Skip to content

Commit

Permalink
Merge branch 'tailscale-docker-integration' into spencerjunraid-patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
@ljm42
ljm42 authored Nov 18, 2024
2 parents 818910f + 6febc98 commit e70e622
Showing 1 changed file with 19 additions and 15 deletions.
34 changes: 19 additions & 15 deletions docs/unraid-os/manual/security/tailscale.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,14 @@ Keep in mind that HTTPS Certificates are public, so make sure you are comfortabl

## Adding Tailscale to Unraid

1. Navigate to Community Apps, search for **Tailscale plugin** and install it. Big thanks to [@EDACerton](https://forums.unraid.net/profile/244077-edacerton/) aka [@dkaser](https://github.com/dkaser) for all their work on this plugin!
2. Navigate to ***Settings → Tailscale*** and click **Reauthenticate** (you will sign in with your Tailscale account, not your Unraid.net account)
3. Click **Connect** to add this system to your Tailnet. You can then close the window.
4. If you are on Unraid 7.0.0-beta.3 or higher, navigate to ***Settings → Management Access*** to see your new Tailscale URL(s) which any system on your Tailnet can use to access the Unraid webgui.
5. Navigate to ***Settings → Tailscale*** to find this system's name and IP address on the Tailnet. This can be used to access SMB/NFS shares or most Docker containers, etc. Just replace the URL you normally use with the name/IP shown here.
1. Review the [Getting Started](#getting-started) section above, there are some adjustments you'll want to make to your Tailscale account before continuing
2. Navigate to Community Apps, search for **Tailscale plugin** and install it. Big thanks to [@EDACerton](https://forums.unraid.net/profile/244077-edacerton/) aka [@dkaser](https://github.com/dkaser) for all their work on this plugin!
3. Navigate to ***Settings → Tailscale*** and click **Reauthenticate** (you will sign in with your Tailscale account, not your Unraid.net account)
4. Click **Connect** to add this system to your Tailnet. You can then close the window.
5. If you are on Unraid 7.0.0-beta.3 or higher, navigate to ***Settings → Management Access*** to see your new Tailscale URL(s) which any system on your Tailnet can use to access the Unraid webGUI.
6. Navigate to ***Settings → Tailscale*** to find this system's name and IP address on the Tailnet. This can be used to access SMB/NFS shares or most Docker containers, etc. Just replace the URL you normally use with the name/IP shown here.

### Subnet routing (optional)

If you would prefer to access the system by its main IP when connected to the Tailnet, or if you want to access Docker containers that are on their own IPs:

Expand All @@ -58,7 +61,7 @@ You can optionally add Tailscale to almost any Docker container managed by Unrai
* The container will appear as a unique machine on your Tailnet, which means you can share just that container with other people without giving them access to your whole server. See [Sharing](https://tailscale.com/kb/1084/sharing.)
* You can set up a VPN container to be an Exit Node, which any other machine on your Tailnet (or anyone you have shared this machine with) can use. See [Exit Nodes](https://tailscale.com/kb/1103/exit-nodes).
* You can configure the container to send its outgoing Internet traffic through an Exit Node on your Tailnet (or one that has been shared with you.) See [Exit Nodes](https://tailscale.com/kb/1103/exit-nodes).
* If the container has a website, enable Tailscale Serve to access it from your Tailnet via a friendly https URL with a full certificate. No port forwarding is necessary! See [Serve](https://tailscale.com/kb/1312/serve).
* If the container has a website, enable Tailscale Serve to access it from your Tailnet via a friendly https URL with a full certificate. No port is necessary! See [Serve](https://tailscale.com/kb/1312/serve).
* Or you can even make the container's website available on the Internet using Tailscale Funnel. See [Funnel](https://tailscale.com/kb/1223/funnel).

