Hello there,
following this guide, I managed to reach pihole via tailscale.
Using this docker-compose.yaml file, I managed to access the docker app via VPN with the IP 172.21.0.2 and locally via 192.168.0.84:8081.
I created a subnetwork called apps (172.21.0.0/16) according to the guide 
Information about the current setup:
- Device: rspi 4, arm64v6, running 64-Bit Os.
- multiple services are running on docker.
- nginx reverse proxy is running on docker and have the following networks:
nginx_frontend (172.28.0.0/16)nginx_backend (172.27.0.0/16) - tailscale is NOT dockerized as in the guide.
In order to access my service via domain pihole.mydomain.com i managed to set up nginx as shown in this picture.
I then added nginx container to the apps network and I added the pihole to the nginx networks.
THE PROBLEM:
how to access the service via the domain form the VPN? What Subnet do I have to add to the nginx access list?