In part 2 of the Tailscale on Unraid series. Learn how to install Tailscale directly into a Docker container using a Docker mod, providing secure remote access to that specific container from anywhere in the world. I also show how to integrate Tailscale with a reverse proxy (SWAG) to use a domain name with full Let’s Encrypt SSL certification. This setup allows you to connect securely to sensitive domains like Bitwarden, only allowing devices on your Tailnet to access them. Follow along for a comprehensive guide to enhancing your Unraid setup with Tailscale!
Docker mod variables —
DOCKER_MODS ghcr.io/tailscale-dev/docker-mod:main
TAILSCALE_STATE_DIR /var/lib/tailscale
TAILSCALE_HOSTNAME your container hostname
TAILSCALE_AUTHKEY generate key in tailscale
Docker mod path
/var/lib/tailscale /mnt/user/appdata/containername/tailscale
Please, if you can and want to support the channel and donate you can do so by Paypal here or check my patreon page
—————————————————————————————————————-
Link to scripts
—————————————————————————————————————-
Need to buy something from amazon? Then please use my link to help the channel π
USA –
UK –
Sas cables
Mini SAS 26-Pin SFF-8088 Male to Mini SAS 26-Pin SFF-8088
USA
UK
HighPoint RocketStor 6414S
—————————————————————————————————————-
Need a VPN?
PIA is popular with Unraid users as its easy to setup with various vpn download containers –
Torguard is also an excellent VPN again with both openvpn and wireguard protocls supported.
Get 50% off for life using code spaceinvaderone
—————————————————————————————————————-
Need a cheap windows 10 licence for around $10
—————————————————————————————————————-
[ad_2]
source
TimeStamps:
0:00: Intro, what did we do in Part1 and what are we going to cover in part2?
2:45: Integrating Tailescale into Emby, featuring installing Emby
11:13: Adding Tailescale to an reverse proxy, featuring installing SWAG and setup custom docker network
12:45: Domain and Cloudflare
16:48: Cloudflare settings APT token for certificate verification
19:00: Integrating SWAG with Tailescale
19:50: Setting up DNS on Cloudflare that points to SWAG on Tailescale
20:50: Adding containers to SWAG
26:50: Adding Bitwarden/Vaultwarden to SWAG and Tailescale
29:36: Ending, what will be in part3?
This is a very difficult way of having a DNS name for a docker container.
Tailscale already gives you one via magic DNS, sure it's not your own domain name.
Alternatively, use controlD's integration with Tailscale and set custom DNS records in there.
Doing the emby thru swag part of the video done it to a T and it does not work
Hello and thank you for this wonderful video!
One question: If i connect two Unraid servers (A and B) with Tailscale, and add all the subnet advert stuff. Can I use server A as a gateway to the server B for a Device C with does not run Talescale but is in the same lan as A.
I did all this with Wireguard and it worked very well, would like to to the same with Tailscale, but I don't know what I am doing wrong.
Thanks for the help π
Excellent thanks! One question, how do we add more than one container in SWAG, is it comma seperated in the variables TAILSCALE_HOSTNAME, TAILSCALE_AUTHKEY ? We should have like 2 different entries in tailscale so we can share for example Emby, and Bitwarden separately. Is it done by installing multiple SWAG instances?
Something that caught my eye was the 90 day expiration on the Tailscale keys. Does that mean what it seems like, that I will have to refresh those keys every 90 days or else lose access to my services? Wonder if there's a way to extend the time, or remove the limit altogether.
I'm confused why in swag you had to use the server IP and "external" server-level port rather than the name of the container and its "internal" port. I thought the entire point of having swag and the container on the same docker network was that you could reference the container by name. All of my swag conf files just reference the container name and port and it works perfectly.
Outstanding, thanks for this!
Thanks for the great video! It is possible to use a wildcard DNS record for the Tailscale IP in Cloudflare so do I need to add the subdomains one at a time?
You had me at "Master" ποΈ
The raspberry pi variables is why I stopped using linuxserver emby and switched to the official one.
Is it possible to connect a remote WAN network by IP address instead of the client?
what would best approach to use this for ssh access to gitea docker?
Aaah, you make swag an "machine" on tailnet and then anyone who has access to your tailnet has access to everything behind swag?
So thats how you can share containers over tailnet that is not made by Linuxserver?
nginx proxy manager is so much… comfortable.
Great work as usual! I'm getting an error in docker logs, "tailscaled does not take non-flag arguments: ["/var/lib/tailscale"] " any idea?
When trying to deploy swag.
Great Video! Thx! Does this also work with Nginx Proxy Manager?
Greeting from Brazil! Another great video! Waiting for part 3 cgnat
Excellent. Thanks
Would love a video on Tunarr with Plex
Is it possible to efficiently run/maintain two swag instances? One normal for public accessible sites and a second through Tailscale for private sites?
I'm using a reverse proxy (NPM) which works just fine outside of my network, but can't access domain names internally from my network. (having mikrotik devices).
Tried out Hairpin (loopback) NAT, but no joy.Β
Wondering whether setting tailscale for my NPM container would resolve this.
Have you ever came across with similar challenge? Maybe worth to cover this in your next episode. π
I found that it is nginx that does not resolve within docker well even if container can. Instead of changing upstream_app to IP, try and add another line that says "resolver 127.0.0.11;". This will tell nginx to talk to docker's internal DNS (127.0.0.11) to resolve the name.
Frankly, I have oine or two services I would like to make fully public, a Blog actually and I want to obfuscate my local public IP through a VPN and I just havent bothered to do this yet. If I were to use tail scale for this purpose, I would need to have the reverse proxy in a VPS right? I also want the data to be encrypted too which is why I would use a VPN and not JUST the vps reverse proxy.
first
What's the difference between using Cloudflare Zero Trust and Tailscale? I see a lot of more work to do basically the same.
OOO yeah! just what I needed
Thanks! Was waiting for this
How can i get you or someone to help me migrate my 1tb datasets cache to 2 2tb in my unraid setup
First