FR: funnel a website first time with tailscale nginx and certbot containers #15336
Description
What are you trying to do?
i have managed to publish a website through my tailnet using docker with nginx and certbot but it was EXTREMELY difficult
(i have a pihole and unbound that handle DNS also mullvadvpn add on)
https://zaklambo.eel-turtle.ts.net/
in short i managed to do it but the results are not reproduceable. it takes hours of sorting through logs each time and making ajustments
do you have an alternative method of self hosting my own website via tailscale?
ive figured certbot needs a delay start and nginx needs an external 'volume' so it can start with the correct default.conf
ive been trying for days to make it work first time
getting nginx and tailscale to talk to each other was hard
realising certbot cannot be network: tailscale because of port:80 issues was a problem
my funnel command
tailscale funnel --bg --https=443 http://127.0.0.1:8080
my docker compose looked something like this
services:
tailscale:
hostname: ${WEBSITE_NAME}
image: tailscale/tailscale
container_name: ${WEBSITE_NAME}-tailscale
volumes:
- tailscale:/var/lib/tailscale
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
- SYS_MODULE
command: "tailscaled"
webserver:
image: nginx:latest
container_name: ${WEBSITE_NAME}-nginx
network_mode: service:tailscale
environment:
TZ: Europe/London
restart: always
volumes:
- /share/CACHEDEV1_DATA/Web/${WEBSITE_NAME}:/usr/share/nginx/html:ro
- nginx-conf:/etc/nginx/conf.d/:ro
- certbot-www:/var/www/certbot/:rw
- certbot-conf:/etc/letsencrypt/:ro
depends_on:
- tailscale
certbot:
container_name: ${WEBSITE_NAME}-certbot
image: certbot/certbot:latest
volumes:
- certbot-conf:/etc/letsencrypt/:rw
- certbot-www:/var/www/certbot/:rw
environment:
- DISABLE_IPV6=true
entrypoint: "/bin/sh -c 'sleep 60 && certbot certonly --webroot --webroot-path=/var/www/certbot --agree-tos --non-interactive -d ${WEBSITE_NAME}.${TAILNET_NAME} && trap exit TERM; while :; do certbot renew; sleep 12h; done'"
restart: unless-stopped
volumes:
tailscale:
nginx-conf:
certbot-www:
certbot-conf:
nginx default.conf may of been this i had to alter a few times
server {
listen 0.0.0.0:8080;
server_name letsgonuggets.eel-turtle.ts.net; # e.g., new-site.tail&ab43d4.ts.net
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
How should we solve this?
make an easily reproduceable way to publish websites through funnel and serve with certbot validation
What is the impact of not solving this?
hours upon hours of work
Anything else?
No response