Example with multiple services
RichardJActon opened this issue · 3 comments
This is very cool and useful! - thanks for putting this together.
It would be very helpful to see an example of this applied to a more complex docker compose set-up. I've got a docker compose stack with multiple components: a database, a back-end server component and a web front-end. Previously I used networks: to add them to the same network and ports: to specify which ports they should expose to each-other but networks and ports are mutually exclusive with network_mode. Is there a suggested approach to using the tailscale container for a scenario like this?
Hey, I've wondered about that too. From what I experienced, its easy. I've added dependencies to my containers and then default networks are generated!
services:
invidious:
image: quay.io/invidious/invidious:latest
restart: always
container_name: invidious
env_file:
- ./.db.env
environment:
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: kemal
password: <pw>
host: invidious-db
port: 5432
check_tables: true
hmac_key: <key>
external_port: 3000
domain: invidious
# https_only: true
# statistics_enabled: false
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
logging:
options:
max-size: "10M"
max-file: "4"
depends_on:
- invidious-db
- ts-invidious
network_mode: service:ts-invidious
invidious-db:
image: docker.io/library/postgres:16
restart: always
container_name: invidious-db
volumes:
- "./postgres-16:/var/lib/postgresql/data"
- "./config/sql:/config/sql"
- "./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh"
env_file:
- ./.db.env
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
ts-invidious:
image: ghcr.io/tailscale/tailscale:latest
container_name: ts-invidious
hostname: invidious
environment:
- TS_AUTHKEY=<key>
- "TS_EXTRA_ARGS=--advertise-tags=tag:container --reset"
- TS_SERVE_CONFIG=/config/invidious.json
- TS_STATE_DIR=/var/lib/tailscale
- TS_USERSPACE=false
volumes:
- "./ts-state:/var/lib/tailscale"
- "./ts-config:/config"
- "/dev/net/tun:/dev/net/tun"
cap_add:
- net_admin
- sys_module
restart: unless-stopped
This is very cool and useful! - thanks for putting this together.
It would be very helpful to see an example of this applied to a more complex docker compose set-up. I've got a docker compose stack with multiple components: a database, a back-end server component and a web front-end. Previously I used
networks:to add them to the same network andports:to specify which ports they should expose to each-other butnetworksandportsare mutually exclusive withnetwork_mode. Is there a suggested approach to using the tailscale container for a scenario like this?
I have been wondering the same thing. in the example, he shows how to do tailscale with docker using an nginx image which defaults to port 80.
i tried something like this and docker-compose still gives me the error: Error response from daemon: conflicting options: port publishing and the container type network mode
depends_on:
- invidious-db
- ts-invidious
network_mode: service:ts-invidious
we need to know how to change the port in the tailscale container. the only reason it would be great to use this tailscale container is to access your service with a name. i'm trying to get Scrutiny (disk health tool) working as http://scrutiny but it doesn't run on port 80.
it's a major oversight to not show how to do this in the tailscale blog tutorial. please let us know how to do it.
here is an example of the service I'm trying to run but don't know how to set ports for scrutiny container or tailscale container.
services:
ts-scrutiny:
image: tailscale/tailscale:latest
hostname: scrutiny-debian
environment:
- TS_AUTHKEY=tskey-auth-REDACTED
- TS_STATE_DIR=/var/lib/tailscale
volumes:
- tailscale-data-scrutiny-debian:/var/lib/tailscale
- /dev/net/tun:/dev/net/tun
cap_add:
- net_admin
- sys_module
restart: unless-stopped
scrutiny:
container_name: scrutiny
image: ghcr.io/analogj/scrutiny:master-omnibus
cap_add:
- SYS_RAWIO
volumes:
- /run/udev:/run/udev:ro
- ./config:/opt/scrutiny/config
- ./influxdb:/opt/scrutiny/influxdb
devices:
- "/dev/sda"
network_mode: service:ts-scrutiny
depends_on:
- ts-scrutiny
volumes:
tailscale-data-scrutiny-debian:
driver: local
Closing and moving to #4 as a discussion.