I wanted a good place to share my Docker compose examples to help people deploy foss or environments in a quick and painless way. These serve as templates to get started with specific deployment examples.
Find a file
2024-10-30 15:15:44 -05:00
hugo Update hugo/docker-compose.yml 2024-09-04 00:30:45 -05:00
pi-hole Add pi-hole/docker-compose.yml 2024-09-04 10:45:44 -05:00
searxng Update searxng/docker-compose.yml 2024-09-04 10:35:42 -05:00
docker-compose.yml Update docker-compose.yml 2024-09-04 00:45:51 -05:00
README.md Update README.md 2024-10-30 15:15:44 -05:00

Welcome!

This is going to be a repository of all verified Tailscale routed compose examples I have tested. I generally format all of my compose to exist within the folder of deployment for maximum portability. Of course there are times where that is not possible and or very much not recommended. This is just a way to give more insight into how Tailscale works as a router for your deployments and hopefully as a way to help make the self-hosting process just a little better.

For just about every deployment there is going to be a process that needs to be done in order to get certs working properly whether you are

  • Serving

Adding SSL and making your app/deployment available over a domain ONLY ON YOUR TAILNET

or

  • Funneling

Adding SSL and making your app/deployment PUBLICLY AVAILABLE ONLINE


**Either option you choose be sure to check the docker compose file before you start**. Do not worry about making any changes to ports or anything if you do not want the app exposed to your local network. Doing so without setting up your firewall can leave your app and it's data exposed to anyone who connects to your local network. If you do want to do this however there will be ports commented out to allow you to use the app even if Tailscale is not available for whatever reason.

One last very important detail. As of time of writing this, recreating containers or stopping them then starting them immediately causes issues with connecting to the management server. Use patients and verify that the container has fully disconnected from your management portal before attempting to start the container back up again.

With all of that out of the way we can get to the basic commands involved with any docker container deployment that utilizes Tailscale as a microservice as it's primary or in this case only router.

  1. The first step is to clone the directory with the example you want to use or adapt it to your compose file if you have one you are working on assembling yourself.
  2. Be sure to cd to the directory that contains the docker-compose.yml
  3. Bring the containers up using the command

docker compose up -d


In the case of some docker implementations it is

docker-compose up -d


  1. Once you have your container up and running you can check your management server at https://login.tailscale.com in which you can go to your node and check it's status.

You can also check the logs of everything running by using


docker compose logs -f


This will give you the latest log output of your containers.

Now that you have your container up and running we get into the fun part.

Next we are going to go into the container and interact with shell within the container.


  1. Be sure to replace $tailscale-container with the name of the container listed at the very top of the tailscale section in your docker compose. you can also find the container name by typing docker ps to get a list of all containers running on the system. if you are using one of the templates in this repo then it will likely start with tailscale then contain the name of app.

docker compose exec -it $tailscale-container /bin/sh

  1. Now that we are in the container we are going to go ahead and generate your cert. be warned that you need to type out exactly what your tailnet domain is as this is what it will generate the cert for. You can find your domain in the management server under the name of your node. it will end with ts.net. Be sure to replace the $hostname.example portion of the command below with what your tailnet domain is.

tailscale cert $hostname.example.ts.net

  1. Now we can choose whether to expose to the internet or to your tailnet and test if it works. This is also the stage where we will tell tailscale what port to forward for tcp to init the connection. Check your docker-compose.yml template to see if a port is specified. be sure to use that port in place of $PORT_OR_FILESYSTEM or in the case that you are exposing a directory to use that instead.

For tailnet only.

tailscale serve --bg $PORT_OR_FILESYSTEM


For publicly exposing it on the internet.

tailscale funnel --bg $PORT_OR_FILESYSTEM


Be sure to visit the domain to ensure that it is working. Sometimes it can take a moment to propagate and register SSL. Just take a moment to relax.

  1. Now that we have verified that it is working we can then capture the configuration file of the serve or funnel with the following command.

tailscale serve status --json >> /config/serve.json

Copy that from your cli and exit the container.


Now that we are back in the directory with your docker-compose.yml we are going to go to either the serve or funnel directory and check if the file is there. if it is then we can take everything down with the following command.

docker compose down


Wait for a few minutes to ensure that the container is fully taken down.


Once you have confirmed everything is completely down and disconnected then you can go ahead and spin the container back up again and verify that everything is working.

docker compose up -d


If everything spun back up then congratulations!

You have successfully deployed an application by using software defined networking principals.

I intend on expanding out on this repository with additional scripts and examples over time. The ultimate goal is to build a script that will handle converting compose files or generating templates in a automated manner that will remove deployment time for most applications.

Just be sure to apply good operations security. Sharing access to your system or network in any capacity carries at the bare minimum some risk no matter how many precautions you take even including containerization.