Assuming I have two services (A and B) running on the same host and some third service C (on the same host or elsewhere), can I use TailScale to allow A to connect to C while disallowing B->C? Also, if there’s a fourth service D, collocated with C, can we say that A can connect to C but not D (I think this is the TailScale services feature, but I’m hoping this forum can confirm). If it helps, we can assume I’m running everything on Linux.
Can we provide different "identities" to distinct services running on a single host?
I am running multiple services on a singel computer with different ‘identities’ for each server by running the services in a docker container with a separate tailscale instance per container.
This means that each service presents itself as a separate tailscale machine.
If you want to experiment with it you can take a look at the docker image I built for this. The explanation there also links to other options that could be a solution for you.
Oh, this is very interesting. I hadn’t considered this. I would like to avoid having to build my own App + TS Docker images if possible, but I’ll keep this idea in the back of my mind. Thanks for the tip!
Just as a side note: you don’t need to build an app if you already have a service running on the host. You can just start the tailscale-caddy container and configure it to expose the specific service port on a tailscale hostname of choice. Just fill in ‘<host_ip>:<service_port>’ in the
CADDY_TARGET parameter instead of a container name + port and you’re all set.
As a bonus you also get HTTPS certificates for the tailscale host/service with no extra effort.