### Install Tailscale everywhere
Expand All @@ -69,9 +72,10 @@ The Tailscale plugin for Unraid is technically *not required* for Docker integra

### Install Tailscale in a Docker container

1. Navigate to the ***Docker*** tab in the Unraid webGUI and edit a container
2. Enable the **Use Tailscale** switch
3. Provide the **Tailscale Hostname** for this container. It does not need to match the container name, but it must be unique on your Tailnet.
1. Review the [Getting Started](#getting-started) section above, there are some adjustments you'll want to make to your Tailscale account before continuing
2. Navigate to the ***Docker*** tab in the Unraid webGUI and edit a container
3. Enable the **Use Tailscale** switch
4. Provide the **Tailscale Hostname** for this container. It does not need to match the container name, but it must be unique on your Tailnet.

:::warning

Expand All @@ -80,12 +84,12 @@ The Tailscale plugin for Unraid is technically *not required* for Docker integra

:::

4. Specify whether this container will **Be an Exit Node** or not; this is most useful for containers that connect to commercial VPN services. For more details, see the Tailscale documentation on [Exit Nodes](https://tailscale.com/kb/1103/exit-nodes).
5. Specify whether this container should **Use an Exit Node** for its outgoing Internet traffic. If you have the Tailnet plugin installed on your server you will see a list of Exit Nodes to choose from. If not, you will need to provide the IP address of the Exit Node to use. For more details, see the Tailscale documentation on [Exit Nodes](https://tailscale.com/kb/1103/exit-nodes).
6. If you chose to **Use an Exit Node**, specify whether the container should also have access to your LAN.
7. Depending on your previous choices, the **Tailscale Userspace Networking** field may already be set for you. If not, you will probably want to leave it **disabled**. [See below](#userspace-networking) for details.
8. Specify whether or not to enable **Tailscale SSH**. This is similar to the Docker **Console** option in the Unraid webGUI, except you connect with an SSH client and authenticate via Tailscale. For more details, see the [Tailscale SSH](https://tailscale.com/kb/1193/tailscale-ssh) documentation.
9. Enable **Serve** to easily reverse proxy a website in the container at a friendly https URL with a full certificate. For more details, see the [Tailscale Serve](https://tailscale.com/kb/1312/serve) documentation. Or enable **Funnel** to make the container's website available on the open Internet (use with care as the container is likely to be attacked!) See the [Tailscale Funnel](https://tailscale.com/kb/1223/funnel) documentation.
5. Specify whether this container will **Be an Exit Node** or not; this is most useful for containers that connect to commercial VPN services. For more details, see the Tailscale documentation on [Exit Nodes](https://tailscale.com/kb/1103/exit-nodes).
6. Specify whether this container should **Use an Exit Node** for its outgoing Internet traffic. If you have the Tailnet plugin installed on your server you will see a list of Exit Nodes to choose from. If not, you will need to provide the IP address of the Exit Node to use. For more details, see the Tailscale documentation on [Exit Nodes](https://tailscale.com/kb/1103/exit-nodes).
7. If you chose to **Use an Exit Node**, specify whether the container should also have access to your LAN.
8. Depending on your previous choices, the **Tailscale Userspace Networking** field may already be set for you. If not, you will probably want to leave it **disabled**. [See below](#userspace-networking) for details.
9. Specify whether or not to enable **Tailscale SSH**. This is similar to the Docker **Console** option in the Unraid webGUI, except you connect with an SSH client and authenticate via Tailscale. For more details, see the [Tailscale SSH](https://tailscale.com/kb/1193/tailscale-ssh) documentation.
10. Enable **Serve** to easily reverse proxy a website in the container at a friendly https URL with a full certificate. For more details, see the [Tailscale Serve](https://tailscale.com/kb/1312/serve) documentation. Or enable **Funnel** to make the container's website available on the open Internet (use with care as the container is likely to be attacked!) See the [Tailscale Funnel](https://tailscale.com/kb/1223/funnel) documentation.

:::warning

Expand Down

0 comments on commit e70e622

Please sign in to comment.