Connect to your PostgreSQL server from Tailscale
I’m a big fan of Tailscale, and I use it to create my own private network. This means that I can connect to my devices from anywhere in the world without having to worry about opening ports or exposing my IP address. I recently also used Tailscale to connect to a PostgreSQL server; below is how I did it.
To get Tailscale working on my Ubuntu machine, I first needed to install the Tailscale client. I did trust the Tailscale team and used their installation script:
curl -fsSL https://tailscale.com/install.sh | sh
Then, I needed to configure Tailscale to connect to my account with:
sudo tailscale up
Tailscale is now up and running. Next, let’s open up the PostgreSQL port on the Taiscale network. I’m running the UFW firewall, so this is what I did:
sudo ufw allow in on tailscale0 to any port 5432 proto tcp
Now, I also need to make sure PostgreSQL runs on any interface. I did that by changing the listen_addresses
in my postgresql.conf
file:
listen_addresses = '*'
In my pg_hba.conf
file, I added the following line to allow connections from Tailscale. I decided to use the trust
method because if somebody can connect to my Tailscale network, I’m already screwed anyway.
host all all 100.64.0.0/10 trust
And then restarting PostgreSQL:
sudo systemctl restart postgresql
When I’m on my laptop and I’m connected to the Tailscale network, I can connect to my PostgreSQL server with:
psql -h <name-of-your-server> -U postgres
The <name-of-your-server>
is the name of your Tailscale device. You can find it in the Tailscale dashboard. It’s easier to remember than the IP address.
That’s all there is to it! Now you can securely connect to your PostgreSQL server from anywhere in the world using Tailscale’s private network. You can use this technique to expose multiple applications across your machines. For example, I’m also using it to connect to my Raspberry Pi, where I’m running PiHole, a DNS ad blocker.