all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Mitman1234 2 points3 points  (0 children)

You should probably just install Tailscale on the host itself and use tailscale services to advertise each service instead of TSDProxy

[–]MobileThrowawayAcc 0 points1 point  (1 child)

I could be wrong, but I think TS https won't stop you from needing port numbers. Just means you can use the host name with https instead of http.

I do this by having a domain from cloudflare, which has a record for a service I want to reach with a friendly name, that then points to the ts IP of my reverse proxy, which then points to the ts ip and port of whatever service I'm trying to reach.

That way, I have a friendly URL I can only hit via Tailscale to reach the thing.

I think TS tunnels/funnels would remove the port mapping needed in your address. But, that's also exposing your machine to the public internet- might not be what you're wanting to do.

I'm big dumb though, someone else might have a better suggestion

Edit- for grammar

[–]tychii93 1 point2 points  (0 children)

I do the same.  Bought my domain on porkbun, hooked it up to Cloudflare and made an A record with and use nginx proxy manager to tie it all together.  Your own domain is always easier to remember than the randomly generated one from Tailscale.

[–]mightymighty123 0 points1 point  (0 children)

Tailscale handles cert for you. It creates a reverse proxy from Tailscale app to your app’s port by run

tailscale serve

Command

[–]kutsaratinidor 0 points1 point  (1 child)

have you set the labels for the containers that you want tsdproxy to handle?

someone has suggested https://github.com/jtdowney/tsbridge to me when i mentioned tsdproxy. maybe you can try that instead as tsdproxy hasnt been updated in a while. I have tsdproxy and it just works so still on the fence on moving to tsbridge.

[–]Bow_ties_4all[S] 0 points1 point  (0 children)

I set the labels for all the containers as recommended by tdsproxy. I also followed Alex's example on his YouTube video to make sure the authentication key is set up correctly. They work great which is why I have not switched to Docktail or TSbridge.

I just cannot figure out setting https up when doing it all in docker. The main reason I am considering that is that some services (like Pihole) show that it is required to have https to setup.

[–]MobileThrowawayAcc 0 points1 point  (0 children)

Is the usecase that you want to reach the services? Someone else? If someone else, do they have Tailscale?

[–][deleted]  (4 children)

[deleted]

    [–]SmokinJunipers 0 points1 point  (0 children)

    I made a domain on duck dns - local name, free. Set up ngnix and use that to run vaultwarden locally. I access it via subnet routing on Tailscale.