How does https://hello.ipn.dev/ know the user of the machine talking to it? Also is it possible to expose services instead of machines on tailscale? I think it would be nice for instance to expose a magic dns entry for every docker container I have running or something like that.
Have a look at tailscale/hello.go at main · tailscale/tailscale · GitHub.
In particular this API call to the local Tailscale daemon running on the hello node:
Regarding services, I coincidentally just discovered this new feature:
That was fast! The services panel just got soft-launched (ie. without any announcement) today.
Regarding exposing containerized services, we’re thinking of different ways to make that easier. Are all the services you want to expose http-based or are their non-http services too?
neat. Thanks for this information. I’ll check them out.
I was kind of thinking about setting up salt. I don’t think the salt minions talk to the salt master using http. I don’t know much about it though and am kind of just trying things out. I’m not sure if I’ll actually end up using it.
By the way in my post I was talking about exposing every docker container but I’m not sure about the details. There are lots of different service discovery tools and ways to expose the information. I kind of wonder what I was asking for would even look like.
Yeah, we’ve been a little cautious about adding specific support for containers so far, for that same reason: it’s not 100% clear what it should look like.
Done right, though, it could be really sweet. It seems natural to me that you should be able to run a bunch of containers on your tailscale network, give each one its own ACL tags etc, and then connect them to each other exactly as if they were all running on the same machine. The only catch is how exactly to make that happen