I’ve just about got this Docker thing licked. After hundreds of hours, I finally get it, and my dusty millenial ass has joined the 21st century.
-but we have issues
==============================xxxx==============================
The environment:
I have multiple containers running on my local network, including photoprism, Kavita, and Filebrowser. I also installed Heimdall as a startpage. On the local network everything works great.
The entire goal of this project is to have these services accessible from outside the house, from my mobile devices but also with the ability to share links and files with friends.
==============================xxxx==============================
The problem:
Enter Tailscale. I tried port forwarding, having a domain, all that jazz, but it ended up being way too complicated. I don’t want just anyone to access my shit, I only want a handful to be able to use services of my choosing in accordance with the user permissions I set up for them. Tailscale was the first thing I tried that worked.
I added my docker instance to tailscale, and when you access the machine, you are correctly taken to my Heimdal start page. Unfortunately, when you click on the icons for my docker services, the browser gives you an “unable to connect” error.
Under my Tailscale admin panel, the services are listed along with their port and IP information. Heimdall (443) and Portainer(8000) are listed as https and http under “type”, as expected. The remaining services are listed as “other.” (the portainer link doesn’t work either)
-
Has anyone else dealt with this?
-
If this has to do with ports, is there an easy way to configure ports without having to re-run the images and make new containers?
Are all services running on the same machine? You mentioned same network… you also said you added your “docker instance” to tailscale. I think some clarifications on what those two things mean could help narrow down the problem.
E.g. do you have multiple physical machines running docker containers? Each one you want to access needs to be added to tailscale, OR, set up a tailscale gateway?
Set up Tailscale as exit node to your local network.
Make sure that your network is not standard 192.168.0.x or 192.168.1.x IP address range, but something like 192.168.101.x so you don’t have IP conflicts when accessing from a friend’s house or workplace wifi.
Set up Nginx to redirect your home server IP (eg. 192.168.101.5) to the correct port for your dashboard like Heimdall or Dashy.
That’s it. Works like a charm for me if set up this way.
Addendum: if you have trouble on Android, disable MagicDNS.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters | More Letters |
---|---|
DNS | Domain Name Service/System |
HTTP | Hypertext Transfer Protocol, the Web |
IP | Internet Protocol |
nginx | Popular HTTP server |
3 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.
[Thread #435 for this sub, first seen 18th Jan 2024, 04:35] [FAQ] [Full list] [Contact] [Source code]
Tailscale has been nothing but pain for me.
What I have is a vps with wireguard and nginx proxy manager. Traffic comes in though the vps and is routed internally. I have firewalls and isolation for everything that is in the danger zone if something gets compromised.
What do the links look like on the start page?
The problem is that Tailscale gives your server a “magic” ip, which isn’t the same one as on your local network. On your local network, do you access them by port? Or reverse proxy?
Machine:8080 or service.machine.localdomain
I think this is what you should look into. Are the services in Heimdall listed with the local IP or host names? Or are they referenced with the tailscale IP?
Three things I want to add here:
- On tailscale I can only access my home lab’s root page with the services being accessible with something like
domain.tld/service
. service.domain.tld
is not supported by tailscale. (See github issue)- The local domain is different to the tailscale domain. If you want to use them with a reverse proxy (nginx, caddy) you need to have rules configured for your tailscale magic DNS domain too.
I hope this helps.