Traefik certificates on Tailscale

Traefik simplifies networking complexity while designing, deploying, and operating applications. Starting with the release of Traefik Proxy 3.0 Beta 1, Traefik Proxy supports Tailscale. When Traefik gets an HTTPS request for a *.ts.net site, it gets the HTTPS certificate from the machine’s local Tailscale daemon.

No configuration is required for the certificate.

For example, you can define a certificate resolver in the static configuration, and it automatically enables HTTPS:

YAML
certificatesResolvers:
    myresolver:
        tailscale: {}
TOML
[certificatesResolvers.myresolver.tailscale]
CLI
--certificatesresolvers.myresolver.tailscale=true

Then, for each router or entrypoint where you want to use it, explicitly reference the resolver in the dynamic configuration:

YAML
http:
  routers:
    routertailscale:
      service: "myservice"
      rule: "Host(`example.foo.ts.net`) && Path(`/tailscale`)"
      tls:
        certResolver: tailscale

  services:
    myservice:
      loadBalancer:
        servers:
         - url: "http://localhost:6060"
TOML
[http]
  [http.routers]
    [http.routers.routertailscale]
      service = "myservice"
      rule = "Host(`example.foo.ts.net`) && Path(`/tailscale`)"
      [http.routers.routertailscale.tls]
        certResolver = "tailscale"

  [http.services]
    [http.services.myservice.loadBalancer]
      [[http.services.myservice.loadBalancer.servers]]
         url = "http://localhost:6060"

For complete details, see the Traefik Tailscale documentation at Traefik’s web site.

For more information about Traefik, see the Traefik quick start.