tsnet-services

command
v1.98.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 21, 2026 License: BSD-3-Clause Imports: 5 Imported by: 0

README

tsnet-services

The tsnet-services example demonstrates how to use tsnet with Services.

To run this example yourself:

  1. Add access controls which (i) define a new ACL tag, (ii) allow the demo node to host the Service, and (iii) allow peers on the tailnet to reach the Service. A sample ACL policy is provided below.
  2. Generate an auth key using the Tailscale admin panel. When doing so, add your new tag to your key (Service hosts must be tagged nodes).
  3. Define a Service. For the purposes of this demo, it must be defined to listen on TCP port 443. Note that you only need to follow Step 1 in the linked document.
  4. Run the demo on the command line (step 4 command shown below).

Command for step 4:

TS_AUTHKEY=<yourkey> go run tsnet-services.go -service <service-name>

The following is a sample ACL policy for step 1:

"tagOwners": {
   "tag:tsnet-demo-host": ["autogroup:member"],
},
"autoApprovers": {
   "services": {
      "svc:tsnet-demo": ["tag:tsnet-demo-host"],
   },
},
"grants": [
   "src": ["*"],
   "dst": ["svc:tsnet-demo"],
   "ip": ["*"],
],

Documentation

Overview

The tsnet-services example demonstrates how to use tsnet with Services.

To run this example yourself:

  1. Add access controls which (i) define a new ACL tag, (ii) allow the demo node to host the Service, and (iii) allow peers on the tailnet to reach the Service. A sample ACL policy is provided below.
  2. Generate an auth key using the Tailscale admin panel. When doing so, add your new tag to your key (Service hosts must be tagged nodes).
  3. Define a Service. For the purposes of this demo, it must be defined to listen on TCP port 443. Note that you only need to follow Step 1 in the linked document.
  4. Run the demo on the command line (step 4 command shown below).

Command for step 4: 

TS_AUTHKEY=<yourkey> go run tsnet-services.go -service <service-name>

The following is a sample ACL policy for step 1: 

"tagOwners": {
   "tag:tsnet-demo-host": ["autogroup:member"],
},
"autoApprovers": {
   "services": {
      "svc:tsnet-demo": ["tag:tsnet-demo-host"],
   },
},
"grants": [
   "src": ["*"],
   "dst": ["svc:tsnet-demo"],
   "ip": ["*"],
],

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.