Private diary with GoBlog, Tailscale and HTTPS
Some time ago I had already described on my private blog how GoBlog and Tailscale can be used to set up a private diary that is not freely accessible via the Internet.
Now Tailscale has announced a new feature: Let’s Encrypt certificates for Tailscale nodes.
I took the chance and added the HTTPS feature to GoBlog. The advantage is that browsers now don’t complain when you enter passwords on unprotected http://
pages.
So, here is an updated Docker Compose configuration for Tailscale and GoBlog:
version: "3"
services:
goblog:
container_name: goblog
image: rg.fr-par.scw.cloud/jlelse/goblog
restart: unless-stopped
volumes:
- ./config:/app/config
- ./data:/app/data
- ./tailscale-socket:/var/run/tailscale
environment:
- TZ=Europe/Berlin
- ALL_PROXY=socks5://localhost:1055/
network_mode: service:tailscale
tailscale:
hostname: goblogtest
container_name: tailscale
image: shaynesweeney/tailscale
command: tailscaled --tun=userspace-networking --socks5-server=localhost:1055
volumes:
- ./tailscale:/var/lib
- ./tailscale-socket:/var/run/tailscale
In GoBlog, the following server configuration is also important:
server:
publicAddress: https://machine-name.tailscale-httpsname.ts.net
tailscaleHttps: true
publicHttps: false
privateMode:
enabled: true
Although publicHttps
is disabled by default, care must be taken not to enable publicHttps
and tailscaleHttps
at the same time. The privateMode
is recommended if other people also have access to the tailscale network. This way a login is necessary to view posts.
Tags: Tailscale