Tailscale + Fly + SSL (again)

I followed the Tailscale + Fly docs - this worked great.

However, I would like to setup TLS - if I add a tailscale cert command into start.sh this should work.

However, if I name the tailscale client fly-app as per the docs and then restart containers, over time I will see names like fly-app-1, fly-app-2 etc.

Then the tailscale cert command fails because it doesn’t match.

Any ideas how to unpick this? Do I need a different approach?

(Asked at Tailscale forums too, but no response)

‘rugwiro’ suggested using --hostname, but I’m already doing that.


Instead of hardcoding the client name as “fly-app” in your start.sh script, you can use the FLY_APP_NAME environment variable provided by Fly.io. This variable contains the name of your Fly app, which should remain consistent across container restarts.

Modify your start.sh script to use the FLY_APP_NAME variable when setting up the Tailscale client name. For example:


Then, use this variable in your Tailscale cert command:

tailscale cert --client-name="${tailscale_client_name}" ...

This should help ensure that the Tailscale cert command uses the correct client name, even if the container names change over time.

If you still encounter issues, you might want to consider handling TLS on your own, as mentioned here|

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.