Access Docker containers without opening ports with Tailscale

Last updated on January 14th, 2023 at 03:39 pm

Create a secure network between your servers, computers, and cloud instances. Even when separated by firewalls or subnets, Tailscale just works. Using Tailscale will avoid the security holes with having ports exposed.


  • Hourly and daily rotations minimizes the risk of stolen keys or stale credentials.
  • Tailscale builds on top of WireGuard’s Noise protocol encryption, a peer-reviewed and trusted standard.
  • Low latency and private. None of your traffic ever touches the Tailscale servers.

Step 1

Access the Package Center and search for Tailscale. Click Install.

Step 2

Once installed, Open Tailscale. You’ll now need to sign up. Choose what service you’d like to use. For me, I’ll be using Microsoft.

Step 3

Once signed up, you should now see this screen:

This will give you access to all the downloadable Tailscale software and show you all your connected devices.

I’ll be using an Android phone to connect with Tailscale. From here, you can choose Windows, macOS or Linux, the setup will be similar on all devices.

If you don’t see your Synology NAS here, press the Synology button to link this. Once completed, leave this screen open for now.

Step 4

On Android, again this will be a similar set-up across all your devices. Open Tailscale, Sign in with Google, or in my case, I’ll sign in with other as I’ll be using Microsoft. Follow through signing in.

Please ensure you use the same login across all your devices. Make sure the device is Active (See last screenshot below).

Step 5

If you still have the original screen opened, you will notice that your device has now connected and logged in.

That’s it, pretty simple eh! Do this for all the devices that you want to be able to access your network remotely.

You should also see your Synology NAS, for me this is Galactica. Tailscale has generated a new IP for me, this being Make a note of the IP it has generated for your Synology. Now press Success, it works!

Step 6

Using the IP that was generated in the previous step, open your browser and type this along with your container port. For me, I’ll be using FreshRSS. I’ll be going to on my browser. (See screenshots below). It has now brought up my FreshRSS container without having to expose ports or use reverse proxy.


That’s you all finished, this handy service will stop the need for exposing ports on your network which is not great practice.

More Guides:

Actual AdGuard airsonic Audiobookshelf autobrr Bitcoin Calibre-Web ChatpadAI Cleanarr Composerize Crypto DailyTxT Dashy deemix Deluge Emby EmulatorJS Ethereum Euterpe FileBot FilePizza FileZilla Flame Focalboard FreshRSS Grafana Grocy Heimdall Homarr Home Assistant Homebridge Jackett Jellyfin Jellyseerr Joplin Kavita Komga LanguageTool LibreOffice Lidarr Mealie MediaGoblin Medusa Memegen Minecraft Minecraft Bedrock MQTT MusicBrainz MyMediaForAlexa Navidrome Node-RED NZBGet NZBHydra Ombi Overseerr PaperlessNGX Pashword Password Cards Petio Pi-Hole Picard Plex Portainer PostgreSQL Prowlarr PUID & PGID pwndrop Radarr Radicale Readarr ruTorrent SABnzbd SearX Seed Phrase Shiori Sonarr SpeedTest Stash Storm Tailscale TasmoAdmin Tautulli Theia Trilium TubeSync Unpackerr Uptime Kuma Vaultwarden Watchtower WebPDF Whisparr Wordle YouTubeDL

Scroll to Top