Tailscale: Difference between revisions

Granddave (talk | contribs)
m Divided Troubleshooting section into subsections. Capitalized Tailscale.
 
(One intermediate revision by the same user not shown)
Line 25: Line 25:


== Configuring TLS ==
== Configuring TLS ==
{{Expansion|
* Set up Systemd service to run this command at regular intervals to avoid cert expiration.
* Show how to run for multiple services on a single machine.
}}
Per [https://tailscale.com/kb/1153/enabling-https/?q=tls#provision-tls-certificates-for-your-devices Enabling HTTPS in the Tailscale documentation], run the following:
Per [https://tailscale.com/kb/1153/enabling-https/?q=tls#provision-tls-certificates-for-your-devices Enabling HTTPS in the Tailscale documentation], run the following:


Line 31: Line 36:
}}
}}


{{Expansion|
As an alternative, you can set up [https://wiki.nixos.org/wiki/Caddy Caddy] to create and manage SSL certs automatically as [https://tailscale.com/kb/1190/caddy-certificates Caddy recognizes Tailscale urls]. After replacing <code><MACHINE_NAME></code>, <code><TAILNET_NAME></code>, <code><port></code> with your tailscale machine name, tailscale tailnet name, and the port of the local service you want to forward, you can add the following to your <code>configuration.nix</code>:<syntaxhighlight lang="nixos">
* Set up Systemd service to run this command at regular intervals to avoid cert expiration.
services.caddy = {
* Show how to run for multiple services on a single machine.
  enable = true;
}}
  virtualHosts."<MACHINE_NAME>.<TAILNET_NAME>".extraConfig = ''
    reverse_proxy 127.0.0.1:<port>
  '';
};
# Allow the Caddy user(and service) to edit certs
services.tailscale.permitCertUid = "caddy";
</syntaxhighlight>


== Known issues ==
== Known issues ==