A setup for serving a website through Tailscale using NGINX. Here’s a breakdown of the steps to ensure everything is configured properly:
-
DNS Configuration:
- A Record: You have created an A record with the host
wwwpointing to your Tailscale IP. This means any request towww.yourdomain.comwill resolve to your Tailscale IP. - CNAME Record: You have created a wildcard CNAME record (
*) pointing to your domain. This means any subdomain request will resolve to your main domain, which should then resolve to your Tailscale IP.
- A Record: You have created an A record with the host
-
NGINX Configuration:
- Ensure that NGINX is configured to listen on the correct port and interface for your Tailscale IP.
- Make sure you have the necessary server block in your NGINX configuration to handle requests to your domain and any subdomains.
-
Tailscale Configuration:
- Verify that the clients who need to access your website are part of your Tailnet and have access to the Tailscale IP where NGINX is running.
- Check your Tailscale ACLs (Access Control Lists) to ensure there are no restrictions preventing access to the Tailscale IP.
-
Firewall and Port Forwarding:
- Ensure that your Tailscale device’s firewall allows traffic on the ports NGINX is using (usually port 80 for HTTP and port 443 for HTTPS).
- If you’re using a router or another firewall device, ensure that it is not blocking traffic to these ports on your Tailscale IP.
-
NGINX Server Block Example:
Here’s an example NGINX server block that you can use as a reference:server { listen 80; server_name yourdomain.com *.yourdomain.com; location / { proxy_pass http://localhost:8080; # Or wherever your backend service is running proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
If all of these configurations are correct, your domain should route traffic through the Tailnet and NGINX should serve the website to any client that is part of your Tailnet.