Make apps available to your tailnet.
dokku plugin:install https://github.com/andrew-womeldorf/dokku-tailscale.git tailscale
Set an auth key or oauth client key to the global config:
dokku config:set --global TS_AUTHKEY=tskey-client-00000000000000000-000000000000000000000000000000000
Presently, all apps will be tagged in the tailnet with dokku
.
Tailscale can expose a container to your tailnet as a machine by running the tailscale image as a sidecar, and setting your app container's network mode to share the tailscale container's network. See Tailscale's docker documentation or their blog post on the topic.
This plugin manages the sidecar for you, and can optionally serve traffic
straight to the app port with tailscale serve
.
See the available commands:
dokku tailscale:help
dokku apps:create <app>
dokku tailscale:up <app>
on the appdokku apps:destroy
The tailscale machine will take the same name as the app.
For example, to run nginx on port 80:
dokku apps:create testing-nginx-on-dokku
dokku tailscale:up testing-nginx-on-dokku
dokku git:from-image testing-nginx-on-dokku nginx
Visit http://testing-nginx-on-dokku
from a device on your tailnet. You should
see the default nginx page.
Now destroy the app:
dokku apps:destroy testing-nginx-on-dokku
If you added tailscale to an app which already had a container running in it, you will need to restart the container so that it joins the tailscale container's network:
dokku ps:restart <app>
The tailscale plugin doesn't do that automatically, as this may cause downtime during the restart, and it's better for the caller to decide when and how to do this.
Create a container which runs on any other port. Here, we'll start a Traefik v2 container with the dashboard/api exposed insecurely on port 8080:
dokku apps:create testing-traefik-on-dokku
dokku tailscale:up testing-traefik-on-dokku
dokku config:set testing-traefik-on-dokku TRAEFIK_API=true TRAEFIK_API_INSECURE=true
dokku git:from-image testing-traefik-on-dokku traefik:v2.5
Test by visiting http://testing-traefik-on-dokku:8080 in your browser.
To remove the need for appending :8080
to the end of the url, you can use
tailscale serve
, which will also add a Let's Encrypt certificate and serve
traffic over https:
dokku tailscale:serve testing-traefik-on-dokku 8080