Create exit node on

I’m trying to create a Tailscale exit node on to be used as VPN. It is quite similar to Unfortunately, I can’t figure out how to do it.

It looks like can deploy Docker containers: Dockerfiles | Railway Docs

Though the Tailscale on guide would be a good place to start, one thing unusual about Fly is that they provide a /dev/net/tun device. Most serverless cloud providers don’t. Being able to use TUN is awesome because it means that any application using sockets can work, but it is quite possible that is like other platforms in not providing it.

The alternate way to run tailscaled is userspace networking, which doesn’t need a /dev/net/tun device. A number of the other serverless platform docs show examples of operating this way:

Thanks for the info! Unfortunately, userspace networking seems to only allow connecting an app to an existing network, not creating an exit node, as shown in the last line:

ALL_PROXY=socks5://localhost:1055/ /app/my-app

I believe that this proxies the app at /app/my-app.

How could I modify this to allow creating an exit node?

If you don’t have an app to run you can use sleep infinity at the bottom of the bootstrap script. You can also add --advertise-exit-node to the tailscale up invocation.


mkdir -p /tmp/tailscale
/var/runtime/tailscaled --tun=userspace-networking &
until /var/runtime/tailscale up --authkey=${TAILSCALE_AUTHKEY} --hostname=railway-app --advertise-exit-node
    sleep 0.1
sleep infinity

Thanks! This seems to work now.

Unfortunately, even though the tailscale dashboard shows both my computer and the railway app as connected, I am unable to connect to the railway app from my macOS computer. I’ve restarted tailscale a few times, and re-logged in a few times to tailscale, but that doesn’t do anything. I’m not sure if this is a completely unrelated bug or not. Here is an image (there is a restriction peventing new users from uploading more than 1 image, so i put the two of them into one):

The exclamation point next to the “Exit Node” in the machine list means it needs to be approved.

Oh. Thanks you so much! It’s working great now!

Hi! When i try to build the dockerfile for the railway app i get “failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: “/app/”: permission denied: unknown” I cant seem to figure out why its happening?

Try doing chmod +x /app/ It seems like you do not have the correct permissions for that file.

I’ve successfully deployed it (thanks) but its telling me that /var/runtime/tailscale isn’t available and when i change the Dockerfile to /var/run/tailscale it gives me a permission denied.

No worries, i managed to fix it and get it working! Thanks.