Use Tailscale | Network | Northflank Application docs
v1
ApplicationAPI & CLI

On this page

Network /

Use Tailscale

You can enable Tailscale in a project to allow your resources secure access to your Tailscale network. Your resources will be able to access Tailscale devices, and normal Northflank networking to public and private resources will continue to work as usual.

You can access Tailscale devices from your Northflank resources by their IP addresses, or the fully-qualified domain name for the device (for example device1.<id>.ts.net). The shortened form of the Tailscale domain for a device will not work.

Enable Tailscale

To use Tailscale, navigate to your project's settings page and click enable Tailscale.

Next, open your Tailscale account's Keys page, found under Personal Settings in your Tailscale Settings. Click generate auth key and name the key something recognisable (for example Northflank - Project).

All Tailscale auth keys expire within 90 days.You should make sure your auth key is updated or Northflank will be unable to reauthenticate to Tailscale, and your resources will lose access to your Tailscale network.

To allow existing resources access to Tailscale you must redeploy them.

When you deploy new resources, or redeploy existing resources in your project after enabling Tailscale, they will appear in your Tailscale machines list. To identify a Northflank resource, open the resource in Northflank and navigate to the containers page for a service, or the job runs page for a job. The first part of the container name, or the job run name, will be the name of the machine listed in Tailscale (for example proxy-54fcd583a7-adf5c would appear as proxy-54fcd583a7).

Restrict Tailscale access

Select restrict Tailscale to only allow specific resources access to your Tailscale network.

Resources are restricted by tag. Select the tags that will allow Tailscale, and ensure the resources you want to have access are tagged appropriately.

Disable Tailscale

If you have restricted Tailscale you can disable specific resources from accessing Tailscale by either removing the tag from the resource, or by removing the tag from the Tailscale tag restrictions list, and redeploying the relevant resources.

If you want to disable Tailscale for all resources, uncheck enable tailscale sidecar, update, and redeploy the relevant resources.

Next steps

Network security

Set IP policies and add basic authentication to your deployments.

Add private ports

Configure ports to allow your services to communicate securely within your project.

Forward deployments and databases

Forward deployments and databases to your local machine for development.

Configure basic authentication

Require users to enter a username or password to access your site.

© 2024 Northflank Ltd. All rights reserved.

northflank.comTermsPrivacyfeedback@northflank.com