Tailscale reverse proxy test

Dockerfile

# From https://tailscale.com/kb/1108/cloudrun/
FROM alpine:latest as tailscale
WORKDIR /app
COPY . ./
ENV TSFILE=tailscale_1.12.3_amd64.tgz
RUN wget https://pkgs.tailscale.com/stable/${TSFILE} && \
  tar xzf ${TSFILE} --strip-components=1
COPY . ./

FROM nginx:stable-alpine
RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*

# Copy binary to production image
COPY --from=tailscale /app/tailscaled /app/tailscaled
COPY --from=tailscale /app/tailscale /app/tailscale
COPY start.sh /app/start.sh
COPY nginx.conf /etc/nginx/conf.d/default.conf

RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale

EXPOSE 80
# Run on container startup.
RUN chmod +x /app/start.sh
CMD ["/app/start.sh"]

nginx.conf

server {
    listen 80;
    server_name myserver-fe;
    location ~ ^/(healthz|debug/healthz) {
        return 200 'ok';
        add_header Content-Type text/plain;
    }
    location / {
        # Tailscale address, ideally I want 10.1.10.2 which is a BGP address fronted by a tailscale router.
        # But this doesn't work either.
        proxy_pass http://100.99.71.121:5000; 
    }
}

start.sh

#!/bin/sh

/app/tailscaled --tun=userspace-networking --socks5-server=localhost:1055 &
until /app/tailscale up --authkey=${TAILSCALE_AUTH} --hostname=cloudrun-${HOSTNAME} --accept-routes
do
    sleep 0.1
done
echo Tailscale started
ALL_PROXY=socks5://localhost:1055/ nginx -g "daemon off;"