james/blog
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.

Browse source
This commit is contained in:
ryfrd 2026-03-18 20:32:25 +00:00
parent 6623ee03f6
commit 44c8324063
120 changed files with 22842 additions and 4673 deletions
Download patch file Download diff file Expand all files Collapse all files

87
public/tailscale-caddy-and-nixos-containers/index.html
View file

@ -1,40 +1,47 @@
<!doctype html>
<html lang="en"><head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="shortcut icon" href="https://nonsense.dymc.win/favicon.ico">
<link id="stylesheet" rel="stylesheet" href="/css/light.css">
<html lang="en"><head><script src="/livereload.js?mindelay=10&amp;v=2&amp;port=1313&amp;path=livereload" data-no-instant defer></script>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="canonical" href="http://localhost:1313/tailscale-caddy-and-nixos-containers/" />
<title>Tailscale, caddy, and nixos containers - James&#39; Blog</title>
<link rel="canonical" href="https://nonsense.dymc.win/tailscale-caddy-and-nixos-containers/" />
<title>Tailscale, caddy, and nixos containers</title>
<link rel="stylesheet" href="/css/style.css">
<script>
document.documentElement.setAttribute('data-theme', 'dark');
</script>
</head>
<body><header id="banner">
<nav class="navbar">
<body><header class="site-header">
<nav>
<a href="http://localhost:1313/" class="home">~</a>
<div class="nav-links">
<a href="https://nonsense.dymc.win/" class="home">🏠</a>
<a
href="/info/"
title="👋"
>👋</a
><a
href="/search/"
title="🔎"
>🔎</a
>
<button id="toggle-button" class="toggle-button" onclick="toggleTheme()">🌚</button>
<a href="/search">/</a>
</div>
</nav>
</header>
<main id="content">
<article>
<header id="post-header">
<h2>Tailscale, caddy, and nixos containers</h2>
<div>
<p>May 16, 2023</p>
<article class="post">
<header>
<h1>Tailscale, caddy, and nixos containers</h1>
<time>May 16, 2023</time>
<div class="tags">
<a href="/tags/nixos">nixos</a>
<a href="/tags/caddy">caddy</a>
<a href="/tags/tailscale">tailscale</a>
<a href="/tags/self-hosting">self-hosting</a>
</div>
</header><p>For a little while now I&rsquo;ve been running some services (jellyfin etc.) on an old laptop in my house. I&rsquo;m not trying to sound like a podcast ad but as a networking novice, the simplicity <a href="https://tailscale.com/">tailscale</a> brings to accessing these services remotely is very nice. Until recently though, I had been accessing my services like a heathen with http and port numbers (eg http://tailscale-ip:service-port). This works and is perfectly secure thanks to tailscale though it lacks a certain finesse. In an ideal world you&rsquo;d have a reverse proxy and set up SSL certs so your browser doesn&rsquo;t get stressed and you dont have to rememeber ip addresses and port numbers.</p>
</header>
<div class="content">
<p>For a little while now I&rsquo;ve been running some services (jellyfin etc.) on an old laptop in my house. I&rsquo;m not trying to sound like a podcast ad but as a networking novice, the simplicity <a href="https://tailscale.com/">tailscale</a> brings to accessing these services remotely is very nice. Until recently though, I had been accessing my services like a heathen with http and port numbers (eg http://tailscale-ip:service-port). This works and is perfectly secure thanks to tailscale though it lacks a certain finesse. In an ideal world you&rsquo;d have a reverse proxy and set up SSL certs so your browser doesn&rsquo;t get stressed and you dont have to rememeber ip addresses and port numbers.</p>
<p>When I initially looked at how to do this it seemed like it was above my paygrade and not worth the stress; that was until I came across <a href="https://caddy.community/t/https-in-your-vpn-caddy-now-uses-tls-certificates-from-tailscale/15380">this</a>. This works great and is as simple as advertised though there is one drawback: you can only reverse proxy one service per host. So for my usecase of the laptop with multiple services running on it I could only use the magic caddy tailscale auto-https thing for one of them.</p>
<h3 id="what-to-do">what to do?</h3>
<p>Seeing as I was already using nixos on my latop server I turned to a slightly cumbersome nixos solution. One <a href="https://nixos.wiki/wiki/NixOS_Containers">nixos-container</a> for each service I wanted over https. I&rsquo;d be lying If I said I completely understand all of this NAT business but this was the config I cobbled together (copied from the nixos docs).</p>
@ -92,16 +99,16 @@
</span></span></code></pre></div><p>This example enables the jellyfin, tailscale, and caddy services, mounts a film folder from the host, and lets the container talk to the internet.</p>
<p>Once you&rsquo;ve logged into the container <code>sudo nixos-container root-login jellyfin</code> and authenticated with tailscale <code>sudo tailscale up</code>, you should be able to access your jellyfin in your browser at <code>https://jellyfin.tailnet-name.ts.net</code>.</p>
<p>As well as solving the multiple services problem, separating services onto their own hosts is nice if you want to <a href="https://tailscale.com/kb/1084/sharing/">share</a> a particular service with someone else. I personaly feel happier just sharing one container running jellyfin rather than the whole host with multiple things on it. Anyway thanks for listening to my TED talk.</p>
</article>
</main>
<footer id="footer">
<small>
made with <a href="https://gohugo.io">hugo</a>
</small>
<script src="/js/search.js"></script>
<script src="/js/toggle.js"></script>
</footer>
</body>
</div>
</article>
</main><footer class="site-footer">
<small>
<a href="/index.xml">RSS</a>
·
<a href="https://gohugo.io">Hugo</a>
</small>
<script src="/js/script.js"></script>
</footer>
</body>
</html>