How to install Tailscale Relay on Docker

Preface

I’m using ZeroTier for long time to connect multiple devices in a private virtual network so I can connect to any of the devices from anywhere.
Can’t say that I’m not happy using it because it gets the job done.
But lately, I needed more than that, I wanted to get the capabilities of a VPN so I can route my date via different gateway and IP.

Instead of buying a VPN or installing one on a VPS, I decided go with the DIY way and self-host on my NAS an instance of WireGuard which is very popular VPN software these days.
The decision of WireGuard was made because hosting an OpenVPN server is annoying.
Tons of configuration need to be done in order to get it to work properly.

Not so fast…

My NAS is running TrueNAS with a VM of Alpine Linux and Docker running on it.
That was an issue because WireGuard needs to use the Linux Kernel and I couldn’t get it to work with Alpine.
So after more googling, I found about Tailscale which looks very similar to ZeroTier but does Layer 3 instead of Layer 2.
I also found that Tailscale is running WireGuard so I got 2 in 1.

Relay and Exit Node

Tailscale has two features that I really like, the first one is relay mode which also works in ZeroTier but needs to do some configuration on the router as shown here.
In relay mode you can access the subnets of the client so you don’t have to install Tailscale on every machine in the subnet.

The second feature is exit nodes, which allows the client to act as a VPN gateway.
You just configure your client to use the exit node you want and you have a connection through that node, it’s that easy.

Installing

After looking for Docker images of Tailscale (no official image yet) I found a few but the images were old and the instance of Tailscale didn’t have the Relay option which I wanted to use.
Then I found this repository on Github by hojulian with almost everything I needed.
In order to have all the features I had to fork it and update the version of Tailscale, you can find my fork here and the Docker Hub image here.
My fork already includes the latest version of Tailscale (currently 1.8.7) and I added the correct flags to enable the relay and exit node options.

All you need to do is to run the image in a new container and add the environment variables as stated in the readme on the Docker Hub page.
After you run the container, you can install Tailscale on any other device, login and choose the exit node you wish to use.
If you want to use the relay option, you would have to enable the subnets in the settings of the node.

As you can see, the first machine is the relay with the flags of subnets and exit node enabled.

It was pretty easy to setup.

73!

Small update:
someara brought to my attention that it is possible to have exit node on ZeroTier by settings  a managed router to 0.0.0.0 and use allowDefault on the clients.
Thanks for the tip!