Skip to content

Instantly share code, notes, and snippets.

Created November 14, 2021 18:30
What would you like to do?
Caddy on as reverse proxy to services on Tailscale network

This is my attempt to run a webapp python -m http.server 8000 --bind on my home machine (Mac mini) and serve it on the public Internet using Caddy as a reverse proxy to my local machine over encrypted mesh VPN (Tailscale)

  • Follow this article and set an ephemeral Tailscale key as a secret in Fly, using flyctl secrets set TAILSCALE_AUTHKEY="tskey-<key>"
  • Put all these files in a folder and run flyctl deploy
  • Make sure to modify the domain name and IP/port in Caddyfile. Since handles HTTPS certificates, we don't need Caddy to do this.

This is not currently working. When this app boots up, it never gets into a healthy state and the flyctl logs does not provide a helpful message.

log stdout
errors stdout
auto_https off {
FROM caddy:2-alpine as builder
COPY . ./
COPY ./Caddyfile /etc/caddy/Caddyfile
FROM alpine:latest as tailscale
COPY . ./
ENV TSFILE=tailscale_1.16.2_amd64.tgz
RUN wget${TSFILE} && tar xzf ${TSFILE} --strip-components=1
COPY . ./
FROM caddy:2-alpine
RUN apk update && apk add ca-certificates iptables ip6tables && rm -rf /var/cache/apk/*
# Copy binary to production image
COPY --from=builder /app/ /app/
COPY --from=builder /etc/caddy/Caddyfile /etc/caddy/Caddyfile
COPY --from=tailscale /app/tailscaled /app/tailscaled
COPY --from=tailscale /app/tailscale /app/tailscale
RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale
#caddy is running on 80
# Run on container startup.
CMD ["/app/"]
# fly.toml file generated for tailproxy on 2021-11-14T03:39:04Z
app = "tailproxy"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []
allowed_public_ports = []
auto_rollback = true
http_checks = []
internal_port = 80
processes = ["app"]
protocol = "tcp"
script_checks = []
hard_limit = 25
soft_limit = 20
type = "connections"
handlers = ["http"]
port = 80
handlers = ["tls", "http"]
port = 443
grace_period = "4s"
interval = "15s"
restart_limit = 0
timeout = "2s"
/app/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/var/run/tailscale/tailscaled.sock &
until /app/tailscale up --authkey=${TAILSCALE_AUTHKEY} --hostname=flyio
sleep 0.1
echo "tailscale has started ........... now reloading caddy"
# caddy reload
echo "caddy is up, now we wait for requests to come"
tail -f /dev/null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment