I had the hardest time with this. What I ended up doing instead was provisioning a dedicated vm to run as a tailscale subnet router, then just advertise my gateway and the applicable container IPs via /32 CIDRs. Tailscale will let you do multiple comma separated IPs when advertising routes, so it's easy to append a new service via IP.
this post was submitted on 14 Jan 2025
9 points (84.6% liked)
Selfhosted
49720 readers
156 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
The manual istall now seems too cluttered for me, aswell as the caddy webserver configuration. The AIO probably has an more up to date configuration which is vetted by the community.
I will try to configure the AIO version how i like it, but still apply what i have learned connecting tailscale (https://github.com/nextcloud/all-in-one/discussions/5439)
@BakedCatboy@lemmy.ml your example helped clarify the network and service linking, thank you.
I kind of followed the tutorial, but changed the tailscale configuration to how it is advised by tailscale in their blog about tailscale in docker. It is running fine for me.
compose.yml:
services:
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # do not change
- /var/run/docker.sock:/var/run/docker.sock:ro # do not change
networks:
- nextcloud-aio
ports:
- 8091:8080
environment:
APACHE_PORT: 11000
APACHE_IP_BINDING: 127.0.0.1
SKIP_DOMAIN_VALIDATION: true
nc-caddy:
image: caddy:alpine
container_name: nc-caddy
restart: always
environment:
NC_DOMAIN: nc.tailnet.ts.net
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy/caddy_data:/data
- ./caddy/caddy_config:/config
- ./caddy/caddy_certs:/certs
- ./tailscale/tailscale_sock:/var/run/tailscale/:ro
network_mode: service:nc-tailscale
labels:
- com.centurylinklabs.watchtower.enable=true
nc-tailscale:
image: tailscale/tailscale:latest
container_name: nc-tailscale
restart: always
init: true
environment:
- TS_HOSTNAME=nc
- TS_AUTH_KEY=tskey-auth-xxx
- TS_EXTRA_ARGS=--advertise-tags=tag:container
- TS_STATE_DIR=/var/lib/tailscale
volumes:
- ./tailscale/state:/var/lib/tailscale
- ./tailscale/config:/config
- ./tailscale/tailscale_sock:/tmp
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- net_admin
- sys_module
networks:
- nextcloud-aio
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
networks:
nextcloud-aio:
name: nextcloud-aio
driver: bridge
enable_ipv6: false
Caddyfile:
https://{$NC_DOMAIN}:443 {
reverse_proxy nextcloud-aio-apache:11000
}