tailscale
I've deployed Tailscale on my runtipi server and set it up to authenticate to my tailscale VPN. It succeeds (I see it listed online) (and also I enable the subnet routes in the tailscale GUI)...
With this setup, I'm expecting to be able to reach the runtipi main dashboard from the client (iPhone, tailscale installed, up and running), but I could only get ERR_CONNECTION_FAILED so far.
Any hint on what could be missing/wrong in my setup, please?
16 Replies
You should try to look at the advertise subnet option
In fact, I think it comes from that it reaches the tailscale container (that does not have http server)... but I was guessing that the runtipi tailscale integration allows to reach runtipi dashboard... "out of the box", is my expectation right?
Out of the box it should allow you to reach your server but through a tailscale ip
If you want to use the same as your network ip you need to set the advertise subnet
Check the tailscale IP of your server in the admin panel
You should be able to use this without further configuration
Fudge, I have something wrong. I can ping the tailscale ip assigned to the runtipi/tailscale docker service, but when I try to get the dashboard page (through the tailscale ip) it errors out:
curl 100.90.226.123:80/dashboard
curl: (7) Failed to connect to 100.90.226.123 port 80 after 85 ms: Error
(the same curl request using the local IP works, but that does not involve tailscale anymore)
Try removing the port part?
(same, I had tried many variations)
...is that correct that it needs so TS_ROUTES to allow the docker container to access the services on its docker network? ( runtipi_tipi_main_network)
Do I need to set any value in TS_ROUTES for this to work?
This works well for me
No success for me. How do you confirm it works for you? I try using Chrome from an iPhone (and I also try from another PC with Linux).
Lately I confirm this works, so for sure the tailscale docker has access to the runtipi HTTP service (I know it's obvious for you, but I'm trying to hard to find where it blocks :P):
$ docker exec -it tailscale_migrated-tailscale-1 apk add curl && curl http://127.0.0.1:80
fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/aarch64/APKINDEX.tar.gz
(1/8) Installing brotli-libs (1.1.0-r1)
(2/8) Installing c-ares (1.27.0-r0)
(3/8) Installing libunistring (1.1-r2)
(4/8) Installing libidn2 (2.3.4-r4)
(5/8) Installing nghttp2-libs (1.58.0-r0)
(6/8) Installing libpsl (0.21.5-r0)
(7/8) Installing libcurl (8.12.1-r0)
(8/8) Installing curl (8.12.1-r0)
Executing busybox-1.36.1-r19.trigger
OK: 25 MiB in 43 packages
<!DOCTYPE html>
<html lang="en">
[...]
<title>Runtipi</title>
<script type="module" crossorigin src="/assets/index-C90zhnPn.js"></script>
<link rel="stylesheet" crossorigin href="/assets/index-CP6KHYwa.css">
</head>
<body>
<div id="root"></div>
</body>
</html>
(Accessing "runtipi.tail...ts.net/" in iCurlHTTP)
Could you describe how you test it? What is the outcome using curl, for instance? Maybe that could give me some hints?
I don’t know enough about tailscale to help you debug the issue unfortunately
Maybe you should try their forums?
Runtipi is just starting the container for you with the settings provided. You can check the resulting docker-compose in
apps/migrated/tailscaleI understand perfectly and I'm thankful for your help. I'm trying hard, because I like the (runtipi) project. I've understood I can customize the docker-compose by duplicating it in to user-config folder tree and I've been playing around that for two days... I got one kind of a success this morning (using network_mode: host) with annoying side-effects. You confirm me that you succeed using the vanilla config, accessing the runtipi dashboard through a tailscale IP from a client, right?
I think I have a user-config but just to change the network to glutun
First time i did it it took me multiple days aswell
@SeriousSam did you get this working? I think I am experiencing the same thing
Yes, I did but it clearly does not work out straight out of the box (I don’t think it does without “hacking” the configs)