[ecliptik]

I have an artisanal handcrafted docker-compose stack for them, so everything is containerized. It's on my todo to write a blog post about the setup.

There's an nginx reverse-proxy container in the stack that routes traffic to the individual service containers via the servername; eg nitter.tail.net goes to the nitter container, teddit.tail.net goes to the teddit container, etc.

The nginx proxy only listens on the Tailnet interface and only accepts connections from the Tailnet CIDR, therefore any device I have on my tailnet can access them. Letsencrypt is also setup so everything is over https.

This allows me to access them from my phone, laptop, whatever when connected using Tailscale.

Tailscale essentially let me completely remove any need for port forwarding on my router and still have global access. It's truly amazing.

[ecliptik]

While not a blog post, I created a Privacy Frontends with Tailscale repo on Github with this this setup using Tailscale MagicDNS and Caddy.

https://github.com/ecliptik/tailscale-privacy-frontends

I've tested it out on a new Tailnet on a t3.medium EC2 instance and it works relatively well. Adding new services should be relatively easy.

I'm planning to write up a post about the more technical details on the stack still.

[xav0989]

I have a similar-ish setup, but using nomad as my executor, and traefik running on a public machine doing the routing.

Basically all the services on nomad listen on the tailnet, and traefik straddles the tailnet and the public internet. It then loads the service configurations from nomad and exposes them using let’s encrypt certificates.

[heybrendan]

+1 Would very much welcome you authoring something on this topic.

[chrisweekly]

+1 for the blog post howto idea

[hypercube33]

+1 as well. right now I'm using route 53 and some funky scripts to pull ip from DNS and update it for site to site links

[metadat]

If you wouldn't mind, any chance you can ping me once you publish this? You can reach me at collect.metadat attt gmail.