How to make Tailscale TLS cert provisioning working

I'm trying to get tailscale cert provisioning working for my docker containers. I read the tailscale page in the docs, but there's not a ton of information.

This is my docker-compose.yml for my traefik container:

  GNU nano 6.2                                                            docker-compose.yml                                                                     
services:

  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    restart: unless-stopped
    command:
      #- "--log.level=DEBUG"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/dynamic/"
      - "--providers.file.watch=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.tail.tailscale=true"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "./dynamic:/dynamic"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`fenrir.dhole-cloud.ts.net`) && Path(`/traefik`)"
      - "traefik.http.routers.dashboard.entrypoints=web"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=vibranium:$$apr1$$rjsLWUt8$$UfdY2iIczk3miB/cR2m4H."

When start the container it exits with code 1 and the following error message:

traefik  | 2022/10/28 04:39:08 command traefik error: failed to decode configuration from flags: field not found, node: tailscale
traefik exited with code 1

The documentation is too sparse for me to have any idea of what I'm doing wrong. And I seem to be the only one to even mention using Tailscale with Traefik outside the docs.

If anyone has any ideas I'd be grateful.

I've done a bit more research, and it seems that the Tailscale integration uses the Go tscert package which uses the tailscaled daemon running on your machine to get the TLS certs. So I assume if I was running Traefik outside of Docker it would be able to interface with the tailscale daemon running on my machine.

I briefly tried installing tailscale inside the Traefik docker container, but there were various issues and it seems to be more of a headache than it's worth.

Hello @insincereapology,

Thanks for your interest in Traefik,

traefik | 2022/10/28 04:39:08 command traefik error: failed to decode configuration from flags: field not found, node: tailscale

This error is raised because of a non-existing configuration property, in this case, tailscale. We merged the pull request into the master branch but the feature has not been released yet. To use it, you can build your own image or use the traefik/traefik:experimental one.

Does it fix the issue?

I briefly tried installing tailscale inside the Traefik docker container, but there were various issues and it seems to be more of a headache than it's worth.

Why not mounting the tailscale socket inside the container?

Hope this helps!

It did not occur to me at all to mount the tailscale socket, thank you.

I pulled the traefik/traefik:experimental-master image and the tailscale resolver works as expected. I didn't notice I was browsing the experimental docs and not the latest release.

Thanks!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.