Is it possible to run Tailscale both in Docker containers _and_ on the host?

I have a Linux machine that happily runs Tailscale and Docker.

I was thinking it would be nice to run Tailscale inside a Docker container, so that the container would get its own unique tailnet hostname, and I could access it without exposing ports on the host.

However, when I start up a Tailscale instance in Docker (compose file below), I see “duplicate node key” for that machine in the Tailscale admin console, and lose access to the host.

What’s the supported approach here?

Thanks!

  tailscale:
    image: tailscale/tailscale
    restart: unless-stopped
    hostname: vaultwarden
    privileged: true
    cap_add:
      - NET_ADMIN
    command:
      - tailscaled
    environment:
      - AUTHKEY=tskey-...
    volumes:
      - /var/lib:/var/lib
      - /dev/net/tun:/dev/net/tun

While I don’t use Docker, I do have containers (managed with systemd-nspawn) running Tailscale with their host also running Tailscale.

I suspect your issue is that you’ve mapped the host’s /var/lib directory into the container, so they are sharing the Tailscale state files. There’s no need to do that, you should create a specific directory for each container’s /var/lib that can be mapped into the respective containers.

Good catch! That’s what I get for blindly copy-pasting… :wink: