Tailscale services not working

Apps and Virtualization
, ,
1

Has anyone here tried Tailscale services already?

I have the community app installed and set up. I’ve used it with no issues for a while. This is how I have the app configured in terms of network configuration:

  • Logged in with auth key (as a tagged device)
  • Auth Once :white_check_mark:
  • Userspace :white_check_mark:
  • Advertise exit node :white_check_mark:
  • Host network :white_check_mark: (it doesn’t want to work without)

I was previously using Tailscale serve, but since it conflicts with Tailscale services I have removed it tailscale serve reset.

I have followd the guide in the docs and their official youtube video and done the following:

  • Defined a service via the tailscale admin console, listening on port 443
  • On the TrueNAS machine hosting the service, I’ve:
    • Logged into the shell of the tailscale app/container
    • Made sure my machine was connected to the tailnet tailscale status
    • Made sure I wasn’t serving anything tailscale serve status
    • Congifured/advertised the service with tailscale serve --service=svc:<service-name> --https=443 https+insecure://localhost:<service-port>
    • I get the expected message printed out, like:
This machine is configured as a service host for `svc:<service-name>`, but approval from an admin is required. Once approved, it will be available in your Tailnet as:

http://<service-name>.<tailnet-name>.ts.net:443/
|-- proxy http://127.0.0.1:<service-port>

Back on the admin console, I approve the host and it looks connected, but if I try to navigate to <service-name>.<tailnet-name>.ts.net I get a “Server not found error” on all my devices connected to the tailnet. In the Discovered tab on the services dashboard in the admin console I don’t see the endpoint either.

Has anyone had any success? Looking forward to your experiences!

2

In the end it was an access control issue. Make sure your user can access the service by setting svc: as a destination!

3

I use the machine name as shown in the Tailscale admin dashboard and have no issues with a Tailscale connection. It’s the easiest to remember of the ways Tailscale allows.

You also have to go into the admin dashboard and approve the connection - Edit Route I think it is.

4

Yes, that works flawlessly, but here I am referring to a new feature called “Tailscale services”, where you don’t use the machine name but instead define a service you host on your machine and point to that.

The feature is still in beta, though, and there are some bugs, but in the end I was able to connect to the service. The issue was that the user on the client device didn’t have the correct access rights

5

This “Tailcale services” is created by whom? Truenas or Tailscale or another party? I have never heard of it. What would be the advantage of it?

Never mind I found it on the Taiscale site. I will read more about it. I don’t think I have any use cases for it at this point but you never know.

6
7

Thanks. I had gone earlier over to my admin console and found the documentation but had an emergency call of “umm we have a problem. where did all the data (all 65,000 records) in the database go? I only deleted one record” So I had posted the quick edit of never mind I found it. I’ll read it when I get some time.