Server configuration
TSDProxy utilizes the configuration file /config/tsdproxy.yaml
for its settings.
Important
Environment variable configurations used in versions prior to v0.6.0 are deprecated and will be removed in future releases.
Sample Configuration File
Warning
Configuration files are case-sensitive.
defaultProxyProvider: default
docker:
local: # Name of the Docker target provider
host: unix:///var/run/docker.sock # Docker socket or daemon address
targetHostname: 172.31.0.1 # Docker server hostname or IP
defaultProxyProvider: default # Default proxy provider for this Docker server
lists:
critical: # Name of the target list provider
filename: /config/critical.yaml # Path to the proxy list file
defaultProxyProvider: tailscale1 # (Optional) Default proxy provider for this list
defaultProxyAccessLog: true # (Optional) Enable access logs for this list
tailscale:
providers:
default: # Name of the Tailscale provider
clientId: "your_client_id" # OAuth client ID (generated by Tailscale)
clientSecret: "your_client_secret" # OAuth client secret (generated by Tailscale)
# If clientId and clientSecret are defined, authKey
# and authKeyFile are ignored
authKey: "" # Tailscale auth key (alternative to OAuth)
authKeyFile: "" # Path to a file containing the auth key (ignores authKey if defined)
tags: "tag:example,tag:server" # Default tags for all containers using this provider
# Container-specific tags override these default tags
controlUrl: https://controlplane.tailscale.com # Override the default Tailscale control URL
dataDir: /data/ # Tailscale data directory
http:
hostname: 0.0.0.0 # HTTP server hostname
port: 8080 # HTTP server port
log:
level: info # Logging level (info, error, debug or trace)
json: false # Enable JSON logging (true/false)
proxyAccessLog: true # Enable container access logs (true/false)
Configuration Sections
log Section
level
Defines the logging level. Options are info
, error
, debug
or trace
.
The default is info
.
json
Enables JSON-formatted logging when set to true
. Defaults to false
.
tailscale Section
Configures Tailscale integration.
dataDir
Specifies the data directory used by Tailscale. Defaults to /data/
.
providers
Defines multiple Tailscale providers. Each provider has the following options:
default: # Provider name
authKey: your-authkey # Tailscale auth key
authKeyFile: "" # Path to auth key file
controlUrl: https://controlplane.tailscale.com # Tailscale control URL
Example with multiple providers:
tailscale:
providers:
default:
authKey: your-authkey
authKeyFile: ""
controlUrl: https://controlplane.tailscale.com
server1:
authKey: authkey-server1
authKeyFile: ""
controlUrl: http://server1
differentkey:
authKey: authkey-with-different-tags
authKeyFile: ""
controlUrl: https://controlplane.tailscale.com
This example configures three Tailscale providers: default
(default server),
server1
(different Tailscale server), and differentkey
(default server with
a different auth key for specific tags).
Tip
For more details, see the Tailscale page.
docker Section
Configures Docker server connections. Multiple Docker servers can be defined:
local: # Docker provider name
host: unix:///var/run/docker.sock # Docker socket or daemon address
targetHostname: 172.31.0.1 # Docker server hostname or IP
defaultProxyProvider: default # Default proxy provider for this Docker server
Example with multiple Docker servers:
docker:
local:
host: unix:///var/run/docker.sock
defaultProxyProvider: default
srv1:
host: tcp://174.17.0.1:2376
targetHostname: 174.17.0.1
defaultProxyProvider: server1
This example configures a local
Docker server and a remote srv1
server.
host
Specifies the Docker socket or daemon address. Defaults to unix:///var/run/docker.sock
.
targetHostname
Specifies the IP address or DNS name of the Docker server. Used for connecting to containers in specific cases.
defaultProxyProvider
Specifies the default Tailscale provider (defined in the tailscale.providers
section) to use for containers on this Docker server. Container-specific labels
override this setting.