-
-
Save polds/2ffdbd1251a76b6c9287df809b26880f to your computer and use it in GitHub Desktop.
Tailscale reverse proxy test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# From https://tailscale.com/kb/1108/cloudrun/ | |
FROM alpine:latest as tailscale | |
WORKDIR /app | |
COPY . ./ | |
ENV TSFILE=tailscale_1.12.3_amd64.tgz | |
RUN wget https://pkgs.tailscale.com/stable/${TSFILE} && \ | |
tar xzf ${TSFILE} --strip-components=1 | |
COPY . ./ | |
FROM nginx:stable-alpine | |
RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/* | |
# Copy binary to production image | |
COPY --from=tailscale /app/tailscaled /app/tailscaled | |
COPY --from=tailscale /app/tailscale /app/tailscale | |
COPY start.sh /app/start.sh | |
COPY nginx.conf /etc/nginx/conf.d/default.conf | |
RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale | |
EXPOSE 80 | |
# Run on container startup. | |
RUN chmod +x /app/start.sh | |
CMD ["/app/start.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name myserver-fe; | |
location ~ ^/(healthz|debug/healthz) { | |
return 200 'ok'; | |
add_header Content-Type text/plain; | |
} | |
location / { | |
# Tailscale address, ideally I want 10.1.10.2 which is a BGP address fronted by a tailscale router. | |
# But this doesn't work either. | |
proxy_pass http://100.99.71.121:5000; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
/app/tailscaled --tun=userspace-networking --socks5-server=localhost:1055 & | |
until /app/tailscale up --authkey=${TAILSCALE_AUTH} --hostname=cloudrun-${HOSTNAME} --accept-routes | |
do | |
sleep 0.1 | |
done | |
echo Tailscale started | |
ALL_PROXY=socks5://localhost:1055/ nginx -g "daemon off;" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment