🔌

Connecting Services with Tailscale Tutorial

Dec 6, 2024

Four Sophisticated Ways to Put a Service on Your Tailnet

Introduction

  • Tailscale allows connecting services like dashboards to a tailnet for remote access.
  • This guide explores four methods using Tailscale, organized by increasing sophistication.

Method 1: Install Tailscale on the Device or Subnet

  • Concept: Connect using a hostname and port number.
    • Suitable for LAN setups or specific devices like Raspberry Pi.
    • Example: Service accessible via rpi:8000.

Using a Subnet Router

  • Alternative: Use a subnet router if Tailscale can't be installed directly on the device.
    • Routes are advertised through another device.
    • Address might be 192.168.42.55:8000.

Method 2: Install Tailscale and Use Serve

  • Enhancement: With Tailscale serve, improve service accessibility.
    • Benefits:
      • Automatic HTTPS and TLS support.
      • Simplifies access by proxying to port 443.
      • Access to Tailscale identity headers for user customization.

Integration with Funnel

  • Service can be made publicly available with additional commands.
  • Address example: rpi.pango-lin.ts.net.

Method 3: Service in a Container with Tailscale Sidecar

  • Advanced Setup: Service runs in a Docker container with a Tailscale sidecar.
    • Service receives its own tailnet IP and domain.
    • Improves ACL management and network architecture.
    • Example address: dashboard.pango-lin.ts.net.

Implementation Tips

  • Use a dedicated Tailscale sidecar per service.
  • Tutorials available, e.g., for Docker Compose.
  • TsD Proxy for managing multiple containers with a single Tailscale instance.

Method 4: Integrate Tailscale with tsnet

  • Deep Integration: Use the Go library, tsnet, for native Tailscale capabilities.
    • Offers extensive flexibility and configuration.
    • Requires coding in Go.
    • Examples: Internal tools like link-shortening and secrets management apps.

Future Developments

  • Plans to support more programming languages, currently experimental.

Conclusion

  • Tailscale offers flexibility for different network configurations.
  • Users can mix and match approaches as needed or upgrade incrementally.

View note source

https://tailscale.com/blog/four-ways-tailscale-service