Firebase-host static files under a primary domain .well-known/matrix/{server,client}. Config server to Tailscale Funnel on ports 8443 and 443 (one federation port).
Through a Tailscale Docker container configured as a proxy, traffic can be forward TCP/TLS via socat.
From socat, traefik handles routing to Dendrite.
Was concerned with bandwidth, stability and latency, but things are looking good so far.
Tommy Skaug
in reply to Tommy Skaug • • •Tommy Skaug
in reply to Tommy Skaug • • •This turned out to be an R&D project.
I’d like to close my network from the open Internet. Can a small service such as Matrix Dendrite function via a Tailscale Funnel? Hypothesis says yes.
Dendrite is in Docker with a traefik reverse proxy in front, using the new Tailscale cert integration in v3.
Additionally I’ve established a Tailscale image which sends traffic to traefik via socat which works well.
Current problem: does the Matrix well-known support Funnel for federation?
Tommy Skaug
in reply to Tommy Skaug • • •Conclusion is a big yes.
Firebase-host static files under a primary domain .well-known/matrix/{server,client}. Config server to Tailscale Funnel on ports 8443 and 443 (one federation port).
Through a Tailscale Docker container configured as a proxy, traffic can be forward TCP/TLS via socat.
From socat, traefik handles routing to Dendrite.
Was concerned with bandwidth, stability and latency, but things are looking good so far.
#tailscale #traefik #docker #funnel #matrix #dendrite
Tommy Skaug
in reply to Tommy Skaug • • •Probably a billion possibilities of improvement in this, but it actually ended up as a working setup.
I did a write-up of running @matrix Dendrite behind Tailscale Funnel.
#sdn #tailscale #matrix #funnel
https://252.no/2023-04-24-sdn.html
The Cyber Security Two Cents : Software-Defined Networking Made Possible with Docker and Tailscale
252.no