Is it possible to run Tailscale both in Docker containers _and_ on the host?

md_1 · August 28, 2022, 1:51pm

I have a Linux machine that happily runs Tailscale and Docker.

I was thinking it would be nice to run Tailscale inside a Docker container, so that the container would get its own unique tailnet hostname, and I could access it without exposing ports on the host.

However, when I start up a Tailscale instance in Docker (compose file below), I see “duplicate node key” for that machine in the Tailscale admin console, and lose access to the host.

What’s the supported approach here?

Thanks!

  tailscale:
    image: tailscale/tailscale
    restart: unless-stopped
    hostname: vaultwarden
    privileged: true
    cap_add:
      - NET_ADMIN
    command:
      - tailscaled
    environment:
      - AUTHKEY=tskey-...
    volumes:
      - /var/lib:/var/lib
      - /dev/net/tun:/dev/net/tun

kpfleming · August 28, 2022, 2:15pm

While I don’t use Docker, I do have containers (managed with systemd-nspawn) running Tailscale with their host also running Tailscale.

I suspect your issue is that you’ve mapped the host’s /var/lib directory into the container, so they are sharing the Tailscale state files. There’s no need to do that, you should create a specific directory for each container’s /var/lib that can be mapped into the respective containers.

md_1 · August 29, 2022, 8:23am

Good catch! That’s what I get for blindly copy-pasting…

Topic		Replies	Views
Tailscale running on host machine, but I can't access docker containers from it	0	1591	December 13, 2022
Forwarding tailscale ssh to host OS	0	542	August 31, 2022
I built a docker container!	0	867	August 28, 2021
Tailscale running in a container, cannot use as an exit node Linux	8	14508	April 25, 2023
Can we provide different "identities" to distinct services running on a single host? SUPPORT QUESTIONS	3	420	February 20, 2023

Is it possible to run Tailscale both in Docker containers _and_ on the host?

Related topics