Tailscale help needed

Submitted ⁨⁨11⁩ ⁨months⁩ ago⁩ by ⁨butt_mountain_69420@lemmy.world⁩ to ⁨selfhosted@lemmy.world⁩

I’ve just about got this Docker thing licked. After hundreds of hours, I finally get it, and my dusty millenial ass has joined the 21st century.

-but we have issues The environment: I have multiple containers running on my local network, including photoprism, Kavita, and Filebrowser. I also installed Heimdall as a startpage. On the local network everything works great.

The entire goal of this project is to have these services accessible from outside the house, from my mobile devices but also with the ability to share links and files with friends. The problem: Enter Tailscale. I tried port forwarding, having a domain, all that jazz, but it ended up being way too complicated. I don’t want just anyone to access my shit, I only want a handful to be able to use services of my choosing in accordance with the user permissions I set up for them. Tailscale was the first thing I tried that worked.

I added my docker instance to tailscale, and when you access the machine, you are correctly taken to my Heimdal start page. Unfortunately, when you click on the icons for my docker services, the browser gives you an “unable to connect” error.

Under my Tailscale admin panel, the services are listed along with their port and IP information. Heimdall (443) and Portainer(8000) are listed as https and http under “type”, as expected. The remaining services are listed as “other.” (the portainer link doesn’t work either)

Has anyone else dealt with this? If this has to do with ports, is there an easy way to configure ports without having to re-run the images and make new containers?

source

Comments

Sort:hotnew top

ULS@lemmy.ml ⁨11⁩ ⁨months⁩ ago
I think…

You need to change the Heimdall urls to the the tailscale urls. I’ll update this post soon.

source
- butt_mountain_69420@lemmy.world ⁨11⁩ ⁨months⁩ ago
  Except that the services are “unable to open” and “other” even from the tailscale admin panel. The top two services, heimdal and portainer, are the only ones with an “open” link.
  
  source
  - nickknack@lemmy.world ⁨11⁩ ⁨months⁩ ago
    OP here’s a troubleshooting approach i would take:
    
    ensure services can be reached locally, thus eliminating tailscale as a variable. test on the host itself as well as another device on the same network.
    
    attempt connecting, with tailscale enabled, to the services directly. meaning, go to the hosts’s tailscale IP:port in a browser and NOT through heimdall
    
    if the above work, then it’s an issue with heimdall. edit the config as previously mentioned to link the services to the host’s tailscale IP:port, or have two instances of heimdall - one for local and one for remote
    
    source
  - ULS@lemmy.ml ⁨11⁩ ⁨months⁩ ago
    Hmm… I’m not sure. It your making it to Heimdall and portainer I don’t see why the other containers wouldn’t work. I just remember having to redo my Heimdall links.
    
    source
    -> View More Comments
- butt_mountain_69420@lemmy.world ⁨11⁩ ⁨months⁩ ago
  Do these port numbers tell you anything at all? I’m very new to all of this.
  
  pasteboard.co/PLxJfeT7AV3g.png
  
  source
  - ULS@lemmy.ml ⁨11⁩ ⁨months⁩ ago
    The port numbers seem fine. They shouldn’t effect the issue you’re having to my knowledge.
    
    source
    -> View More Comments
ArbiterXero@lemmy.world ⁨11⁩ ⁨months⁩ ago
What do the links look like on the start page?

The problem is that Tailscale gives your server a “magic” ip, which isn’t the same one as on your local network. On your local network, do you access them by port? Or reverse proxy?

Machine:8080 or service.machine.localdomain

source
- schmurian@lsmu.schmurian.xyz ⁨11⁩ ⁨months⁩ ago
  I think this is what you should look into. Are the services in Heimdall listed with the local IP or host names? Or are they referenced with the tailscale IP?
  
  Three things I want to add here:
  
  On tailscale I can only access my home lab’s root page with the services being accessible with something like domain.tld/service.
  
  service.domain.tld is not supported by tailscale. (See github issue)
  
  The local domain is different to the tailscale domain. If you want to use them with a reverse proxy (nginx, caddy) you need to have rules configured for your tailscale magic DNS domain too.
  
  I hope this helps.
  
  source
notfromhere@lemmy.ml ⁨11⁩ ⁨months⁩ ago
Are all services running on the same machine? You mentioned same network… you also said you added your “docker instance” to tailscale. I think some clarifications on what those two things mean could help narrow down the problem.

E.g. do you have multiple physical machines running docker containers? Each one you want to access needs to be added to tailscale, OR, set up a tailscale gateway?

source
possiblylinux127@lemmy.zip ⁨11⁩ ⁨months⁩ ago
Tailscale has been nothing but pain for me.

What I have is a vps with wireguard and nginx proxy manager. Traffic comes in though the vps and is routed internally. I have firewalls and isolation for everything that is in the danger zone if something gets compromised.

source
BearOfaTime@lemm.ee ⁨11⁩ ⁨months⁩ ago
Have you looked at using the Funnel feature in Tailscale, instead of port mapping? This gets external traffic onto your Tailscale network (for anyone who doesn’t have Tailscale) for specific resources, courtesy of Tailscale servers.

If you’re just going to open ports to the world, Tailscale isn’t really necessary (it’s useful for you and anyone on TS, since you can use the Serve feature to permit other Tailscale networks to have access to specific resources).

source
- butt_mountain_69420@lemmy.world ⁨11⁩ ⁨months⁩ ago
  This sounds like exactly what I need. If I wanted to share my Linux Distros share with my dad, he wouldn’t need to install tailscale and feck with all that?
  
  source
Shurimal@kbin.social ⁨11⁩ ⁨months⁩ ago
Set up Tailscale as exit node to your local network.

Make sure that your network is not standard 192.168.0.x or 192.168.1.x IP address range, but something like 192.168.101.x so you don't have IP conflicts when accessing from a friend's house or workplace wifi.

Set up Nginx to redirect your home server IP (eg. 192.168.101.5) to the correct port for your dashboard like Heimdall or Dashy.

That's it. Works like a charm for me if set up this way.

Addendum: if you have trouble on Android, disable MagicDNS.

source
butt_mountain_69420@lemmy.world ⁨11⁩ ⁨months⁩ ago
heimdal: pasteboard.co/Z6mFKs1Dtdza.png

docker container view: pasteboard.co/qndeMLq3luWB.png

source
Decronym@lemmy.decronym.xyz ⁨11⁩ ⁨months⁩ ago
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

Fewer Letters More Letters

DNS Domain Name Service/System

HTTP Hypertext Transfer Protocol, the Web

nginx Popular HTTP server

[Thread #435 for this sub, first seen 18th Jan 2024, 04:35] [FAQ] [Full list] [Contact] [Source code]

source
tagginator@utter.online [bot] ⁨11⁩ ⁨months⁩ ago
New Lemmy Post: Tailscale help needed (https://lemmy.world/post/10850154)
Tagging: #SelfHosted
(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)
I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md
source

Fewer Letters	More Letters
DNS	Domain Name Service/System
HTTP	Hypertext Transfer Protocol, the Web
nginx	Popular HTTP server