This is barely tested software, I don't guarantee it works but please make an issue if you use it and find a bug. Pull requests are welcome.

This program is designed to expose services onto a tailscale network without needing root. Using the tsnet package provided by tailscale, we can listen on a port on a tailscale IP and then proxy the stream to a destination. The use-case for me was running this as a sidecar container in nomad to expose services onto my tailscale network, without needing root or routing.

Currently this only supports tcp because right now because that's all I care about. I may try to make UDP work in the future.

Docker image available:

docker pull ghcr.io/markpash/tailscale-sidecar:latest

To use this program, it needs to be executed with a few environment variables. They are as follows:

TS_AUTHKEY
TS_SIDECAR_STATEDIR
TS_SIDECAR_NAME
TS_SIDECAR_BINDINGS

TS_AUTHKEY is now enabled for this project. You can provide this variable with a key, consult the tailscale documentation to determine the appropriate key to use. The old TS_LOGIN method still works, but it's not advised and it's not very convenient either.

TS_SIDECAR_STATEDIR is the location where the persistent data for the sidecar will be stored. This is used to not need to re-authorise the instance. In a container setup, you'll want to have this persisted. The default path is ./tsstate.

TS_SIDECAR_NAME is the name that you wish this program to use to present itself to the tailscale servers, this is what you will see in your panel.

TS_SIDECAR_BINDINGS is the path to the bindings file, which should be a JSON file which has contents much like what's below. The default path for bindings is /etc/ts-sidecar/bindings.json.

Configuration should look like this:

[
    {
        "from": 80,
        "to": "127.0.0.1:8000"
    }
]

THIS IS NOT OFFICIALLY ENDORSED BY TAILSCALE.

I thought I should put that there just in case someone thought it may be a tailscale product. I'm also not responsible for any of the bad things that might happen as a result of using this software. It works for me but maybe not for you.