Running tailscale in a jail: trick was network_mode: host

I love the new jail functionality. So following the excellent tutorial by capt stux (see this youtube video on jailmaker on truenas scale), i created a stack for tailscale.

I tore my hair out for 30 minutes because I couldn’t access any of the ports on docker remotely via tailscale.

The simplest solution is to use Host Network. This is a checkbox in the app version of tailscale. With jlmkr, I’m using Dockge as recommended in the video. Here is the compose.yaml file I use with tailscale which has network_mode: host which enabled me to access all the ports from the tailscale docker host:

version: "3.8"
    restart: unless-stopped
    image: tailscale/tailscale:latest
    network_mode: host
      - TS_AUTHKEY=tskey-auth-kbW2JNQCXy11CNTRL-j64eZFwjwwea882aNDFL_sBEaicKDFYS
      - TS_ACCEPT_DNS=true # accept DNS
      - TS_HOSTNAME=docker
      - TS_STATE_DIR=/var/lib/tailscale # location in container for persistent data
      - /mnt/main/docker/data/tailscale:/var/lib/tailscale
networks: {}

(that’s not the real API key, don’t worry)

So now I can invite any of my trusted friends to my tailscale host to enable them to access my jailmaker apps on any port.