Can we provide different "identities" to distinct services running on a single host?

Assuming I have two services (A and B) running on the same host and some third service C (on the same host or elsewhere), can I use TailScale to allow A to connect to C while disallowing B->C? Also, if there’s a fourth service D, collocated with C, can we say that A can connect to C but not D (I think this is the TailScale services feature, but I’m hoping this forum can confirm). If it helps, we can assume I’m running everything on Linux.

Hey @weberc2,

I am running multiple services on a singel computer with different ‘identities’ for each server by running the services in a docker container with a separate tailscale instance per container.

This means that each service presents itself as a separate tailscale machine.

If you want to experiment with it you can take a look at the docker image I built for this. The explanation there also links to other options that could be a solution for you.

Best regards,

Oh, this is very interesting. I hadn’t considered this. I would like to avoid having to build my own App + TS Docker images if possible, but I’ll keep this idea in the back of my mind. Thanks for the tip! :+1:


Just as a side note: you don’t need to build an app if you already have a service running on the host. You can just start the tailscale-caddy container and configure it to expose the specific service port on a tailscale hostname of choice. Just fill in ‘<host_ip>:<service_port>’ in the CADDY_TARGET parameter instead of a container name + port and you’re all set.

As a bonus you also get HTTPS certificates for the tailscale host/service with no extra effort.

1 Like