[QUESTION] Use Tailscale VPN

[schancksb]

Question

Hey there,
I was wondering if there is a way to use Tailscale VPN to access the services with their alternative IP addresses, since Tailscale it's based in WireGuard as far as I know.
Thanks in advance
Best regards

Category

Configuration

Please tick the boxes

• You are using a supported version of Dashy (check the first two digits of the version number)
• You've checked that this question hasn't already been raised
• You've checked the docs and troubleshooting guide
• You agree to the code of conduct

[liss-bot]

Welcome to Dashy 👋
It's great to have you here, but unfortunately your ticket has been closed to prevent spam. Before reopening this issue, please ensure the following criteria are met.

Issues are sometimes closed when users:

• Have only recently joined GitHub
• Have not yet stared this repository
• Have not previously interacted with the repo

Before you reopen this issue, please also ensure that:

• You have checked that a similar issue does not already exist
• You have checked the documentation for an existing solution
• You have completed the relevant sections in the Issue template

Once you have verified the above standards are met, you may reopen this issue. Sorry for any inconvenience caused, I'm just a bot, and sometimes make mistakes 🤖

[Lissy93]

Hiya @seba5496 Thanks for your question, but I'm not sure I fully understand. What part of the app isn't working through Tailscale? I'm just using plain old WireGuard + ZeroTeir on my setup, and hadn't noticed any issues. So if you could share some more details about your config and explain the question further, that'd be helpful :)

[EVOTk]

Tailscale is an intermediary, the Wireguard server is not at your place, but at Tailscale. Not sure it works.

[schancksb]

I'm trying to connect to my services from outside my home, but through Dashy, so I was wondering if there is a relatively simple way to use those IPs (Tailscale's) when I'm connected to Dashy through Tailscale VPN, or if there is a way to add secondary/alternative IPs for all my services without exposing them directly to the internet, so I can access them directly from Dashy.
I don't if I expressed myself correctly haha

[Lissy93]

Thanks for explaining, I think I understand now.
I could in the future add an option for secondary URLs, although I'm not sure how you'd switch between primary and secondary links intuitively, or if it's something that would be useful to many users.
In your instance, would a better approach be to keep your dashboard behind the VPN too, then all service IPs will be the same and nice n secure behind your firewall, or would that not work in your situation?

[schancksb]

Thanks for explaining, I think I understand now.
I could in the future add an option for secondary URLs, although I'm not sure how you'd switch between primary and secondary links intuitively, or if it's something that would be useful to many users.
In your instance, would a better approach be to keep your dashboard behind the VPN too, then all service IPs will be the same and nice n secure behind your firewall, or would that not work in your situation?

The issue with that would be, that it would always need an internet connection to work, and there are times at home that I lose access to the internet and that would mean that all links are unavailable. Perhaps this feature could be integrated with the check if a given service is online or not, letting me choose the link (?) or using the first link that is available.
I’m pretty sure that there is a simple solution I’m not seeing, maybe with another tool to use in conjunction with Dashy. I’ll keep exploring for now.
Thanks again

[Lissy93]

Ah thanks for explaining, that makes sense now. And I now see how it could be very useful to use a secondary URL when the primary one is unavailable. I'll add it to the todo list, but right now am working on widget support, so it this likely won't be implemented for a while. In the meantime, if you find a service that solves that problem, do let me know here, as I would also be interested in this :)

[Lissy93]

Looking into this further, and I think you could actually do this just with NGINX (presuming you're already using it as a reverse proxy). One option could e by creating a @fallback to that will resolve to the secondary service when the primary endpoint is unavailable. If you're using NGINX Proxy Manager, then this can also be incorporated into it with a custom config. Possibly something like:

server {
    location / {
        proxy_pass http://primary-instance;
        error_page 404 500 502 503 504 = @fallback;
    }

    location @fallback {
        proxy_pass http://secondary-instance;
    }
}

I think this can also be done better with proxy_next_upstream, where you assign different weights to each endpoint (primary, secondary or even tertiary if needed), and NGINX will use the first available service with the highest weight.

I'm not too strong with NGINX, so if someone knows a better method, that would be awesome. Or maybe there's an entirely different approach, for non-NGINX setups.

[Lissy93]

Am closing this issue for now, since the best approach is going be to implement it server-side, independently of Dashy.
But I have added the option for secondary/ backup URLs to the backlog, and I will update you here if/ when implemented.
In the meantime, feel free to update this ticket if you have any more ideas around this topic.
Thanks :)

[dacagi]

I know this is very old and I don't have a solution but maybe my workaround helps someone. I also use Tailscale and need to access services with a different IP when outside than on my home LAN.

I ended spinning up a second docker container with the same config, except in this one I swapped the IPs/hostnames accordingly for Tailscale's. Now when I'm at home I use one, when outside I reach the other. Lastly, I can sync the config files to always have the same settings but sed the urls which are the only changes.

It also works with another page inside a single Dashy instance, but if you don't mind the extra RAM usage I think it's best for security to have two separate. You may want to only allow certain services from TS or arrange them differently to ease access from a phone, like my case.