Add Tailscale section to securing-your-node.md#82
Add Tailscale section to securing-your-node.md#82lutr0 wants to merge 2 commits intorocket-pool:mainfrom
Conversation
I put together a section to add to "Securing your Node" describing how to install Tailscale. Sources: 1) https://www.reddit.com/r/rocketpool/comments/rkgyn8/guide_how_to_seamlessly_access_your_rocket_pool/ (I didn't add the point 8 about global nameservers, I don't know if it's needed) 2) https://tailscale.com/kb/1039/install-ubuntu-2004/ 3) https://tailscale.com/kb/1077/secure-server-ubuntu-18-04/ I'm not an expert, so give a good look at it!
| In case the connection is working, you can now set a rule to accept any incoming ssh connections over Tailscale. **Run these on the node machine.** | ||
|
|
||
| ```shell | ||
| sudo ufw allow in on tailscale0 comment | ||
| sudo ufw allow 41641/udp | ||
| ``` |
There was a problem hiding this comment.
Would we still want to restrict access to only things like SSH and Grafana even on the tailscale0 interface? I suppose it's relying on Tailscale security to only allow access from nodes in your own account.
Also, I think the firewall rule for port 41641/udp can be omitted unless the Tailscale connection is not working for some reason per Tailscale docs. I haven't needed it for any of the nodes that I'm using on Tailscale (all Debian 10/11 FWIW).
|
I just took a quick look at this, sorry for the delay! In my opinion, I think this is worthy of breaking out into its own page instead of tying it into the security page. I bet it could use some annotated pictures as well. What do you guys think? |
|
Hey @jclapis, thanks a lot for checking it out, I missed the notification. I can definitely add some images, especially regarding the Tailscale side. I was not sure about how much to go into detail. I also like the idea of having it in one page, it's one step beyond the standard configuration and it makes sense to have it by itself or in a "bells and whistles" page for the advanced user. Is it ok if I add the images and I leave to you to add the guide to a new page? I'm not confident about that part |
|
I can take a crack a this one if you want @jclapis, it was on my mind anyways that we should have an independent tailscail section. Will let me use my shiny new docs dev environment more :) |
|
Hey @blinc117, this would be amazing, I wasn't able to complete the task and I'm a bit ashamed of having this still open. |
|
@nickdoherty This can be closed as was addressed in #224 |
5 participants
I put together a section to add to "Securing your Node" describing how to install Tailscale.
Sources:
(I didn't add the point 8 about global nameservers, I don't know if it's needed)
I'm not an expert, so give a good look at it!