feat(tailscale): update Tailscale configuration to enable Funnel and remove Traefik targets
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Some checks failed
/ validate-docker-compose (push) Has been cancelled
This commit is contained in:
parent
7162827ab3
commit
6c1e6b5700
@ -48,6 +48,5 @@ DECLUTTARR_REMOVE_ORPHANS=True
|
|||||||
TAILSCALE_AUTHKEY=
|
TAILSCALE_AUTHKEY=
|
||||||
TAILSCALE_HOSTNAME=tailscale-nas
|
TAILSCALE_HOSTNAME=tailscale-nas
|
||||||
TAILSCALE_TAGS=tag:nas
|
TAILSCALE_TAGS=tag:nas
|
||||||
# Define Traefik targets for Tailscale serve
|
# Enable Tailscale Funnel (public access) for HTTPS? Set to 'true' or 'false'.
|
||||||
TAILSCALE_SERVE_TARGET_HTTP=http://traefik:80
|
ENABLE_FUNNEL_HTTPS=false
|
||||||
TAILSCALE_SERVE_TARGET_HTTPS=https://traefik:443
|
|
||||||
|
|||||||
@ -9,9 +9,6 @@ services:
|
|||||||
- --providers.docker.exposedbydefault=false
|
- --providers.docker.exposedbydefault=false
|
||||||
- --entrypoints.web.address=:80
|
- --entrypoints.web.address=:80
|
||||||
- --entrypoints.web-secure.address=:443
|
- --entrypoints.web-secure.address=:443
|
||||||
- --entrypoints.web.http.redirections.entryPoint.to=web-secure
|
|
||||||
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
|
||||||
- --entrypoints.web.http.redirections.entrypoint.permanent=true
|
|
||||||
- --experimental.plugins.rewrite-body.modulename=github.com/packruler/rewrite-body
|
- --experimental.plugins.rewrite-body.modulename=github.com/packruler/rewrite-body
|
||||||
- --experimental.plugins.rewrite-body.version=v1.2.0
|
- --experimental.plugins.rewrite-body.version=v1.2.0
|
||||||
- --experimental.plugins.rewriteHeaders.modulename=github.com/XciD/traefik-plugin-rewrite-headers
|
- --experimental.plugins.rewriteHeaders.modulename=github.com/XciD/traefik-plugin-rewrite-headers
|
||||||
@ -35,8 +32,8 @@ services:
|
|||||||
- PGID=${GROUP_ID}
|
- PGID=${GROUP_ID}
|
||||||
- TZ=${TIMEZONE}
|
- TZ=${TIMEZONE}
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/sonarr:/config
|
- ${CONFIG_ROOT:-.}/sonarr:/config:Z
|
||||||
- ${DATA_ROOT}:/data
|
- ${DATA_ROOT}:/data:Z
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "curl", "--fail", "http://127.0.0.1:8989/sonarr/ping"]
|
test: ["CMD", "curl", "--fail", "http://127.0.0.1:8989/sonarr/ping"]
|
||||||
@ -45,7 +42,7 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.sonarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sonarr`))
|
- traefik.http.routers.sonarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sonarr`))
|
||||||
- traefik.http.routers.sonarr.tls=true
|
- traefik.http.routers.sonarr.entrypoints=web
|
||||||
- traefik.http.services.sonarr.loadbalancer.server.port=8989
|
- traefik.http.services.sonarr.loadbalancer.server.port=8989
|
||||||
- homepage.group=Media
|
- homepage.group=Media
|
||||||
- homepage.name=Sonarr
|
- homepage.name=Sonarr
|
||||||
@ -64,8 +61,8 @@ services:
|
|||||||
- PGID=${GROUP_ID}
|
- PGID=${GROUP_ID}
|
||||||
- TZ=${TIMEZONE}
|
- TZ=${TIMEZONE}
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/radarr:/config
|
- ${CONFIG_ROOT:-.}/radarr:/config:Z
|
||||||
- ${DATA_ROOT}:/data
|
- ${DATA_ROOT}:/data:Z
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "curl", "--fail", "http://127.0.0.1:7878/radarr/ping"]
|
test: ["CMD", "curl", "--fail", "http://127.0.0.1:7878/radarr/ping"]
|
||||||
@ -74,7 +71,7 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.radarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/radarr`))
|
- traefik.http.routers.radarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/radarr`))
|
||||||
- traefik.http.routers.radarr.tls=true
