tailscale-dev / docker-mod

The home for our universal Docker mod
BSD 3-Clause "New" or "Revised" License
63 stars 30 forks source link

The Tailscale universal Docker mod

This Docker mod lets you slipstream Tailscale into linuxserver.io containers. This lets you have applications join your tailnet.

Configuration

The Docker mod exposes a bunch of environment variables that you can use to configure it.

Environment Variable Description Example
DOCKER_MODS The list of additional mods to layer on top of the running container, separated by pipes. ghcr.io/tailscale-dev/docker-mod:main
TAILSCALE_STATE_DIR The directory where the Tailscale state will be stored, this should be pointed to a Docker volume. If it is not, then the node will set itself as ephemeral, making the node disappear from your tailnet when the container exits. /var/lib/tailscale
TAILSCALE_AUTHKEY The authkey for your tailnet. You can create one in the admin panel. See here for more information about authkeys and what you can do with them. tskey-auth-hunter2CNTRL-hunter2hunter2
TAILSCALE_HOSTNAME The hostname that you want to set for the container. If you don't set this, the hostname of the node on your tailnet will be a bunch of random hexadecimal numbers, which many humans find hard to remember. wiki
TAILSCALE_USE_SSH Set this to 1 to enable SSH access to the container. 1
TAILSCALE_SERVE_PORT The port number that you want to expose on your tailnet. This will be the port of your DokuWiki, Transmission, or other container. 80
TAILSCALE_SERVE_MODE The mode you want to run Tailscale serving in. This should be https in most cases, but there may be times when you need to enable tls-terminated-tcp to deal with some weird edge cases like HTTP long-poll connections. See here for more information. https
TAILSCALE_FUNNEL Set this to true, 1, or t to enable funnel. For more information about the accepted syntax, please read the strconv.ParseBool documentation in the Go standard library. on
TAILSCALE_LOGIN_SERVER Set this value if you are using a custom login/control server (Such as headscale) https://headscale.example.com

Something important to keep in mind is that you really should set up a separate volume for Tailscale state. Here is how to do that with the docker commandline:

docker volume create dokuwiki-tailscale

Then you can mount it into a container by using the volume name instead of a host path:

docker run \
  ... \
  -v dokuwiki-tailscale:/var/lib/tailscale \
  ...

When using a docker composed file, you will need to declare the volumes in the top level volumes section:

volumes:
  dokuwiki-tailscale:

Then use it in a container:

services:
  dokuwiki:
    volumes:
      - dokuwiki-tailscale:/var/lib/tailscale

If you don't do this, all Tailscale state will be lost when the container reboots. This can range from inconvenience to annoying because you can breach your Let's Encrypt rate limits with this.