Skip to content
OpenRelik Logo OpenRelik

Tailscale

This guide outlines the process of integrating your OpenRelik server with Tailscale, allowing secure access to your server from anywhere on your Tailscale network.

Reference: Official Tailscale guide for using Tailscale with Docker: https://tailscale.com/kb/1282/docker

Prerequisites:

  • An installed and functioning OpenRelik server.
  • A Tailscale account with administrative privileges.

Steps:

  1. Install OpenRelik: Follow the standard OpenRelik installation instructions to set up your server. Installation instructions

  2. Obtain your Tailscale Name: Identify your Tailscale network name, which usually follows the format yourname.ts.net.

  3. Generate a Tailscale AuthKey:

    • Log in to your Tailscale admin console at https://tailscale.com.
    • Navigate to Settings -> Personal settings -> Keys
    • Click “Generate auth key…”
    • Provide a descriptive name for your key (e.g., “OpenRelik”)
    • Enable the “Reusable” option to use the same key for both API and UI servers
    • Copy the generated key for later use

  4. Create Configuration Directories: In your OpenRelik directory, create the following directories:

    Terminal window
    tailscale-nginx-api/config
    tailscale-nginx-ui/config

  5. Configure Tailscale for OpenRelik API: Create the file tailscale-nginx-api/config/openrelik-api.json with the following content:

    {
      "TCP": {
        "443": {
          "HTTPS": true
        }
      },
      "Web": {
        "openrelik-api.yourname.ts.net:443": {
          "Handlers": {
            "/": {
              "Proxy": "http://127.0.0.1:8710"
            }
          }
        }
      }
    }

    Important: Replace yourname.ts.net with your actual Tailscale network name.

  6. Configure Tailscale for OpenRelik UI: Create the file tailscale-nginx-ui/config/openrelik-ui.json with the following content:

    {
      "TCP": {
        "443": {
          "HTTPS": true
        }
      },
      "Web": {
        "openrelik.yourname.ts.net:443": {
          "Handlers": {
            "/": {
              "Proxy": "http://127.0.0.1:8711"
            }
          }
        }
      }
    }

    Important: Replace yourname.ts.net with your actual Tailscale network name.

  7. Update docker-compose.yml: Add the following services to your docker-compose.yml file:

    tailscale-nginx-ui:
      container_name: openrelik-tailscale-nginx-ui
      image: tailscale/tailscale:latest
      hostname: openrelik
      environment:
        - TS_AUTHKEY=<AUTHKEY>
        - TS_SERVE_CONFIG=/config/openrelik-ui.json
        - TS_STATE_DIR=/var/lib/tailscale
      volumes:
        - ${PWD}/tailscale-nginx-ui/state:/var/lib/tailscale
        - ${PWD}/tailscale-nginx-ui/config:/config
        - /dev/net/tun:/dev/net/tun
      cap_add:
        - net_admin
        - sys_module
    

    tailscale-nginx-api:
      container_name: openrelik-tailscale-nginx-api
      image: tailscale/tailscale:latest
      hostname: openrelik-api
      environment:
        - TS_AUTHKEY=<AUTHKEY>
        - TS_SERVE_CONFIG=/config/openrelik-api.json
        - TS_STATE_DIR=/var/lib/tailscale
      volumes:
        - ${PWD}/tailscale-nginx-api/state:/var/lib/tailscale
        - ${PWD}/tailscale-nginx-api/config:/config
        - /dev/net/tun:/dev/net/tun
      cap_add:
        - net_admin
        - sys_module

    Important: Replace <AUTHLEY> with your AuthKey that you created in step 3.

  8. Modify Existing Services in docker-compose.yml: Adjust the openrelik-server and openrelik-ui services in your docker-compose.yml file as follows:

    openrelik-server:
      # ... (existing configuration) ...
      depends_on:
        - tailscale-nginx-api
      network_mode: service:tailscale-nginx-api
      command: uvicorn main:app --proxy-headers --forwarded-allow-ips '*' --workers 1 --host 0.0.0.0 --port 8710
    

    openrelik-ui:
      # ... (existing configuration) ...
      depends_on:
        - tailscale-nginx-ui
      network_mode: service:tailscale-nginx-ui

  9. Update config.env: In your OpenRelik directory, modify the config.env file:

    OPENRELIK_SERVER_URL=https://openrelik-api.yourname.ts.net

    Important: Replace yourname.ts.net with your actual Tailscale network name.

  10. Update settings.toml: In your OpenRelik directory, modify the config/settings.toml file:

    # ... (existing configuration) ...
    api_server_url = "https://openrelik-api.yourname.ts.net"
    ui_server_url = "https://openrelik.yourname.ts.net"
    allowed_origins = ["https://openrelik.yourname.ts.net"]

    Important: Replace yourname.ts.net with your actual Tailscale network name.

  11. Restart OpenRelik: Restart your OpenRelik server using docker-compose up -d to apply the changes.

Your OpenRelik server should now be accessible via your Tailscale network at the URLs you configured. You can access the UI by navigating to https://openrelik.yourname.ts.net from any device connected to your Tailscale network.