|
- traefik.http.routers.radarr.entrypoints=web
|
||||||
- traefik.http.services.radarr.loadbalancer.server.port=7878
|
- traefik.http.services.radarr.loadbalancer.server.port=7878
|
||||||
- homepage.group=Media
|
- homepage.group=Media
|
||||||
- homepage.name=Radarr
|
- homepage.name=Radarr
|
||||||
@ -93,8 +90,8 @@ services:
|
|||||||
- PGID=${GROUP_ID}
|
- PGID=${GROUP_ID}
|
||||||
- TZ=${TIMEZONE}
|
- TZ=${TIMEZONE}
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/lidarr:/config
|
- ${CONFIG_ROOT:-.}/lidarr:/config:Z
|
||||||
- ${DATA_ROOT}:/data
|
- ${DATA_ROOT}:/data:Z
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "curl", "--fail", "http://127.0.0.1:8686/lidarr/ping"]
|
test: ["CMD", "curl", "--fail", "http://127.0.0.1:8686/lidarr/ping"]
|
||||||
@ -103,7 +100,7 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.lidarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/lidarr`))
|
- traefik.http.routers.lidarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/lidarr`))
|
||||||
- traefik.http.routers.lidarr.tls=true
|
- traefik.http.routers.lidarr.entrypoints=web
|
||||||
- traefik.http.services.lidarr.loadbalancer.server.port=8686
|
- traefik.http.services.lidarr.loadbalancer.server.port=8686
|
||||||
- homepage.group=Media
|
- homepage.group=Media
|
||||||
- homepage.name=Lidarr
|
- homepage.name=Lidarr
|
||||||
@ -124,8 +121,8 @@ services:
|
|||||||
- PGID=${GROUP_ID}
|
- PGID=${GROUP_ID}
|
||||||
- TZ=${TIMEZONE}
|
- TZ=${TIMEZONE}
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/bazarr/config:/config
|
- ${CONFIG_ROOT:-.}/bazarr/config:/config:Z
|
||||||
- ${DATA_ROOT}:/data
|
- ${DATA_ROOT}:/data:Z
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "curl", "--fail", "http://127.0.0.1:6767/bazarr/ping"]
|
test: ["CMD", "curl", "--fail", "http://127.0.0.1:6767/bazarr/ping"]
|
||||||
@ -134,7 +131,7 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.bazarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/bazarr`))
|
- traefik.http.routers.bazarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/bazarr`))
|
||||||
- traefik.http.routers.bazarr.tls=true
|
- traefik.http.routers.bazarr.entrypoints=web
|
||||||
- traefik.http.services.bazarr.loadbalancer.server.port=6767
|
- traefik.http.services.bazarr.loadbalancer.server.port=6767
|
||||||
- homepage.group=Download
|
- homepage.group=Download
|
||||||
- homepage.name=Bazarr
|
- homepage.name=Bazarr
|
||||||
@ -152,7 +149,7 @@ services:
|
|||||||
- LOG_LEVEL=debug
|
- LOG_LEVEL=debug
|
||||||
- TZ=${TIMEZONE}
|
- TZ=${TIMEZONE}
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/jellyseerr:/app/config
|
- ${CONFIG_ROOT:-.}/jellyseerr:/app/config:Z
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test:
|
test:
|
||||||
@ -168,7 +165,7 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.jellyseerr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyseerr`))
|
- traefik.http.routers.jellyseerr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyseerr`))
|
||||||
- traefik.http.routers.jellyseerr.tls=true
|
- traefik.http.routers.jellyseerr.entrypoints=web
|
||||||
- traefik.http.services.jellyseerr.loadbalancer.server.port=5055
|
- traefik.http.services.jellyseerr.loadbalancer.server.port=5055
|
||||||
- traefik.http.routers.jellyseerr.middlewares=jellyseerr-stripprefix,jellyseerr-rewrite,jellyseerr-rewriteHeaders
|
- traefik.http.routers.jellyseerr.middlewares=jellyseerr-stripprefix,jellyseerr-rewrite,jellyseerr-rewriteHeaders
|
||||||
- traefik.http.middlewares.jellyseerr-stripprefix.stripPrefix.prefixes=/jellyseerr
|
