Private diary with GoBlog, Tailscale and HTTPS
Some time ago I had already described on my private blog how GoBlog and Tailscale can be used to set up a private diary that is not freely accessible via the Internet.
Now Tailscale has announced a new feature: Let’s Encrypt certificates for Tailscale nodes.
I took the chance and added the HTTPS feature to GoBlog. The advantage is that browsers now don’t complain when you enter passwords on unprotected
So, here is an updated Docker Compose configuration for Tailscale and GoBlog:
version: "3" services: goblog: container_name: goblog image: rg.fr-par.scw.cloud/jlelse/goblog restart: unless-stopped volumes: - ./config:/app/config - ./data:/app/data - ./tailscale-socket:/var/run/tailscale environment: - TZ=Europe/Berlin - ALL_PROXY=socks5://localhost:1055/ network_mode: service:tailscale tailscale: hostname: goblogtest container_name: tailscale image: shaynesweeney/tailscale command: tailscaled --tun=userspace-networking --socks5-server=localhost:1055 volumes: - ./tailscale:/var/lib - ./tailscale-socket:/var/run/tailscale
In GoBlog, the following server configuration is also important:
server: publicAddress: https://machine-name.tailscale-httpsname.ts.net tailscaleHttps: true publicHttps: false privateMode: enabled: true
publicHttps is disabled by default, care must be taken not to enable
tailscaleHttps at the same time. The
privateMode is recommended if other people also have access to the tailscale network. This way a login is necessary to view posts.