ssl certificates for tailscale nodes with nginx proxy #58
giscus[bot]
bot
Replies: 4 comments 3 replies
-
|
Hello, KD this will not work right if my Nginx server is not on the same network as the tailscale? Say my nginx is on network 10.6.20.25/24 and my tailscale instance is on 10.6.80.150. |
Beta Was this translation helpful? Give feedback.
-
|
Nginx server should be on the same node as tailscale is running but service can be on the any network but your acl/vlan policy should allow access from another network. If your service is running on 10.6.20.25 at port 3000 (http://10.60.20.25:3000), you can proxy that service through nginx. No issue. In my homelab, one service is running at 10.20.30.5:3000, it is accessible from 10.20.20.1/24, 192.168.0.1/24. So nginx running in a node on 10.20.20.138 is able to proxy it. |
Beta Was this translation helpful? Give feedback.
-
|
Ok, I'm really new to all of this and most of everything is always over my head. Lol. So, I have Nginx on network 10.6.15.20 and I also have tailscale installed on that same network. But all my apps/service run on either 10.6.80.120/24 or 10.6.80.110/24, so I need to figure out how to get thos proxies via my nginx on 10.6.15.20 and I guess I need to figure out acls for that same network on tailscale. Like I said I'm very new to this and a hobbyist. I tried setting up tls on each tailsale node but they all still say not secure but a tls cet was issued to each using the tailscale cert command. I'm just lost. Lol
--
Secured with Tuta Mail:
https://tuta.com/free-email
Jan 2, 2025, 14:39 by ***@***.***:
…
Nginx server should be on the same node as tailscale is running but service can be on the any network but your acl/vlan policy should allow access from another network. If your service is running on 10.6.20.25 at port 3000 (> http://10.60.20.25:3000> ), you can proxy that service through nginx. No issue.
In my homelab, one service is running at 10.20.30.5:3000, it is accessible from 10.20.20.1/24, 192.168.0.1/24. So nginx running in a node on 10.20.20.138 is able to proxy it.
—
Reply to this email directly, > view it on GitHub <#58 (reply in thread)>> , or > unsubscribe <https://github.com/notifications/unsubscribe-auth/BNW5SUGFAZDVN6VOBYQC7ZL2ITNIRAVCNFSM6AAAAABUPMP7WOVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCNZRGQZDQMA>> .
You are receiving this because you commented.> Message ID: > <kdpuvvadi/blog/repo-discussions/58/comments/11714280> @> github> .> com>
|
Beta Was this translation helpful? Give feedback.
-
|
Hay @darkorca112903, you got it working or do you need help with that? |
Beta Was this translation helpful? Give feedback.
-
|
I got it working thank you so very much for the offer of help very very much appreciated.
--
Secured with Tuta Mail:
https://tuta.com/free-email
Jan 4, 2025, 13:10 by ***@***.***:
…
Hay > @darkorca112903 <https://github.com/darkorca112903>> , you got it working or do you need help with that?
—
Reply to this email directly, > view it on GitHub <#58 (reply in thread)>> , or > unsubscribe <https://github.com/notifications/unsubscribe-auth/BNW5SUDHSDENIPYIYEPIRLT2I5UNXAVCNFSM6AAAAABUPMP7WOVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCNZTGEZTGNA>> .
You are receiving this because you were mentioned.> Message ID: > <kdpuvvadi/blog/repo-discussions/58/comments/11731334> @> github> .> com>
|
Beta Was this translation helpful? Give feedback.
-
|
Glad it got worked out. But if you own a domain and you have bunch of services running in your home lab, i would suggest traefik. shared my config in one post here https://blog.puvvadi.me/posts/selfhost-paswword-manager-vaultwarden-traefik/ and full config can be found at kdpuvvadi/homelab |
Beta Was this translation helpful? Give feedback.
-
|
I don't have many service only 7 so far. I wanted to try traefik and caddy but traefik seems to put me off cause of all the labels and middleware and like I said I have no clue about most of any of that stuff. I'm slowly trying to learn it all.
--
Secured with Tuta Mail:
https://tuta.com/free-email
Jan 6, 2025, 12:29 by ***@***.***:
…
Glad it got worked out. But if you own a domain and you have bunch of services running in your home lab, i would suggest traefik. shared my config in one post here > https://blog.puvvadi.me/posts/selfhost-paswword-manager-vaultwarden-traefik/> and full config can be found at > kdpuvvadi/homelab <https://github.com/kdpuvvadi/homelab>
—
Reply to this email directly, > view it on GitHub <#58 (reply in thread)>> , or > unsubscribe <https://github.com/notifications/unsubscribe-auth/BNW5SUDHAXWVUCV2R73PVVT2JIBCTAVCNFSM6AAAAABUPMP7WOVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTCNZUGQZTCMI>> .
You are receiving this because you were mentioned.> Message ID: > <kdpuvvadi/blog/repo-discussions/58/comments/11744311> @> github> .> com>
|
Beta Was this translation helpful? Give feedback.
-
ssl certificates for tailscale nodes with nginx proxy
Provision ssl/tls certificates for your applications with tailscale.
https://blog.puvvadi.me/posts/ssl-certificates-for-tailscale-nodes-with-nginx-proxy/
Beta Was this translation helpful? Give feedback.
All reactions