- traefik.http.middlewares.jellyseerr-stripprefix.stripPrefix.prefixes=/jellyseerr
|
||||||
@ -233,7 +230,7 @@ services:
|
|||||||
- PGID=${GROUP_ID}
|
- PGID=${GROUP_ID}
|
||||||
- TZ=${TIMEZONE}
|
- TZ=${TIMEZONE}
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/prowlarr:/config
|
- ${CONFIG_ROOT:-.}/prowlarr:/config:Z
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "curl", "--fail", "http://127.0.0.1:9696/prowlarr/ping"]
|
test: ["CMD", "curl", "--fail", "http://127.0.0.1:9696/prowlarr/ping"]
|
||||||
@ -242,7 +239,7 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.prowlarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/prowlarr`))
|
- traefik.http.routers.prowlarr.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/prowlarr`))
|
||||||
- traefik.http.routers.prowlarr.tls=true
|
- traefik.http.routers.prowlarr.entrypoints=web
|
||||||
- traefik.http.services.prowlarr.loadbalancer.server.port=9696
|
- traefik.http.services.prowlarr.loadbalancer.server.port=9696
|
||||||
- homepage.group=Download
|
- homepage.group=Download
|
||||||
- homepage.name=Prowlarr
|
- homepage.name=Prowlarr
|
||||||
@ -265,7 +262,7 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.flaresolverr.rule=PathPrefix(`/flaresolverr`)
|
- traefik.http.routers.flaresolverr.rule=PathPrefix(`/flaresolverr`)
|
||||||
- traefik.http.routers.flaresolverr.tls=true
|
- traefik.http.routers.flaresolverr.entrypoints=web
|
||||||
- traefik.http.services.flaresolverr.loadbalancer.server.port=8191
|
- traefik.http.services.flaresolverr.loadbalancer.server.port=8191
|
||||||
profiles:
|
profiles:
|
||||||
- flaresolverr
|
- flaresolverr
|
||||||
@ -279,8 +276,8 @@ services:
|
|||||||
- WEBUI_PORT=8080
|
- WEBUI_PORT=8080
|
||||||
- DOCKER_MODS=ghcr.io/gabe565/linuxserver-mod-vuetorrent
|
- DOCKER_MODS=ghcr.io/gabe565/linuxserver-mod-vuetorrent
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/qbittorrent:/config
|
- ${CONFIG_ROOT:-.}/qbittorrent:/config:Z
|
||||||
- ${DOWNLOAD_ROOT}:/data/torrents
|
- ${DOWNLOAD_ROOT}:/data/torrents:Z
|
||||||
restart: always
|
restart: always
|
||||||
healthcheck:
|
healthcheck:
|
||||||
# Container may fail if the PIA's token expired, so mark as unhealthy when there is no internet connection
|
# Container may fail if the PIA's token expired, so mark as unhealthy when there is no internet connection
|
||||||
@ -292,7 +289,7 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.qbittorrent.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/qbittorrent`))
|
- traefik.http.routers.qbittorrent.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/qbittorrent`))
|
||||||
- traefik.http.routers.qbittorrent.tls=true
|
- traefik.http.routers.qbittorrent.entrypoints=web
|
||||||
- traefik.http.services.qbittorrent.loadbalancer.server.port=8080
|
- traefik.http.services.qbittorrent.loadbalancer.server.port=8080
|
||||||
- traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix
|
- traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix
|
||||||
# https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-552146296
|
# https://github.com/qbittorrent/qBittorrent/issues/5693#issuecomment-552146296
|
||||||
@ -316,7 +313,7 @@ services:
|
|||||||
image: ghcr.io/unpackerr/unpackerr:latest
|
image: ghcr.io/unpackerr/unpackerr:latest
|
||||||
container_name: unpackerr
|
container_name: unpackerr
|
||||||
volumes:
|
volumes:
|
||||||
- ${DOWNLOAD_ROOT}:/data/torrents
|
- ${DOWNLOAD_ROOT}:/data/torrents:Z
|
||||||
restart: always
|
restart: always
|
||||||
user: ${USER_ID}:${GROUP_ID}
|
user: ${USER_ID}:${GROUP_ID}
|
||||||
environment:
|
environment:
|
||||||
