Tailscale: Difference between revisions
m Divided Troubleshooting section into subsections. Capitalized Tailscale. |
|||
(One intermediate revision by the same user not shown) | |||
Line 25: | Line 25: | ||
== Configuring TLS == | == Configuring TLS == | ||
{{Expansion| | |||
* Set up Systemd service to run this command at regular intervals to avoid cert expiration. | |||
* Show how to run for multiple services on a single machine. | |||
}} | |||
Per [https://tailscale.com/kb/1153/enabling-https/?q=tls#provision-tls-certificates-for-your-devices Enabling HTTPS in the Tailscale documentation], run the following: | Per [https://tailscale.com/kb/1153/enabling-https/?q=tls#provision-tls-certificates-for-your-devices Enabling HTTPS in the Tailscale documentation], run the following: | ||
Line 31: | Line 36: | ||
}} | }} | ||
As an alternative, you can set up [https://wiki.nixos.org/wiki/Caddy Caddy] to create and manage SSL certs automatically as [https://tailscale.com/kb/1190/caddy-certificates Caddy recognizes Tailscale urls]. After replacing <code><MACHINE_NAME></code>, <code><TAILNET_NAME></code>, <code><port></code> with your tailscale machine name, tailscale tailnet name, and the port of the local service you want to forward, you can add the following to your <code>configuration.nix</code>:<syntaxhighlight lang="nixos"> | |||
services.caddy = { | |||
enable = true; | |||
virtualHosts."<MACHINE_NAME>.<TAILNET_NAME>".extraConfig = '' | |||
reverse_proxy 127.0.0.1:<port> | |||
''; | |||
}; | |||
# Allow the Caddy user(and service) to edit certs | |||
services.tailscale.permitCertUid = "caddy"; | |||
</syntaxhighlight> | |||
== Known issues == | == Known issues == |