- Clone this app locally
- Create an app
flyctl apps create my-unique-tailscale-router-app-name - Get a secret from the tailscale admin console: tailscale admin console > settings > keys >
generate auth key(you probably want to choose the reusable and ephemeral options) - Set the token you get as a secret
flyctl secrets set TAILSCALE_AUTHKEY=thekeyyougot -a my-unique-tailscale-router-app-name - Build this repo
docker build -t registry.fly.io/my-unique-tailscale-router-app-name:latest . - Push the image
docker push registry.fly.io/my-unique-tailscale-router-app-name:latest - Deploy a machine
flyctl m run registry.fly.io/my-unique-tailscale-router-app-name:latest -a my-unique-tailscale-router-app-name --cpus 1 --memory 256 - Follow steps
3and5of https://tailscale.com/kb/1019/subnets/ to enable subnets for the machine that got automatically configured - Enjoy
You can test if it's working by finding the IP address of your new Fly.io app and using dig:
# Get the IP address of your app:
flyctl m list -a my-unique-tailscale-router-app-name
# Use dig to test DNS queries the DNS proxy setup in this repository
dig @<your-app-ip-address-here> aaaa my-unique-tailscale-router-app-name.internalYou can enable split DNS in your Tailscale settings to automatically resolve *.internal addresses through the DNS proxy setup in your new Fly.io app.
Tailscale documentation for that is found here.
- Add a nameserver
- Use the IP address of your new Fly.io app
- Restrict to search domains, and use search domain
internal
Then addresses should resolve! Maybe use curl to make an HTTP request to one of your apps. Be sure to use the internal_port of your application:
curl http://some-fly-app.internal:8080