@ -335,13 +332,13 @@ services:
|
|||||||
- PGID=${GROUP_ID}
|
- PGID=${GROUP_ID}
|
||||||
- TZ=${TIMEZONE}
|
- TZ=${TIMEZONE}
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/sabnzbd:/config
|
- ${CONFIG_ROOT:-.}/sabnzbd:/config:Z
|
||||||
- ${DATA_ROOT}:/data
|
- ${DATA_ROOT}:/data:Z
|
||||||
restart: always
|
restart: always
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.sabnzbd.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sabnzbd`) || PathPrefix(`/sabnzbd`))
|
- traefik.http.routers.sabnzbd.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/sabnzbd`) || PathPrefix(`/sabnzbd`))
|
||||||
- traefik.http.routers.sabnzbd.tls=true
|
- traefik.http.routers.sabnzbd.entrypoints=web
|
||||||
- traefik.http.services.sabnzbd.loadbalancer.server.port=8080
|
- traefik.http.services.sabnzbd.loadbalancer.server.port=8080
|
||||||
- homepage.group=Download
|
- homepage.group=Download
|
||||||
- homepage.name=Sabnzbd
|
- homepage.name=Sabnzbd
|
||||||
@ -363,8 +360,8 @@ services:
|
|||||||
- TZ=${TIMEZONE}
|
- TZ=${TIMEZONE}
|
||||||
- JELLYFIN_PublishedServerUrl=${HOSTNAME}/jellyfin
|
- JELLYFIN_PublishedServerUrl=${HOSTNAME}/jellyfin
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/jellyfin:/config
|
- ${CONFIG_ROOT:-.}/jellyfin:/config:Z
|
||||||
- ${DATA_ROOT}:/data
|
- ${DATA_ROOT}:/data:Z
|
||||||
ports:
|
ports:
|
||||||
- "7359:7359/udp"
|
- "7359:7359/udp"
|
||||||
- "1900:1900/udp"
|
- "1900:1900/udp"
|
||||||
@ -376,7 +373,7 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.jellyfin.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyfin`))
|
- traefik.http.routers.jellyfin.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/jellyfin`))
|
||||||
- traefik.http.routers.jellyfin.tls=true
|
- traefik.http.routers.jellyfin.entrypoints=web
|
||||||
- traefik.http.services.jellyfin.loadbalancer.server.port=8096
|
- traefik.http.services.jellyfin.loadbalancer.server.port=8096
|
||||||
- homepage.group=Media
|
- homepage.group=Media
|
||||||
- homepage.name=Jellyfin
|
- homepage.name=Jellyfin
|
||||||
@ -397,8 +394,8 @@ services:
|
|||||||
- DOCKER_MODS=linuxserver/mods:universal-calibre
|
- DOCKER_MODS=linuxserver/mods:universal-calibre
|
||||||
- OAUTHLIB_RELAX_TOKEN_SCOPE=1
|
- OAUTHLIB_RELAX_TOKEN_SCOPE=1
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/calibre-web:/config
|
- ${CONFIG_ROOT:-.}/calibre-web:/config:Z
|
||||||
- ${DATA_ROOT}/books:/books
|
- ${DATA_ROOT}/books:/books:Z
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
@ -407,7 +404,7 @@ services:
|
|||||||
- traefik.http.middlewares.calibre-stripprefixregex.stripPrefixRegex.regex=/calibre
|
- traefik.http.middlewares.calibre-stripprefixregex.stripPrefixRegex.regex=/calibre
|
||||||
- traefik.http.routers.calibre.middlewares=calibre-headers,calibre-stripprefixregex
|
- traefik.http.routers.calibre.middlewares=calibre-headers,calibre-stripprefixregex
|
||||||
- traefik.http.routers.calibre.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/calibre`))
|
- traefik.http.routers.calibre.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/calibre`))
|
||||||
- traefik.http.routers.calibre.tls=true
|
- traefik.http.routers.calibre.entrypoints=web
|
||||||
- traefik.http.services.calibre.loadbalancer.server.port=8083
|
- traefik.http.services.calibre.loadbalancer.server.port=8083
|
||||||
- homepage.group=Media
|
- homepage.group=Media
|
||||||
- homepage.name=Calibre-Web
|
- homepage.name=Calibre-Web
|
||||||
@ -471,16 +468,16 @@ services:
|
|||||||
- HOMEPAGE_VAR_WEATHER_UNIT=${HOMEPAGE_VAR_WEATHER_UNIT}
|
- HOMEPAGE_VAR_WEATHER_UNIT=${HOMEPAGE_VAR_WEATHER_UNIT}
