You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for helping expand these Tailscale sidecar examples. Keeping services aligned with the template makes it easier for users to migrate existing Compose stacks without breaking them.
4
+
5
+
## Adding a new service
6
+
7
+
1. Copy `templates/service-template` into `services/<service-name>` and rename the compose and README files accordingly.
8
+
2. Update `compose.yaml`:
9
+
- Keep the Tailscale container named `tailscale-<service>` and the app container named `app-<service>`.
10
+
- Set `IMAGE_URL`, `SERVICEPORT`, and any other app variables in `.env`; do not commit secrets or real auth keys.
11
+
- Leave `network_mode: service:tailscale` in place and keep `depends_on` using the Tailscale health check.
12
+
- Keep the `ports` section commented unless LAN exposure is required; explain why in the README if you expose anything.
13
+
- Adjust volumes to match the service, and pre-create bind-mount paths so Docker does not create root-owned folders. (optional)
14
+
- If the service needs devices (GPU, render, fuse, etc.) or extra capabilities, add them explicitly and mention them in the README. (optional)
15
+
3. Update `"Proxy":"http://127.0.0.1:80"` in `compose.yaml` with the app's actual internal port; it does not consume `.env` values automatically. Remove `TS_SERVE_CONFIG` if Serve/Funnel is not needed.
16
+
4. Fill in the service README using the template:
17
+
- Briefly describe the app and why Tailscale helps.
18
+
- List prerequisites (user in `docker` group, GPU/group membership, devices).
19
+
- Call out gotchas: initial admin setup, default credentials, path expectations, required group IDs, or config directory names that must change.
20
+
- Clarify MagicDNS/HTTPS steps (`TS_ACCEPT_DNS`), optional 0.0.0.0 port exposure, and any health checks.
21
+
- Link to upstream service docs and any official setup videos.
22
+
5. Sanity-check the stack with `docker compose config` from the service directory to catch typos and missing variables.
23
+
24
+
## Updating an existing service
25
+
26
+
- Keep the sidecar pattern intact (`network_mode: service:tailscale`, health checks, `depends_on`).
27
+
- Avoid removing existing volumes or changing container names unless the change is clearly documented in the README.
- Tailscale Docker sidecar guide and Serve/Funnel walkthroughs on the official [Tailscale YouTube channel](https://www.youtube.com/@Tailscale) pair well with these examples.
36
+
- The Tailscale [Docker guide](https://tailscale.com/blog/docker-tailscale-guide), [Serve docs](https://tailscale.com/kb/1242/tailscale-serve), and [Funnel docs](https://tailscale.com/kb/1223/funnel) cover the underlying features without duplicating content here.
-[Tailscale - for ARM / OpenPli Setupbox](documentation/tailscale-on-arm.md)
193
199
200
+
## Contributing
201
+
202
+
See `CONTRIBUTING.md` for guidance on adding services with the template, documenting gotchas, and keeping Tailscale-sidecar setups consistent.
203
+
194
204
## Star History
195
205
196
206
[](https://www.star-history.com/#2tiny2scale/scaletail&Date)
This Docker Compose configuration sets up [SERVICE](LINK TO PAGE OF MAINTAINER) with Tailscale as a sidecar container ......
3
+
This Docker Compose configuration sets up [SERVICE](LINK TO PAGE OF MAINTAINER) with Tailscale as a sidecar container to keep the app reachable over your Tailnet.
6
4
7
5
## SERVICE
8
6
9
-
[SERVICE](LINK TO PAGE OF MAINTAINER) information about service...
7
+
[SERVICE](LINK TO PAGE OF MAINTAINER) information about the service. Explain what the app does in 2-3 sentences and why someone would pair it with Tailscale.
10
8
11
9
## Configuration Overview
12
10
13
-
In this setup, the `tailscale-SERVICE` service runs Tailscale, which manages secure networking for the SERVICE. The `SERVICE` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This setup ensures that SERVICE's service is only accessible through the Tailscale network (or locally, if preferred), providing an extra layer of security and privacy for your SERVICE.
11
+
In this setup, the `tailscale-SERVICE` service runs Tailscale, which manages secure networking for SERVICE. The `SERVICE` service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports.
12
+
13
+
## What to document for users
14
+
15
+
- Prerequisites: note if the host user needs `docker` group membership, GPU/video/render groups, or any devices passed through.
16
+
- Volumes: list bind mounts that should be pre-created so Docker does not create root-owned directories; rename any conflicting config folders (for example, `ts-config`) if needed.
17
+
- MagicDNS/Serve: when to enable `TS_ACCEPT_DNS`, what to set for `TS_CERT_DOMAIN`, and which port should be in `serve.json` (it does not consume `.env` values automatically).
18
+
- Ports: explain whether the commented `0.0.0.0:${SERVICEPORT}:${SERVICEPORT}` mapping is necessary for this app or should stay removed for Tailnet-only access.
19
+
- Service-specific gotchas: initial admin setup, default credentials, path expectations, or other quirks to check before first launch.
20
+
- Links: include upstream docs for the service and any official setup guides or videos that help users understand the app.
14
21
15
22
## Files to check
16
23
17
24
Please check the following contents for validity as some variables need to be defined upfront.
18
25
19
-
-`.env` // This files hold the main parts
20
-
-`./config/serve.json` // This file requires a service port of the app to be defined
0 commit comments