Easily Connect to Your Home Lab From Anywhere with Tailscale in Docker 🌱

What is Tailscale?

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other. -https://tailscale.com/kb/1151/what-is-tailscale/

Creating a Tailscale Account

  1. Open a web browser and navigate to https://login.tailscale.com/
  2. Log in using one of the available single sign-on methods
  3. Select DNS from the top navigation menu
  4. Click the Add nameserver dropdown > Custom...
  5. Enter the IP address of the DNS server to use for your internal network/LAN > Click Save
  6. Select Settings from the top navigation menu
  7. Select Keys under the Personal Settings heading in the left navigation menu
  8. Click the Generate auth key... button
  9. Check the Reusable box > Generate key
  10. Copy/leave the generated key visible for use later

Installing Docker

  1. Log into the Linux host and run the following commands in a terminal window
    # install prerequisites
    sudo apt install apt-transport-https ca-certificates curl software-properties-common gnupg-agent -y
    # add docker gpg key
    curl -fsSL https://download.docker.com/linux/$(awk -F'=' '/^ID=/{ print $NF }' /etc/os-release)/gpg | sudo apt-key add -
    # add docker software repository
    sudo add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/$(awk -F'=' '/^ID=/{ print $NF }' /etc/os-release) $(lsb_release -cs) stable"
    # install docker
    sudo apt install docker-ce docker-compose containerd.io -y
    # enable and start docker service
    sudo systemctl enable docker && sudo systemctl start docker
    # add the current user to the docker group
    sudo usermod -aG docker $USER
    # reauthenticate for the new group membership to take effect
    su - $USER

Running the Tailscale Container

  1. Continue with the following commands in a terminal window
    # create the tailscale container
    # replace the TS_AUTHKEY variable
    # and update the TS_ROUTES variable
    # to point to your local network subnet
    docker run -d --name=tailscale -v /var/lib:/var/lib -v /dev/net/tun:/dev/net/tun -e TS_ACCEPT_DNS=true --network=host --cap-add=NET_ADMIN --cap-add=NET_RAW --restart=unless-stopped --hostname="ctr-gateway" -e TS_AUTHKEY=<%AUTH KEY CREATED EARLIER%> -e TS_ROUTES=192.168.0.0/24 tailscale/tailscale
  2. Back in the web browser, select Machines from the top navigation menu
  3. The ctr-gateway machine should be listed and connected
  4. Click the Settings button across from the ctr-gateway device > Select Disable key expiry
  5. Click the Settings button across from the ctr-gateway device again > Edit route settings...
  6. Click the Approve all button to enable routing into the local network

Connecting Other Devices

  1. Additional devices can be added to the Tailscale network by installing the Tailscale client Additional reading
  2. To connect from a mobile device, install the Tailscale mobile app
  3. Log into Tailscale using the same method used to create the account earlier
  4. Once connected to the network, the mobile device can be used to reach services in your home lab securely from anywhere

Source: https://hub.docker.com/r/tailscale/tailscale
Documentation: https://tailscale.com/kb/