Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom tailscale socket path #10663

Open
2 tasks done
OverHash opened this issue Apr 28, 2024 · 5 comments
Open
2 tasks done

Support custom tailscale socket path #10663

OverHash opened this issue Apr 28, 2024 · 5 comments
Assignees
@emilevauge
Labels
contributor/wanted Participation from an external contributor is highly requested kind/bug/confirmed a confirmed bug (reproducible).

Comments

@OverHash
Copy link

OverHash commented Apr 28, 2024
edited

Welcome!

  • Yes, I've searched similar issues on GitHub and didn't find any.
  • Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What did you expect to see?

Currently Traefik does not support setting a custom socket path to the tailscaled process.

On Unix systems, Traefik will assume that the path is at /var/run/tailscale/tailscaled.sock (see https://github.com/tailscale/tscert/blob/28a91b69a0467442178b62e2cfb9ab272ed3b64c/internal/paths/paths.go#L35-L37).

Some systems don't have the socket path at this location, and so it is necessary to specify a custom path to the socket.

tscert supports using the TS_SOCKET env variable to specify this location, but this does not currently work with traefik v3 / traefik master.
@kevinpollet kevinpollet added kind/bug/confirmed a confirmed bug (reproducible). contributor/wanted Participation from an external contributor is highly requested and removed status/0-needs-triage labels Apr 29, 2024
@kevinpollet kevinpollet self-assigned this Apr 29, 2024
@kevinpollet kevinpollet mentioned this issue Apr 29, 2024
Merged
2 tasks
@kevinpollet
Copy link
Member

kevinpollet commented Apr 29, 2024
edited

Hello @OverHash, we opened #10668, could you test it to confirm it fixes the issue?

@kevinpollet kevinpollet removed their assignment Apr 29, 2024
@OverHash
Copy link
Author

Will test it out today!

@OverHash
Copy link
Author

OverHash commented Apr 29, 2024
edited

@kevinpollet can confirm that Traefik now refers to the correct socket path.

Doesn't fix my issue, unfortunately (for some reason the file is not recognized), but this is an improvement nonetheless.

Thanks for the swift work!

My issue is specifically in Docker logs:

router-traefik-1  | 2024-04-29T22:32:48Z ERR Unable to fetch certificate for domain "traefik-dashboard.[REDACTED].ts.net" error="Get \"http://local-tailscaled.sock/localapi/v0/cert/traefik-dashboard.[REDACTED].ts.net?type=pair\": dial unix \"/volume1/@appdata/Tailscale/tailscaled.sock\": connect: no such file or directory" providerName=myresolver.tailscale

but then this file does exist:

ls -alh /volume1/@appdata/Tailscale/tailscaled.sock
srw-rw-rw- 1 tailscale tailscale 0 Apr 16 13:25 /volume1/@appdata/Tailscale/tailscaled.sock

weird!

@emilevauge
Copy link
Member

Hey @OverHash,
Can you confirm you have mounted the socket inside the container?
Do you run this command ls -alh /volume1/@appdata/Tailscale/tailscaled.sock from the container or the host?

@OverHash
Copy link
Author

OverHash commented May 2, 2024
edited

Hey @emilevauge
I appreciate you sense checking me. I tried using the forums for my issue, but it seems there's not much activity that goes on there. Let me know if there is a better way for me to share my problem. I suspect not many people use Traefik v3 w/ Tailscale.

I do indeed mount the socket inside the container. My docker-compose.yml looks like

version: '3'
services:
  traefik:
    image: traefik:v3.0.0
    restart: unless-stopped
    volumes:
      - /var/packages/Tailscale/var/tailscaled.sock:/var/packages/Tailscale/var/tailscaled.sock:ro
    environment:
     - TS_SOCKET="/var/packages/Tailscale/var/tailscaled.sock"

an interesting point I had not noticed before: there is both a var/packages/Tailscale/var/tailscaled.sock and /volume1/@appdata/Tailscale/tailscaled.sock file. I elected to use the former since that's what running tailscale on my host machine shows (this is a Synology, if you could not tell already):

$ tailscale
[...]

FLAGS
  --socket string
    	path to tailscaled socket (default /var/packages/Tailscale/var/tailscaled.sock)

which exists on both my host and (theoretically, on the mounted container):

user@host:/volume1/path/to/router$ ls -alh /var/packages/Tailscale/var/tailscaled.sock
srw-rw-rw- 1 tailscale tailscale 0 Apr 16 13:25 /var/packages/Tailscale/var/tailscaled.sock

unfortunately I can't figure out how to bash into the traefik docker container, as there is no /bin/bash, so I can't confirm that the traefik container also sees the sock file. I am still seeing:

router-traefik-1  | 2024-05-02T13:22:24Z ERR Unable to fetch certificate for domain "traefik-dashboard.[REDACTED].ts.net" error="Get \"http://local-tailscaled.sock/localapi/v0/cert/traefik-dashboard.[REDACTED].ts.net?type=pair\": dial unix \"/var/packages/Tailscale/var/tailscaled.sock\": connect: no such file or directory" providerName=myresolver.tailscale

Is there some networking I'm missing here? there's no mention of funny networking stuff I would need to do on the docs. I'm guessing this problem may not exist if I ran Tailscale on the same Docker network as Traefik (rather than on the host machine, as I currently do). Not quite sure how to proceed with figuring out this issue.

Thanks for your time!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emilevauge emilevauge

Labels
contributor/wanted Participation from an external contributor is highly requested kind/bug/confirmed a confirmed bug (reproducible).
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kevinpollet @emilevauge @nmengin @traefiker @OverHash