How to access GitLab on a private network with Tailscale
GitLab provides an easy-to-install package for most Linux distributions and even for devices like the Raspberry Pi. However, if you want to install GitLab in a home lab or similar private network, you would then be faced with a new issue: how do you access the instance from outside that private network? Traditionally, you would set up your router to forward traffic from your public IP address to the server inside your network. However, this comes with several drawbacks: Opening a port on your home or private network comes with a sustainable amount of risk. It can be hard or impossible for folks to do depending on their internet service provider and what routing equipment they use. It can be especially tough if your ISP doesn’t provide you with a statically assigned IP address which means your address can change from time to time, and you’ll need to either update DNS manually or through some third-party dynamic DNS service. For me, all of these challenges have meant that I’ve only ever really run GitLab “for fun” on my local network. Given the challenges above, running a permanent installation wasn’t an option. That is until Tailscale entered my life. Tailscale Tailscale isn’t necessarily the “newest” technology. In fact, it is based on the WireGuard protocol, which has existed in one form or another since 2015 and has seen native kernel support added to various Linux distributions as well as the kernel itself over the past several years. Wireguard VPN technology makes considerable improvements in the usability and setup of virtual private networks over earlier protocols like IPsec. Even with being easier to use, the “problem” with WireGuard, at least for me, was always that it was still too complex to set up and maintain. Much like configuring my ISP’s router for port forwarding, it wasn’t impossible, but it just wasn’t practical. Enter Tailscale. Tailscale provides a simple piece of client software, available for Linux, Mac, and Windows (and iOS and Android!), which implements the WireGuard protocol and allows you to control your VPN network from a handy web interface. Not only that, it’s free to use for individuals and small networks. When I started using Tailscale, it was to make sure I could connect back to my home network and troubleshoot it while traveling for work. As the only system administrator in my house, this was fantastic. However, Tailscale also offers the ability to easily access services inside of various networks as well by setting up a mesh VPN between them, all with IP addresses in the 100.x.y.z range. That means for any web service or other service on my network, I can access it with a statically assigned IP address from any other device connected to Tailscale, and create a DNS record to have a domain point to the IP address. At last, I could run GitLab (and other open source tools) at home and safely connect to them from outside my house with as little hassle as possible. So how did I get it to work? Tailscale and GitLab together Assuming you already have a GitLab installation up and running on your network, getting it working through Tailscale involves a few steps: Installing Tailscale Setting up DNS for the private address Configuring HTTPS encryption Installing Tailscale Packages are available […]
