Hi, I'm a new user to Traefik. I'm currently using v3.0.0-rc.5, as my understanding is that only v3 supports Tailscale as a TLS resolver.
I'm running on Synology, and as part of that, tailscale does not have a socket file at /var/run/tailscale/tailscaled.sock, but instead at /@appdata/Tailscale/tailscaled.sock in my case.
as such, I get an error of:
ERR Unable to fetch certificate for domain "traefik-dashboard.[redacted].ts.net" error="Get \"http://local-tailscaled.sock/localapi/v0/cert/traefik-dashboard.[redacted].ts.net?type=pair\": dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory" providerName=myresolver.tailscale
when running my traefik server.
I'm wondering how I can tell Traefik where my Tailscale socket actually is in the configuration, by specifying the /@appdata/Tailscale/tailscaled.sock path.
Thanks!
Based on tscert/internal/paths/paths.go at 28a91b69a0467442178b62e2cfb9ab272ed3b64c · tailscale/tscert · GitHub I thought I could set the TS_SOCKET env in my docker-compose.yml, but it didn't seem to change anything in the way Traefik uses the tailscaled socket 
Did I do this wrong somehow in my docker-compose.yml?
version: '3'
services:
traefik:
environment:
- TS_SOCKET="/@appdata/Tailscale/tailscaled.sock"
Share your full Traefik static and dynamic config, and docker-compose.yml if used.
I'm not sure why that will help, but here you go:
traefik.yml:
api:
dashboard: true
debug: true
entryPoints:
web:
address: ":81"
websecure:
address: ":8080"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
myresolver:
tailscale: {}
docker-compose.yml:
version: '3'
services:
traefik:
image: traefik:v3.0.0-rc5
restart: unless-stopped
ports:
- 81:80
- 8080:8080
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
environment:
- TS_SOCKET="/@appdata/Tailscale/tailscaled.sock" # doesn't work right now :(
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=web"
- "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.example.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=myresolver"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=traefik-dashboard.[REDACTED].ts.net"
- "traefik.http.routers.traefik-secure.service=api@internal"
# we create a custom proxy network so that other containers can use us
networks:
proxy:
external: true
For reference: official doc