How to access traefik hostnames from tailscale clients
I finally decided that I wanted to be able to externally access some of my Docker containers from outside of my local network. I don’t want to deal with the security hassle of exposing ports on my router, so I decided to go with Tailscale.
All of my container web services are run through traefik and are accessed using hostnames I set up on my DNS server. How would I go about accessing the different web services externally since the hostnames don’t resolve?
I assume when you say externally you mean via Tailscale, but without running Tailscale on each container/service?
What I currently do is run Tailscale on a few workstation-type devices, but everything else in my network doesn't run the Tailscale client (partly because things like printers, outers, etc can't run the client, and it's less convenient for things like servers).
Those type of devices can be accessed by running one Tailscale node as a Subnet Router. This device is then able to route traffic to it's subnet. Currently I use a Raspberry Pi for this.
My Pi also runs PiHole and acts as my DNS server, so it can name resolve local resources, though I don't think this is required, because Tailscale has its own DNS resolution called Magic DNS. So your Subnet Router should be able to resolve those names anyway (going off memory here, so be sure to check the docs, I may be misremembering how it works since I use the same device for DNS).
You don't even need Tailscale on a remote device to access your LAN - if you enable the Funnel service, you can provide an inbound encrypted path to specified resources.
That is almost the exact same thing I am doing. I have 2 Pi's running PiHole in HA and I just made one of them the subnet router to allow this access. Since I will be the only one using this, I don't care to use Funnel right now, but thanks for showing that to me. I am (obviously) new to using Tailscale, and that looks like a very neat feature.