use a Exit Node, for further information see the Tailscale documentation here.

  1. Add the tailscale.sh script and host name to your container as described in Add script to container from ich777 or Add script to s6-overlay container
  2. Set up Option 2: Advanced Access since the container needs to be able to access other containers on your Tailnet
  3. At the Container template at the bottom click + Add another Path, Port, Variable, Label or Device
  4. From the drop down menu select Variable
  5. At Key use: TAILSCALE_EXIT_NODE_IP at Value enter the IP address from your Exit Node eg 100.89.0.11
  6. Click Add
  7. Click Apply

ATTENTION: With that configuration you will be now be able to access the container in your Tailnet but not from your local subnet because the traffic is routed through your Tailnet.
If you want to be able to access the container from your local subnet you have to do that:

  1. At the Container template at the bottom click + Add another Path, Port, Variable, Label or Device
  2. From the drop down menu select Variable
  3. At Key use: TAILSCALE_ALLOW_LAN_ACCESS at Value enter true
  4. Click Add
  5. Click Apply

SSH Tailnet Access

This option will allow you to connect to the container through SSH, no matter if SSH is installed in the container or not, Authentication and SSH will be handled exclusively by Tailscale, for more information see the Tailscale documentation here.

  1. At the Container template at the bottom click + Add another Path, Port, Variable, Label or Device
  2. From the drop down menu select Variable
  3. At Key use: TAILSCALE_USE_SSH at Value enter: true
  4. Click Add
  5. Click Apply

After that you'll be able to reach the container through SSH.
Please note that you can't initiate a SSH connection from a container with only Simple Access set up, you have to initiate the SSH connection from a container that has Advanced Access set up.

Tailnet Serve

This option allows you to share a application, similar to a reverse proxy, exclusively in your Tailnet with a valid URL, by default with https, to access the services through that URL in your Tailnet, for more information see the Tailscale documentation here.

  1. Add the tailscale.sh script and host name to your container as described in Add script to container from ich777 or Add script to s6-overlay container
  2. At the Container template at the bottom click + Add another Path, Port, Variable, Label or Device
  3. From the drop down menu select Variable
  4. At Key use: TAILSCALE_SERVE_PORT at Value enter the port from the application running inside the container 8080
    Please note that you have to use the port in the container not the exposed port on the host.
  5. Click Add
  6. Click Apply

Please note that you can also override the local path to the application in the container including the server path where the application is served if needed, for more information see: Available Variables
If you want to share the application also through the Internet with the Tailscale URL see Tailnet Funnel

Tailnet Funnel

This option allows you to share a application, this will only work in combination with Tailnet Serve, through Tailscale to the Internet, for more information see the Tailscale documentation here.

  1. Add the tailscale.sh script and host name to your container as described in Add script to container from ich777 or Add script to s6-overlay container
  2. Set up Tailnet Serve
  3. At the Container template at the bottom click + Add another Path, Port, Variable, Label or Device
  4. From the drop down menu select Variable
  5. At Key use: TAILSCALE_FUNNEL at Value enter: true
  6. Click Add
  7. Click Apply

Please note that you can also override the local path to the application in the container including the server path where the application is served if needed, for more information see: Available Variables

Available Variables

ATTENTION: Please only specify the variables you need, it is not necessary to specify variables not needed for your use case.

Variable Description Example
TAILSCALE_HOSTNAME Your preferred host name for the Container in your Tailscale Dashbaord
ATTENTION: If you enable https the Tailscale host name will be published in a public ledger, see the Tailscale documentation here		 firefox
TAILSCALE_AUTHKEY Specify a Tailscale Authorization Key which you can generate in your Tailscale Dashboard instead of registering through a link through the logs. You can delete the variable including the key after the container has registered on your Tailnet. empty
TAILSCALE_PARAMS Pass through variables to the tailscale up which are not covered by the script empty
TAILSCALED_PARAMS Pass through variables to the tailscaled daemon which are not covered by the script empty
TAILSCALE_EXIT_NODE Allows to use the container as Exit Node (set to true/false or don't specify the variable if not needed) false
TAILSCALE_SERVE_PORT If you want to use Tailscale Serve you have to specify the port from the application running inside the container, see the Tailscale documentation here (leave empty if not needed) empty
TAILSCALE_FUNNEL Allows you to share applications through your Tailnet to the Internet, see the Tailscale documentation here (TAILSCALE_SERVE_PORT needs to be specified for the Tailscale Funnel to work, leave empty if not needed) empty
TAILSCALE_SERVE_PATH Allows you to override the path which is exposed on your Tailnet (leave empty if not sure) empty
TAILSCALE_SERVE_MODE Allows you to override the default https serve protocol, see the Tailscale documentation here https
TAILSCALE_SERVE_PROTOCOL_PORT Allows you to override the default port =443 when using Tailscale Serve - please note that you have to include = or : eg: =80 or :8080 if overriding the port (leave empty if not sure) empty
TAILSCALE_SERVE_LOCALPATH Allows you to override the local path to the application in the container that you are sharing via Tailscale Serve (leave empty if not sure) empty
TAILSCALE_USE_SSH Allows to use the SSH functionality from Tailscale (set to true/false or don't specify the variable if not needed) false
TAILSCALE_LOG Log will be written to /var/log/tailscale.log by default (don't specify if you want to use the default behavior) - set to false to disable the log entirely true
TAILSCALE_USERSPACE_NETWORKING Allows to disable user space networking manually if needed (don't specify if not sure) false
TAILSCALE_EXIT_NODE_IP Tells the container to use the specified Exit Node, please see: Utilize Exit Node in Container 100.89.0.11
TAILSCALE_ALLOW_LAN_ACCESS Allows LAN Access to containers who are using a Exit Node, please see: Utilize Exit Node in Container true
TAILSCALE_STATE_DIR Only specify if the container is not made by me and is using a different directory than /config in the container empty
TAILSCALE_UPDATE Checks on each container start for new Tailscale version (disabled by default, set to true to enable) empty
Description
No description provided
Readme 99 KiB
Languages
Shell 94.1%
Dockerfile 5.9%