Tailscale: Difference between revisions

(One intermediate revision by the same user not shown)

Line 25:

== Configuring TLS ==

{{Expansion|

* Set up Systemd service to run this command at regular intervals to avoid cert expiration.

* Show how to run for multiple services on a single machine.

}}

Per [https://tailscale.com/kb/1153/enabling-https/?q=tls#provision-tls-certificates-for-your-devices Enabling HTTPS in the Tailscale documentation], run the following:

Line 31:

Line 36:

}}

~~{{Expansion|~~

As an alternative, you can set up [https://wiki.nixos.org/wiki/Caddy Caddy] to create and manage SSL certs automatically as [https://tailscale.com/kb/1190/caddy-certificates Caddy recognizes Tailscale urls]. After replacing <code><MACHINE_NAME></code>, <code><TAILNET_NAME></code>, <code><port></code> with your tailscale machine name, tailscale tailnet name, and the port of the local service you want to forward, you can add the following to your <code>configuration.nix</code>:<syntaxhighlight lang="nixos">

* Set up ~~Systemd~~ service to ~~run this command at regular intervals~~ to ~~avoid cert expiration~~.

services.caddy = {

* Show how to ~~run for multiple~~ services ~~on a single machine~~.

enable = true;

}}

virtualHosts."<MACHINE_NAME>.<TAILNET_NAME>".extraConfig = ''

reverse_proxy 127.0.0.1:<port>

'';

};

# Allow the Caddy user(and service) to edit certs

services.tailscale.permitCertUid = "caddy";

</syntaxhighlight>

== Known issues ==

@@ Line 25: / Line 25: @@
 == Configuring TLS ==
+{{Expansion|
+* Set up Systemd service to run this command at regular intervals to avoid cert expiration.
+* Show how to run for multiple services on a single machine.
+}}
 Per [https://tailscale.com/kb/1153/enabling-https/?q=tls#provision-tls-certificates-for-your-devices Enabling HTTPS in the Tailscale documentation], run the following:
@@ Line 31: / Line 36: @@
 }}
-{{Expansion|
+As an alternative, you can set up [https://wiki.nixos.org/wiki/Caddy Caddy] to create and manage SSL certs automatically as [https://tailscale.com/kb/1190/caddy-certificates Caddy recognizes Tailscale urls]. After replacing <code><MACHINE_NAME></code>, <code><TAILNET_NAME></code>, <code><port></code> with your tailscale machine name, tailscale tailnet name, and the port of the local service you want to forward, you can add the following to your <code>configuration.nix</code>:<syntaxhighlight lang="nixos">
-* Set up Systemd service to run this command at regular intervals to avoid cert expiration.
+services.caddy = {
-* Show how to run for multiple services on a single machine.
+  enable = true;
-}}
+  virtualHosts."<MACHINE_NAME>.<TAILNET_NAME>".extraConfig = ''
+    reverse_proxy 127.0.0.1:<port>
+  '';
+};
+# Allow the Caddy user(and service) to edit certs
+services.tailscale.permitCertUid = "caddy";
+</syntaxhighlight>
 == Known issues ==