"It works on my machine™" – you, probably.
This is the upfront setup for the developer environment — needed to build, test, and publish the first binaries of Tailnet Labs.
It currently relies heavily on internal infra, still marked as
.
We’re merging and compiling several projects under one roof. Because why not?
So you like Caddy, and you like Tailscale, but hate running two things?
Say no more — meet Tailnet.
This plugin shoves a full Tailscale node inside Caddy.
Yes, you read that right: one binary to rule your tailnet, serve your sites, and occasionally confuse you. 🧙♂️
With Tailnet Labs, you can:
- 🔥 Serve sites directly on your Tailnet
- 🕵️ Proxy requests between Tailscale nodes (yes, through the magic tunnel)
- 🔒 Authenticate users via their Tailscale identity
- 🐋 Run everything inside Docker, because of course you can
⚠️ Extremely experimental. Side effects may include enlightenment, panic, or both.
- 🧅 Tailscale
(Or skip it and trust the built-in one — chaos mode.) - 🐳 Docker (you knew this was coming)
- 👨💻 A DevContainer-compatible editor
(So your AI assistant can silently judge your YAML.) - 🔒 Devpod installed
Example compose.yml included.
Clone it, pray a little, and run:
git clone https://github.com/sudosu404/tailnet.git
cd tailnet && source init.shThen set your environment:
echo -e "TAILSCALE_AUTHKEY=tskey-auth-example-own-key\nTAILNET_NAME=your-own.ts.net\nTAILSCALE_HOSTNAME=node\nSABLIER_PORT=10001" > .envAnd finally, lift off 🚀
docker compose up -dBoom 💥 — your Tailnet proxy is alive.
If you forget your TAILSCALE_AUTHKEY, no worries —
we’ll just name your node node.your-tailnet.ts.net and hope for the best.
(What could possibly go wrong?)
You can also run it manually like a real hacker:
TAILSCALE_AUTHKEY=tskey-auth-XXX ./caddy run -c node//config/tailnet-labs.caddyfileIf it works: congrats 🎉
If not: at least you have logs now 😏
Want to serve a private site on your Tailnet?
Drop this into your Caddyfile:
:443 {
bind tailscale/node
tls {
get_certificate tailscale
}
reverse_proxy localhost:8080
}That’s it — HTTPS handled, access control automatic,
and your Tailnet friends can now see your glorious HTML mistakes.
Because we know you’ll skip to this part anyway:
docker run -it --rm -e TAILSCALE_AUTHKEY="tskey-auth-XXX" -v ./Caddyfile:/etc/caddy/Caddyfile -v ./config:/config sudosu404/tailnetThis launches Caddy + Tailscale + good vibes.
Mount /config for persistence — or don’t, and watch your setup vanish like motivation on Monday.
Using xcaddy:
xcaddy build v2.9.1 --with github.com/sudosu404/tailnetOr the full DIY route:
go build ./cmd/caddyThen whisper to your binary:
“Please don’t segfault.”
Caddy logs under the tailscale logger.
Crank up verbosity with:
{
log tailscale {
level DEBUG
}
}Expect approximately 400 lines per second of “totally helpful” output.
| You want to… | You should… |
|---|---|
| Serve private sites on Tailnet | bind tailscale/myapp in your Caddyfile |
| Proxy to another node | Use transport tailscale <node> |
| Authenticate via Tailscale | Add tailscale_auth in your site block |
| Pretend you know what you’re doing | docker compose up -d and post it on LinkedIn |
This project is alpha, beta, gamma, and probably a cosmic experiment.
If it breaks, you get to keep both pieces.
“It’s not a bug, it’s a distributed feature.”
— someone at Tailnet Labs, probably.
Fork it, break it, PR it.
We welcome chaos — as long as it compiles.
AGPL-3.0 — because sharing is caring (and legally encouraged).
Made with ❤️ and at least ☕☕ by Tailnet Labs.