Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/markpash/tailscale-sidecar
A TCP proxy used to expose services onto a tailscale network without root. Ideal for container environments.
https://github.com/markpash/tailscale-sidecar
sidecar tailscale tailscale-network
Last synced: about 2 months ago
JSON representation
A TCP proxy used to expose services onto a tailscale network without root. Ideal for container environments.
- Host: GitHub
- URL: https://github.com/markpash/tailscale-sidecar
- Owner: markpash
- License: mit
- Archived: true
- Created: 2021-06-12T01:21:28.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2022-04-10T13:11:19.000Z (over 2 years ago)
- Last Synced: 2024-08-02T15:48:01.885Z (5 months ago)
- Topics: sidecar, tailscale, tailscale-network
- Language: Go
- Homepage:
- Size: 249 KB
- Stars: 135
- Watchers: 4
- Forks: 10
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# tailscale-sidecar
[![checks](https://github.com/markpash/tailscale-sidecar/actions/workflows/checks.yml/badge.svg)](https://github.com/markpash/tailscale-sidecar/actions/workflows/checks.yml)
This program is designed to expose services onto a tailscale network without needing root. Using the `tsnet` package provided by tailscale, we can listen on a port on a tailscale IP and then proxy the stream to a destination. The use-case for me was running this as a sidecar container in nomad to expose services onto my tailscale network, without needing root or routing.
Currently this only supports tcp because right now because that's all I care about. I may try to make UDP work in the future.
Docker image available:
```bash
docker pull ghcr.io/markpash/tailscale-sidecar:latest
```Versions of this software track the versions of upstream tailscale. Any features added to this software will be released when the next version of tailscale is released.
## Usage
To use this program, it needs to be executed with a few environment variables. They are as follows:
```bash
TS_AUTHKEY
TS_SIDECAR_STATEDIR
TS_SIDECAR_NAME
TS_SIDECAR_BINDINGS
````TS_AUTHKEY` is now enabled for this project. You can provide this variable with a key, consult the tailscale documentation to determine the appropriate key to use. The old `TS_LOGIN` method still works, but it's not advised and it's not very convenient either.
`TS_SIDECAR_STATEDIR` is the location where the persistent data for the sidecar will be stored. This is used to not need to re-authorise the instance. In a container setup, you'll want to have this persisted. The default is `./tsstate`, which will result in Tailscale using `home/nonroot/tsstate` in the Docker container.
⚠ Tailscale will not use the specified state directory to store the TLS certificates. When using the Docker container, you should mount `home/nonroot/.local/share/tailscale`.
`TS_SIDECAR_NAME` is the name that you wish this program to use to present itself to the tailscale servers, this is what you will see in your panel.
`TS_SIDECAR_BINDINGS` is the path to the bindings file, which should be a JSON file which has contents much like what's below.
The default path for bindings is `/etc/ts-sidecar/bindings.json`.## Configuration
Configuration should look like this:
```json
[
{
"from": 443,
"to": "127.0.0.1:8000",
"tls": true
}
]
```## Disclaimer
THIS IS NOT OFFICIALLY ENDORSED BY TAILSCALE.
I thought I should put that there just in case someone thought it may be a tailscale product.
I'm also not responsible for any of the bad things that might happen as a result of using this software. It works for me but maybe not for you.