Running Vikunja with Docker and Tailscale

Support
1

Hi there !

I’m trying to run my first instance of Vikunja and I’m using taiscale for all my other services.
When I try to access to the app, nothing …
Actually, I’ve this docker-compose.yml :

services:
  vikunja:
    image: vikunja/vikunja
    container_name: vikunja
    environment:
      VIKUNJA_SERVICE_PUBLICURL: http://localhost
      VIKUNJA_DATABASE_HOST: db
      VIKUNJA_DATABASE_PASSWORD: ${DBPWD}
      VIKUNJA_DATABASE_TYPE: mysql
      VIKUNJA_DATABASE_USER: ${DBUSER}
      VIKUNJA_DATABASE_DATABASE: ${DBNAME}
      VIKUNJA_SERVICE_JWTSECRET: ${VIKUNJASECRET}

    volumes:
      - vl_vikunja:/app/vikunja/files
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped
    network_mode: service:ts_vikunja

  db:
    image: mariadb:10
    container_name: vikunja_db
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    environment:
      MYSQL_ROOT_PASSWORD: ${DBROOT}
      MYSQL_USER: ${DBUSER}
      MYSQL_PASSWORD: ${DBPWD}
      MYSQL_DATABASE: ${DBNAME}
    volumes:
      - vl_vikunja_db:/var/lib/mysql
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "mysqladmin ping -h localhost -u $$MYSQL_USER --password=$$MYSQL_PASSWORD"]
      interval: 2s
      start_period: 30s
    networks:
      - nt_prod

  ts_vikunja:
    image: tailscale/tailscale:latest
    container_name: ts_vikunja
    hostname: vikunja
    environment:
      - TS_ACCEPT_DNS=true
      - TS_AUTHKEY=${TS}
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/${TSFILE}
      - TS_SOCKS5_SERVER=localhost:1055
    volumes:
      - vl_ts_vikunja:/var/lib/tailscale
      - /dev/net/tun:/dev/net/tun
      - ${TSCONFIG}/config_ts:/config
    cap_add:
      - net_admin
      - sys_module
    networks:
      - nt_prod

networks:
  nt_prod:
    external: true

volumes:
  vl_vikunja:
    external: true
  vl_vikunja_db:
    external: true
  vl_ts_vikunja:
    external: true

All logs looks OK :

#MariaDB
2024-04-18  8:37:11 0 [Note] InnoDB: Buffer pool(s) load completed at 240418  8:37:11
2024-04-18  8:37:11 0 [Note] Server socket created on IP: '0.0.0.0'.
2024-04-18  8:37:11 0 [Note] Server socket created on IP: '::'.
2024-04-18  8:37:11 0 [Note] mariadbd: ready for connections.
Version: '10.11.7-MariaDB-1:10.11.7+maria~ubu2204'  socket: '/run/mysqld/mysqld.sock'  port: 3306  mariadb.org binary distribution

#Vikunja
info: creating the new user vikunja with 1000:1000
usermod: no changes
2024-04-18T10:45:16.239757548Z: INFO    ▶ config/InitConfig 001 No config file found, using default or config from environment variables.
2024-04-18T10:45:16.252205636Z: INFO    ▶ migration/Migrate 05b Ran all migrations successfully.
2024-04-18T10:45:16.252249081Z: INFO    ▶ models/RegisterReminderCron 05c Mailer is disabled, not sending reminders per mail
2024-04-18T10:45:16.252269711Z: INFO    ▶ models/RegisterOverdueReminderCron 05d Mailer is disabled, not sending overdue per mail
2024-04-18T10:45:16.252324778Z: INFO    ▶ cmd/func29 05e Vikunja version v0.23.0
⇨ http server started on [::]:3456

#Tailscale : 
boot: 2024/04/18 08:37:07 Startup complete, waiting for shutdown signal
boot: 2024/04/18 08:37:07 Applying serve config
2024/04/18 08:37:07 serve: creating a new proxy handler for http://127.0.0.1:3456
2024/04/18 08:37:07 Hostinfo.WireIngress changed to true
2024/04/18 08:37:07 magicsock: derp-23 connected; connGen=1

I tryied already multiple things with the “VIKUNJA_SERVICE_PUBLICURL:”

This is not working from localhost too…

If someone have an idea… :grimacing:

2

I don’t know anything about how tailscale does things here, but does it work when you add the port? https://vikunja.mytailscaledomain.ts.net:3456 or similar. (how does Tailscale know which port to forward?)

This line in the logs seems to indicate it will forward traffic to port 3456 on the tailscale container which won’t work - it needs to forward traffic to the Vikunja container.

3

@romstan judging your setup and the logs you posted, your vikunja container listens on the default port 3456. You have two options:

  1. Setup a reverse proxy to forward to the correct port Setup behind a reverse proxy | Vikunja
  2. Run vikunja as root (and accept security consequences) and change the listening port to 80 by setting VIKUNJA_SERVICE_INTERFACE env variable

Here is my setup (I chose the second option). Keep in mind that your docker network setup is different than mine.

services:
  vikunja:
    image: vikunja/vikunja
    environment:
      VIKUNJA_SERVICE_PUBLICURL: http://vikunja.home.local # I have a local dns
      VIKUNJA_DATABASE_HOST: localhost
      VIKUNJA_DATABASE_PASSWORD: <redacted>
      VIKUNJA_DATABASE_TYPE: mysql
      VIKUNJA_DATABASE_USER: <redacted>
      VIKUNJA_DATABASE_DATABASE: <redacted>
      VIKUNJA_SERVICE_JWTSECRET: <redacted>
      VIKUNJA_SERVICE_INTERFACE: :80
    user: 0:0
    volumes:
      - ./files:/app/vikunja/files
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped
    network_mode: service:tailscale
  db:
    image: mariadb:10
    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    environment:
      MYSQL_ROOT_PASSWORD: <redacted>
      MYSQL_USER: <redacted>
      MYSQL_PASSWORD: <redacted>
      MYSQL_DATABASE: <redacted>
    labels:
      "autoheal": "true"
    volumes:
      - ./db:/var/lib/mysql
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "mysqladmin ping -h localhost -u $$MYSQL_USER --password=$$MYSQL_PASSWORD"]
      interval: 2s
      start_period: 30s
    network_mode: service:tailscale
  tailscale:
    image: tailscale/tailscale:latest
    hostname: vikunja
    environment:
      - TS_AUTHKEY=<redacted>
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_USERSPACE=false
      - TS_ACCEPT_DNS=true
    volumes:
      - ./tailscale/state:/var/lib/tailscale
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - net_admin
      - sys_module
    restart: unless-stopped