Configure Tailscale

Tailscale is a zero-config VPN that creates a secure network between your servers, computers, and cloud instances. This guide explains how to connect your application container on Scalingo to your Tailscale network.

Prerequisites

Step 1: Multi-buildpack Configuration

To install Tailscale and your application dependencies, you need to use the multi-buildpack.

Create or update the .buildpacks file at the root of your repository:

https://github.com/Scalingo/apt-buildpack.git
# Add any other buildpack required to build your application (e.g. scalingo/nodejs, scalingo/ruby, etc.)

Step 2: Aptfile Configuration

The APT buildpack allows you to install additional packages. Create a file named Aptfile at the root of your repository with the following content:

wget
curl
tailscale
:repo:deb [trusted=yes] https://pkgs.tailscale.com/stable/ubuntu [dist] main

Replace [dist] with the codename of the stack you are using:

  • noble for scalingo-24 (default)
  • jammy for scalingo-22
  • focal for scalingo-20

Step 4: Set TAILSCALE_AUTHKEY Environment Variable

You need to provide your Tailscale Auth Key to your application via an environment variable.

  1. Generate an auth key in your Tailscale admin console.
  2. Set the TAILSCALE_AUTHKEY environment variable on your Scalingo application:
scalingo --app my-app env-set TAILSCALE_AUTHKEY=tskey-auth-ok...

Step 4: .profile Configuration

The .profile script is executed before your application starts (see dedicated page). It will be used to start the Tailscale daemon and connect to your network.

Create a file named .profile at the root of your repository:

#!/bin/bash
tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --socket /tmp/tailscaled.sock &
tailscale --socket /tmp/tailscaled.sock up --auth-key=$TAILSCALE_AUTHKEY

Step 5: Deploy Your Application

Deploy your application by pushing your changes to Scalingo:

git add .buildpacks Aptfile .profile
git commit -m "Configure Tailscale"
git push scalingo master

During the deployment, you should see:

  • The installation of Tailscale in the deployment logs.
  • The connection to Tailscale in the application logs.
  • Your Scalingo application appearing in your Tailscale console.

Step 6: Test the Connection

You can verify the connection by running a one-off container.

  1. Start a one-off container: 
    scalingo --app my-app run bash
  2. In the container, set the ALL_PROXY environment variable to use the local Tailscale proxy: 
    export ALL_PROXY=socks5://localhost:1055/
  3. Test the connection to another service in your Tailscale network: 
    curl [host]:[port]/_health
Suggest edits

Configure Tailscale

Platform - App

©2026 Scalingo

GTC GTU DPA SLA HDS