I have an nginx server running locally, and I want to serve that using funnel, but I can’t seem to get the right serve configuration correctly. I’m trying to just allow any connection to 443 on the node.
so you want funnel → nginx → website?
im not sure if you can run nginx and funnel both on port 443.
you could run nginx only on port 80 and let funnel do the https magic.
first generate a cert
tailscale cert yourhost.your.ts.net
than fire up the funnel
tailscale serve / proxy 80
that will funnel https://yourhost.your.ts.net:443 to http://127.0.0.1:80
for nginx you could do something like
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Thank you for the reply, I know I have the cert working because I am able to access nginx while in my tailnet via https. I will try something like only listening on 80 for nginx. But I can also allow tailscale to run the funnel on port 8443 or 10000 right? That wouldn’t conflict with nginx in that case.
yes, you can change the funnel port with
tailscale serve --serve-port 8443 / proxy 80
I will try this and report back. Thank you.
For all who find this result on google, I ended up proxying each path individually instead of using nginx. This seemed to solve my problem.
so you used a command like thiis
tailscale serve --serve-port 8443 / proxy 80
tailscale serve --serve-port 9000 / proxy 9000
tailscale serve --serve-port 6555/ proxy 65
That’s basically right. Except you have to do --serve-port 8443 /service1 proxy 80
etc. You can’t do the root path multiple times.
So I basically entered this command
/ # tailscale serve --serve-port 8443 /service1 proxy 8989
And when I check status
/ # tailscale serve status
https://[machinename].[tailnet].ts.net (Funnel on)
|-- / proxy http://127.0.0.1:40080https://[machinename].[tailnet].ts.net:8443 (tailnet only)
|-- /service1 proxy http://127.0.0.1:8989
The status shows its on tailnet only. The 40080 was set using
tailscale serve / proxy 40080
What can I do to get multi proxy via funnel? Basically multiple apps across different ports
I think you need to serve in independent paths. In your case, /
and /service1
aren’t independent.
Sorry, I am literally learning this on the fly Can you do a ELI5 for me on what you mean by they aren’t independent? and how can I potentially fix this?
No worries. When you serve /
on a port, any service you serve afterwards is a child of /
. So you would need to do /service1 proxy 8989
and /service2 proxy 9898
or something like that.
oh ok, I got it working to some extent. I removed all entries and issued 2 commands
tailscale serve /wetty proxy 2222
tailscale serve /sonarr proxy 8989
And then checked the status and it shows this
/ # tailscale serve status
https:/[machinename].[tailnet].ts.net (Funnel on)
|-- /wetty proxy http://127.0.0.1:2222
|-- /sonarr proxy http://127.0.0.1:8989
Issue is that now, when I try to access these by going to my tailnet (without tunnel being on), I cannot access it. This is the URL I am using
http://[machinename].[tailnet].ts.net/sonarr
http://[machinename].[tailnet].ts.net/wetty
If I remove these and just put the / serve with whatever port, I can access it with the URL
http://[machinename].[tailnet].ts.net
Am I doing it right? Or the URLs need to be different?
What port are you serving the funnel on? You probably need to specify https://[machinename].[tailnet].ts.net:8443/sonarr
if you’re serving the funnel on port 8443
for example. Do you have the appropriate certificates set up as well?
so as soon as I do it like
/ # tailscale serve --serve-port 8443 /wetty proxy 2222
then the serve status shows that the service is tailnet only and not funnel
I would recommend removing all serves, restarting the client, and trying again.
So I removed everything, even deleted the docker, its images and all AppData and reinstalled tailscale.
Then I ran the following commands
tailscale serve funnel on
tailscale serve --serve-port 443 funnel off
tailscale serve --serve-port 8443 funnel on
tailscale serve --serve-port 8443 /portainer proxy 9000
tailscale serve --serve-port 8443 /sonarr proxy 8989
tailscale serve --serve-port 8443 /wetty proxy 2222
And here is the status
/ # tailscale serve status
https://[machine name].[node name].ts.net:8443 (Funnel on)
|-- /wetty proxy http://127.0.0.1:2222
|-- /sonarr proxy http://127.0.0.1:8989
|-- /portainer proxy http://127.0.0.1:9000
but when I go to these URLs, I get the following errors - Not sure where am I going wrong now
https://[machine name].[node name].ts.net:8443/sonarr → Blank Page
https://[machine name].[node name].ts.net:8443/wetty → Cannot GET /wetty
https://[machine name].[node name].ts.net:8443/portainer → 404 page not found
I even tried in Incognito mode
Yes, its on and I ran the command below
tailscale cert [machine name].[node name].ts.net
At this point it really looks like you have everything setup correctly. Last thing I would try is a reboot of your machine.