Tailscale app connector

README.md

@@ -84,6 +84,7 @@ ScaleTail provides ready-to-run [Docker Compose](https://docs.docker.com/compose
 | 🌐 **Rustdesk Server**     | RustDesk is an open source remote control alternative for self-hosting and security. | [Details](services/rustdesk-server)|
 | 🔒 **Technitium DNS**      | An open-source DNS server that can be used for self-hosted DNS services.        | [Details](services/technitium)          |
 | 🌐 **Traefik**             | A modern reverse proxy and load balancer for microservices.                     | [Details](services/traefik)             |
+| 🌐 **Tailscale App Connector Node** | Configure a device to act as a App connector node for your Tailscale network.   | [Details](services/tailscale-app-connector-node) |
 | 🚀 **Tailscale Exit Node** | Configure a device to act as an exit node for your Tailscale network.           | [Details](services/tailscale-exit-node) |
 | 🌐 **Tailscale Subnet Router Node** | Configure a device to act as a subnet router node for your Tailscale network.   | [Details](services/tailscale-subnet-router-node) |
 

services/tailscale-app-connector-node/.env

@@ -0,0 +1,22 @@
+#version=1.1
+#URL=https://github.com/tailscale-dev/ScaleTail
+#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure.
+
+# Service Configuration
+SERVICE=app-connector
+IMAGE_URL=tailscale/tailscale
+
+# Network Configuration
+SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable.
+DNS_SERVER=9.9.9.9
+
+# Tailscale Configuration
+TS_AUTHKEY=
+
+# Optional Service variables
+# PUID=1000
+
+#Time Zone setting for containers 
+TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+
+# Any Container environment variables are declared below. See https://docs.docker.com/compose/how-tos/environment-variables/

services/tailscale-app-connector-node/README.md

@@ -0,0 +1,16 @@
+# Tailscale App Connector Node Configuration
+
+This Docker Compose configuration sets up a Tailscale an App Connector Node, allowing devices in your Tailscale network to route their traffic securely through this node to internet services.
+
+## Tailscale App Connector Node
+
+App connectors let you route Tailscale network (known as a tailnet) traffic to your software as a service (SaaS), cloud, and self-hosted applications, letting users and devices on the tailnet access applications by domain names instead of IP addresses. You can also incorporate monitoring, optimization, security, and reliability into your app connector setup. [See the App Connector documents for more information:](https://tailscale.com/docs/features/app-connectors/how-to/setup)
+
+## Configuration Overview
+
+In this setup, the `tailscale` service runs a Tailscale container configures it as an App Connector Node.
+
+- **TS_AUTHKEY**: This environment variable in the .env file is where you insert your Tailscale authentication key.
+- **TS_EXTRA_ARGS**: The `--advertise-connector` flag is used to designate this container as a App Connector Node within your Tailscale network.
+- **Sysctls**: The system controls `net.ipv4.ip_forward` and `net.ipv6.conf.all.forwarding` are enabled to allow IP forwarding, which is necessary for routing traffic through the Exit Node.
+- **Network Mode**: The `bridge` network mode is used to create a virtual network interface for the container, enabling it to handle traffic routing.

services/tailscale-app-connector-node/compose.yaml

@@ -0,0 +1,36 @@
+services:
+# Make sure you have updated/checked the .env file with the correct variables. 
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  tailscale:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: tailscale-${SERVICE} # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_EXTRA_ARGS=--advertise-connector
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true              # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234       # The <addr>:<port> for the healthz endpoint
+      #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
+      - TS_AUTH_ONCE=true
+    volumes:
+      - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    dns:
+      - ${DNS_SERVER}
+    sysctls:
+      net.ipv4.ip_forward: 1
+      net.ipv6.conf.all.forwarding: 1
+    cap_add:
+      - net_admin # Tailscale requirement
+    network_mode: bridge
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always

services/tailscale-exit-node/.env

@@ -3,7 +3,7 @@
 #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure.
 
 # Service Configuration
-SERVICE=tailscale-exit-node
+SERVICE=exit-node
 IMAGE_URL=tailscale/tailscale
 
 # Network Configuration