All notes tagged with hetzner.

Connect to your PostgreSQL server from Tailscale

I’m a big fan of Tailscale, and I use it to create my own private network. This means that I can connect to my devices from anywhere in the world without having to worry about opening ports or exposing my IP address. I recently also used Tailscale to connect to a PostgreSQL server; below is how I did it.

To get Tailscale working on my Ubuntu machine, I first needed to install the Tailscale client. I did trust the Tailscale team and used their installation script:

curl -fsSL https://tailscale.com/install.sh | sh

Then, I needed to configure Tailscale to connect to my account with:

sudo tailscale up

Tailscale is now up and running. Next, let’s open up the PostgreSQL port on the Taiscale network. I’m running the UFW firewall, so this is what I did:

sudo ufw allow in on tailscale0 to any port 5432 proto tcp

Now, I also need to make sure PostgreSQL runs on any interface. I did that by changing the listen_addresses in my postgresql.conf file:

listen_addresses = '*'

In my pg_hba.conf file, I added the following line to allow connections from Tailscale. I decided to use the trust method because if somebody can connect to my Tailscale network, I’m already screwed anyway.

host    all    all   100.64.0.0/10    trust

And then restarting PostgreSQL:

sudo systemctl restart postgresql

When I’m on my laptop and I’m connected to the Tailscale network, I can connect to my PostgreSQL server with:

psql -h <name-of-your-server> -U postgres

The <name-of-your-server> is the name of your Tailscale device. You can find it in the Tailscale dashboard. It’s easier to remember than the IP address.

That’s all there is to it! Now you can securely connect to your PostgreSQL server from anywhere in the world using Tailscale’s private network. You can use this technique to expose multiple applications across your machines. For example, I’m also using it to connect to my Raspberry Pi, where I’m running PiHole, a DNS ad blocker.