Tailscale Serve in docker compose

Define serve config:

// serve-config.json
{
  "TCP": {
    "443": {
      "HTTPS": true
    }
  },
  "Web": {
    "${TS_CERT_DOMAIN}:443": {
      "Handlers": {
        "/": {
          "Proxy": "http://127.0.0.1:8000"
        }
      }
    }
  }//, uncomment to enable funnel
  // "AllowFunnel": {
  //   "${TS_CERT_DOMAIN}:443": true
  // }
}

tip Domain Name

Tailscale will automagically replace ${TS_CERT_DOMAIN} with the appropriate hostname.tailnet-name.ts.net so you don’t have to hardcode hostnames in your configs. Neat!

Create deployment:

services:
  ts-cyberchef:
    image: tailscale/tailscale:latest 
    container_name: ts-cyberchef
    restart: unless-stopped
    environment:
      TS_AUTHKEY: ${TS_AUTHKEY:?err}
      TS_HOSTNAME: cyberchef
      TS_EXTRA_ARGS: ""
      TS_STATE_DIR: /var/lib/tailscale/
      TS_SERVE_CONFIG: /config/serve-config.json 
    volumes:
      - ./ts_data:/var/lib/tailscale/
      - ./serve-config.json:/config/serve-config.json 
 
  cyberchef:
    container_name: cyberchef
    image: mpepping/cyberchef:latest
    restart: unless-stopped
    network_mode: service:ts-cyberchef

tip Authentication Key

You must set $TS_AUTHKEY to a pre-auth key. Generate one here.

---

See also:

• Cloudflared in docker compose