Are all services running on the same machine? You mentioned same network… you also said you added your “docker instance” to tailscale. I think some clarifications on what those two things mean could help narrow down the problem.
E.g. do you have multiple physical machines running docker containers? Each one you want to access needs to be added to tailscale, OR, set up a tailscale gateway?
I would suggest having an nginx as a reverse proxy (I prefer avoiding a container as it’s easier to manage) and the have your services in whatever medium you prefer.
That was my impression as well. But since I’m on a low-RAM VPS any overhead in RAM adds up, and I wanted to know how process deduplication works before I get into it.
You would want to setup a VPN server on your linux server and vpn clients on android and laptop. I’m not knowledgeable enough to help, but you can look into wireguard
PiVPN is elegant. Easy install, and I am impressed with the ascii QR code it generates.
But I could not make it work. I am guessing that my Android setup is faulty, orrrr maybe something with the Pi? This is incredibly difficult to troubleshoot.
Free, private (can be self-hosted), and open source. You don’t need to create an account to use it. If I remember correctly, this was created in response to the recent changes to Splitwise.
Hey, I’m the author of Spliit.app, thanks for the mention :)
Indeed I created Spliit as an open source because I believe that some tools should be open source, especially those used on the long term (I have Splitwise account from many years ago).
What I have is a vps with wireguard and nginx proxy manager. Traffic comes in though the vps and is routed internally. I have firewalls and isolation for everything that is in the danger zone if something gets compromised.
The problem is that Tailscale gives your server a “magic” ip, which isn’t the same one as on your local network. On your local network, do you access them by port? Or reverse proxy?
I think this is what you should look into. Are the services in Heimdall listed with the local IP or host names? Or are they referenced with the tailscale IP?
Three things I want to add here:
On tailscale I can only access my home lab’s root page with the services being accessible with something like domain.tld/service.
service.domain.tld is not supported by tailscale. (See github issue)
The local domain is different to the tailscale domain. If you want to use them with a reverse proxy (nginx, caddy) you need to have rules configured for your tailscale magic DNS domain too.
Have you looked at using the Funnel feature in Tailscale, instead of port mapping? This gets external traffic onto your Tailscale network (for anyone who doesn’t have Tailscale) for specific resources, courtesy of Tailscale servers.
If you’re just going to open ports to the world, Tailscale isn’t really necessary (it’s useful for you and anyone on TS, since you can use the Serve feature to permit other Tailscale networks to have access to specific resources).
This sounds like exactly what I need. If I wanted to share my Linux Distros share with my dad, he wouldn’t need to install tailscale and feck with all that?
I actually had a lot of fun a couple years ago deploying PiHole on one of my RaspberryPi’s and routing all my household machines through it. It worked great UNTIL… my kid was turning in empty homework on Google Classroom and his teachers were getting up him about it. We chastised him thinking it was his fault until I finally discovered that Pihole was messing up his uploads to GC and literally causing this problem. I got super angry with it and walked away without even trying to troubleshoot. Had to profusely apologise not only to his teachers but to him.
You need to change the Heimdall urls to the the tailscale urls. I’ll update this post soon.
My old set up has openmediavault as the base system.
I installed tailscale directly to that base system. (The OS)
My old ip links in Heimdall stopped working.
From memory… You need to go to the tail scale website dashboard. Iirc by default you have some random numbers as your tailscale URL. The other option is to use their magic DNS which gives you random words as a URL. Either way you will need to edit you Heimdall links. So if it’s currently 192.167.1.1:8096 you need to change it to buffalo-cow.tailscale:8096. (Or something to that effect.)
What I did was just duplicate my current Heimdall and used a different port number… Then change all the urls to the tailscale urls.
Your current containers should remain untouched aside from the the Heimdall one with the correct app urls.
Except that the services are “unable to open” and “other” even from the tailscale admin panel. The top two services, heimdal and portainer, are the only ones with an “open” link.
edit: if I stop heimdall in Docker, the situation is the same, except no start page.
Hmm… I’m not sure. If your making it to Heimdall and portainer I don’t see why the other containers wouldn’t work. I just remember having to redo my Heimdall links.
Is tailscale installed on the base operating system?
OP here’s a troubleshooting approach i would take:
ensure services can be reached locally, thus eliminating tailscale as a variable. test on the host itself as well as another device on the same network.
attempt connecting, with tailscale enabled, to the services directly. meaning, go to the hosts’s tailscale IP:port in a browser and NOT through heimdall
if the above work, then it’s an issue with heimdall. edit the config as previously mentioned to link the services to the host’s tailscale IP:port, or have two instances of heimdall - one for local and one for remote
I think I figured it out, just have to implement the fix. I think the problem is the lack of 443’s published by the containers. Looks like I may be able to modify the ports easily in Portainer.
Abrechnung is really good and actively developed and improving. The UI is already pretty satisfactory, and there’s also an API which is needed if for example you want to bulk-import a spreadsheet, for now you have to code it a bit.
selfhosted
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.