|
||||||
- HOMEPAGE_ALLOWED_HOSTS=${HOSTNAME}
|
- HOMEPAGE_ALLOWED_HOSTS=${HOSTNAME}
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/homepage:/app/config
|
- ${CONFIG_ROOT:-.}/homepage:/app/config:Z
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
- ${DATA_ROOT}:/data
|
- ${DATA_ROOT}:/data:Z
|
||||||
restart: always
|
restart: always
|
||||||
command:
|
command:
|
||||||
[sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"]
|
[sh, -c, "cp -n /app/config/tpl/*.yaml /app/config && node server.js"]
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.homepage.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/`))
|
- traefik.http.routers.homepage.rule=(Host(`${HOSTNAME}`) && PathPrefix(`/`))
|
||||||
- traefik.http.routers.homepage.tls=true
|
- traefik.http.routers.homepage.entrypoints=web
|
||||||
- traefik.http.services.homepage.loadbalancer.server.port=3000
|
- traefik.http.services.homepage.loadbalancer.server.port=3000
|
||||||
watchtower:
|
watchtower:
|
||||||
image: ghcr.io/containrrr/watchtower:latest
|
image: ghcr.io/containrrr/watchtower:latest
|
||||||
@ -507,11 +504,10 @@ services:
|
|||||||
TS_EXTRA_ARGS: "--advertise-tags=${TAILSCALE_TAGS:-tag:nas}" # Keep tags if desired
|
TS_EXTRA_ARGS: "--advertise-tags=${TAILSCALE_TAGS:-tag:nas}" # Keep tags if desired
|
||||||
TS_STATE_DIR: "/var/lib/tailscale"
|
TS_STATE_DIR: "/var/lib/tailscale"
|
||||||
TS_USERSPACE: "false"
|
TS_USERSPACE: "false"
|
||||||
# Define where Tailscale should forward traffic (to Traefik)
|
# Switch to enable Funnel (public access) or Serve (Tailnet only)
|
||||||
TAILSCALE_SERVE_TARGET_HTTP: "http://traefik:80"
|
ENABLE_FUNNEL_HTTPS: ${ENABLE_FUNNEL_HTTPS:-false}
|
||||||
TAILSCALE_SERVE_TARGET_HTTPS: "https://traefik:443" # Assumes Traefik handles TLS
|
|
||||||
volumes:
|
volumes:
|
||||||
- ${CONFIG_ROOT:-.}/tailscale/state:/var/lib/tailscale # Persist state
|
- ${CONFIG_ROOT:-.}/tailscale/state:/var/lib/tailscale:Z # Persist state
|
||||||
- /var/run/docker.sock:/var/run/docker.sock # Optional, keep if needed
|
- /var/run/docker.sock:/var/run/docker.sock # Optional, keep if needed
|
||||||
devices:
|
devices:
|
||||||
- /dev/net/tun:/dev/net/tun
|
- /dev/net/tun:/dev/net/tun
|
||||||
@ -541,13 +537,21 @@ services:
|
|||||||
done
|
done
|
||||||
echo " Tailscaled is running."
|
echo " Tailscaled is running."
|
||||||
|
|
||||||
# Use tailscale serve to proxy HTTP/HTTPS to Traefik
|
# --- Start Tailscale Funnel/Serve ---
|
||||||
echo "Setting up Tailscale serve: HTTPS -> $${TAILSCALE_SERVE_TARGET_HTTPS}, HTTP -> $${TAILSCALE_SERVE_TARGET_HTTP}"
|
# Check the ENABLE_FUNNEL_HTTPS variable
|
||||||
tailscale serve --bg https / $${TAILSCALE_SERVE_TARGET_HTTPS}
|
if [ "${ENABLE_FUNNEL_HTTPS}" = "true" ]; then
|
||||||
tailscale serve --bg http / $${TAILSCALE_SERVE_TARGET_HTTP}
|
echo "ENABLE_FUNNEL_HTTPS is true. Setting up Funnel: HTTPS -> http://traefik:80..."
|
||||||
|
tailscale funnel --bg https / http://traefik:80
|
||||||
|
echo "Tailscale Funnel configured."
|
||||||
|
else
|
||||||
|
echo "ENABLE_FUNNEL_HTTPS is false. Setting up Serve: HTTPS -> http://traefik:80..."
|
||||||
|
tailscale serve --bg https / http://traefik:80
|
||||||
|
echo "Tailscale Serve configured."
|
||||||
|
fi
|
||||||
|
# --- End Tailscale Funnel/Serve ---
|
||||||
|
|
||||||
echo "Tailscale serve configured to proxy to Traefik. Container will remain running."
|
echo "Tailscale forwarding configured. Container will remain running."
|
||||||
wait
|
wait # Wait indefinitely for background processes
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user