It’s true, and I was wondering if that would be the route I have to go. Good to know it has been a positive experience.
Comment on Tailscale difficulties
dustyData@lemmy.world 1 day ago
I also tried tailscale in a docker container as a subnet handler and realized I was out of my depth. Net engineering is abstract and hard. There’s a reason there are pros making bank just doing that for big corps.
Followed a way simpler setup. Now tailscale runs on the server bare metal and podman handles the routing automatically. I just use the magicDNS address given by tailscale and everything just works as intended. All my services are available, and apps run no issue, no matter where I am as long as I’m connected to tailscale. I will make the setup more complex as I learn more and acquire the need for more features. But so far this has met all my expectations.
pirateMonkey@lemmy.world 1 day ago
lankydryness@lemmy.world 1 day ago
I also do this. Just run Tailscale on bare metal and then I can access my all my services the same as if I was on my LAN, essentially.
pirateMonkey@lemmy.world 1 day ago
I may be (probably am) worrying too much about this, but doesn’t that remove much of the benefit of running services in containers? My understanding is that one benefit of containerization is so that if one service is somehow compromised, the others remain isolated, but running the service that allows you inside on bare metal gives single point access to the drives that those other services rely on, and that’s from the most likely point someone could get into your network. Alternatively, if Tailscale is containerized and someone gets in, they have access to the other services’ front ends but not the data they rely on since Tailscale itself doesn’t have that access.
lankydryness@lemmy.world 1 day ago
You could be right. I am not a pro so I don’t really want to speak on the best practice approach. Really the only reason I containerize my services is the ease-of-deployment and the ease of potential re-deployment if my server did crash.
I personally am not too stressed about bad actors, being as this is a hobby server and the payout for a bad actor would be pretty low.
But your point does make sense to me.