Setting up an exit node for LAN resource access with Docker compose

1. wrote this docker compose

   services:
     tailscale:
       image: tailscale/tailscale:latest
       hostname: chibi-exitnode
       environment:
         - TS_AUTHKEY=tskey-auth-redacted
         - TS_EXTRA_ARGS=--advertise-exit-node --advertise-routes=10.7.22.0/24 
         - TS_STATE_DIR=/var/lib/tailscale
         - TS_USERSPACE=false
       volumes:
           - ./tailscale-client/state:/var/lib/tailscale
       devices:
         - /dev/net/tun:/dev/net/tun
       cap_add:
         - net_admin
       restart: unless-stopped
       sysctls:
         - net.ipv4.ip_forward=1
   

   • hostname: your-hostname-for-exitnode
     • can be anything
   • TS_AUTHKEY=
     • put your tailscale auth key here
   • TS_EXTRA_ARGS=--advertise-exit-node --advertise-routes=192.168.1.0/24
     • you need to use your own subnet instead of mine (192.168.1.0/24)
2. docker compose up -d
3. head to the tailscale web UI (login.tailscale.com)
4. in ‘Machines’ section, look for ‘chibi-exitnode’ and click it
5. Under ‘Routing Settings’ section, you’ll see ‘Exit node’. Click edit and ‘Allow’ and make sure ‘Use as exit node’ checkbox is ticked.
6. Under ‘Subnets’ section, you’ll see awaiting approval. so click edit and ‘Approve’
7. On your phone’s tailscale client, you see ‘EXIT NODE None’ on the top. Tap it and select ‘chibi-exitnode’