Using tailscale with docker

Settings–>keys
check reusable, ephemeral, pre-approved
Copy the key
paste the following in your bashrc
```
export DOCKERKEY=<your-key-here>
```

paste the following to run docker so that you can access all other devices on tailnet. In this case, replace <my_subnet> with your subnet, eg 10.0.0.0/24

docker run -v /var/lib:/var/lib -v /dev/net/tun:/dev/net/tun --network=host --cap-add=NET_ADMIN --cap-add=NET_RAW --env TS_AUTHKEY=$DOCKERKEY_PERM --env TS_ROUTES=10.0.0.0/8 tailscale/tailscale

docker run -v /var/lib:/var/lib -v /var/lib/tailscale:/var/lib/tailscale -d /dev/net/tun:/dev/net/tun --network=host --cap-add=NET_ADMIN --cap-add=NET_RAW --env TS_AUTHKEY=$DOCKERKEY_PERM --env TS_ROUTES=10.0.0.0/8 tailscale/tailscale

sudo docker run -d --name=tailscaled -v /var/lib:/var/lib -v /dev/net/tun:/dev/net/tun --network=host --cap-add=NET_ADMIN --restart unless-stopped --cap-add=NET_RAW --env TS_AUTHKEY=[AUTH KEY] --env TS_EXTRA_ARGS=--advertise-exit-node --env TS_ROUTES=[SUBNET] tailscale/tailscale

Recipe 1: install tailscale in your desired ubuntu docker image

Folder Structure

.
├── build
│   └── Dockerfile
├── docker-compose.yml
├── lib
│   └── tailscale

Dockerfile

FROM ubuntu:22.04

RUN apt update && apt install -y curl
RUN curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.noarmor.gpg | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null && \
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.tailscale-keyring.list | tee /etc/apt/sources.list.d/tailscale.list && \
apt update && \
apt install -y tailscale

Docker compose

version: "3.9"
services:
  tailscaled:
    build: ./build
    volumes:
      - ./lib:/var/lib
      - /dev/net/tun:/dev/net/tun
    hostname: docker-ub
    environment:
      - TS_AUTHKEY=${DOCKERKEY_PERM}
    #   - TS_ROUTES=10.0.0.0/8
      - TS_USERSPACE=0
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_HOSTNAME=docker1
    cap_add: 
      - NET_ADMIN
      - NET_RAW
    command: bash -c "tailscaled & tailscale up --authkey ${TS_AUTHKEY} && sleep infinity"
    restart: unless-stopped

Recipe 2: as a “Sidecar”

.
├── docker-compose.yml
├── html
│   └── index.html
└── lib
    └── tailscale

Html

Hello, I'm Dan, at  <a href='https://danaukes.com/'>danaukes.com</a>

docker compose


version: "3.9"
services:
  tailscaled:
    image: tailscale/tailscale:latest
    # ports:
      # - 8080:80
    volumes:
      - ./lib:/var/lib
      - /dev/net/tun:/dev/net/tun
    environment:
      - TS_AUTHKEY=${DOCKERKEY_PERM}
      # - TS_ROUTES=172.0.0.0/8
      - TS_USERSPACE=0
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_HOSTNAME=docker1
      # - TS_EXTRA_ARGS=--accept-routes
    cap_add: 
      - NET_ADMIN
      - NET_RAW

  test-service:
    image: nginx:latest
    network_mode: "service:tailscaled"

    volumes:
      - ./html:/usr/share/nginx/html

Deprecated suggestions

sudo ip tuntap add dev tun0 mode tun sudo ip addr add 10.0.0.1/24 dev tun0 sudo ip link set up dev tun0

External Resources

TUN devices

Docker Compose

Do it yourself

Sidecar

https://asselin.engineer/tailscale-docker

nginx

https://awstip.com/creating-a-simple-web-server-with-docker-a-step-by-step-guide-to-running-your-web-server-as-a-2992ce2051e3