Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Caddy on as reverse proxy to services on Tailscale network

This is my attempt to run a webapp python -m http.server 8000 --bind on my home machine (Mac mini) and serve it on the public Internet using Caddy as a reverse proxy to my local machine over encrypted mesh VPN (Tailscale)

  • Follow this article and set an ephemeral Tailscale key as a secret in Fly, using flyctl secrets set TAILSCALE_AUTHKEY="tskey-<key>"
  • Put all these files in a folder and run flyctl deploy
  • Make sure to modify the domain name and IP/port in Caddyfile. Since handles HTTPS certificates, we don't need Caddy to do this.

This is not currently working. When this app boots up, it never gets into a healthy state and the flyctl logs does not provide a helpful message.

log stdout
errors stdout
auto_https off {
FROM caddy:2-alpine as builder
COPY . ./
COPY ./Caddyfile /etc/caddy/Caddyfile
FROM alpine:latest as tailscale
COPY . ./
ENV TSFILE=tailscale_1.16.2_amd64.tgz
RUN wget${TSFILE} && tar xzf ${TSFILE} --strip-components=1
COPY . ./
FROM caddy:2-alpine
RUN apk update && apk add ca-certificates iptables ip6tables && rm -rf /var/cache/apk/*
# Copy binary to production image
COPY --from=builder /app/ /app/
COPY --from=builder /etc/caddy/Caddyfile /etc/caddy/Caddyfile
COPY --from=tailscale /app/tailscaled /app/tailscaled
COPY --from=tailscale /app/tailscale /app/tailscale
RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale
#caddy is running on 80
# Run on container startup.
CMD ["/app/"]
# fly.toml file generated for tailproxy on 2021-11-14T03:39:04Z
app = "tailproxy"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []
allowed_public_ports = []
auto_rollback = true
http_checks = []
internal_port = 80
processes = ["app"]
protocol = "tcp"
script_checks = []
hard_limit = 25
soft_limit = 20
type = "connections"
handlers = ["http"]
port = 80
handlers = ["tls", "http"]
port = 443
grace_period = "4s"
interval = "15s"
restart_limit = 0
timeout = "2s"
/app/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/var/run/tailscale/tailscaled.sock &
until /app/tailscale up --authkey=${TAILSCALE_AUTHKEY} --hostname=flyio
sleep 0.1
echo "tailscale has started ........... now reloading caddy"
# caddy reload
echo "caddy is up, now we wait for requests to come"
tail -f /dev/null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment