Reserved.

Hey Brody, great template. Thank you very much. While I can connect to my database over private network from my local, I can't use other websites. I guess we have to make the service also work as exit node if I understood correctly

Nope, you would not want to attempt to use the machine as an exit node.

Perhaps you have something missconfigured locally, like your tailscale client is trying to use something as an exit node when you shouldn't be using anything as an exit node.

yup you were right. misconfiguration on my end. Thanks for explaining

This work great for allowing me to access the servers in railway from a client on the tailscalenetwork . But it does not appear to solve the problem of allowing a service on railway connect to something on the tailscale network? Do you have any suggestion on how you would allow for that?
Thanks for your assistance!

You would need to run a tailscaled and tailscale up inside your applications container.

We are going to be looking into writing a guide on this since you are not the only user to ask us this question!

thanks!
A guide would be much appreciated.
I tried running tailscale inside the container, but i ran into a bit of an issue. As far as i can tell tun is not available so i had to run tailscaled with userspace-networking. This again has somewhat of the same issue that it works fine for incoming traffic. But i struggled to rout outging through the proxy. You can see my setup here: https://help.railway.com/questions/allowing-for-outgoing-requests-to-tailsc-0b83d33b

Any idea on how i can solve this?

For what it's worth, a guide on that topic wouldn't be Railway specific, besides the fact that the containers aren't privileged.

But I agree a simple guide would be beneficial and just because it's not specific to Railway doesn't mean we shouldn't have a guide.

We will be looking into our options here.

Update, it is not possible to run tailscale in a container for the purposes of connecting out to other devices on the tailnet.

The containers lack sufficient privileges to use even userspace tunneling, and this is not something we will be changing with the current runtime version.

Our next runtime, based around VMs instead of containers will allow you to do userspace or kernel tunneling, so keep an eye on our changelog for that.

Thanks for looking into it regardless. Saved me many hours of troubleshooting . Will keep an eye out for the new runtime.