Skip to main content
Beta Feature

Tailscale support is currently in beta. The implementation may be unstable and could change significantly in future releases. Use with caution in production environments.

Configuring Tailscale

Tailscale is a zero-config VPN that makes secure networking between your Hathora game servers and other services simple and secure. This guide will show you how to configure Tailscale in your Hathora applications.

Prerequisites

  • A Tailscale account
  • A Tailscale auth key with appropriate permissions
  • Access to your Hathora application's deployment configuration

Configuration

To enable Tailscale in your Hathora application, you need to add two environment variables to your deployment:

  1. TS_AUTHKEY: Your Tailscale authentication key
  2. TS_ADVERTISE_TAGS (optional): Tags to advertise for this node

Environment Variables

Add these environment variables to your deployment configuration:

const deployment = {
  // ... other deployment config
  env: [
    {
      name: "TS_AUTHKEY",
      value: "tskey-auth-xxxxx-xxxxxxxxxxxxx" // Your Tailscale auth key
    },
    {
      name: "TS_ADVERTISE_TAGS",
      value: "tag:game-server,tag:prod" // Optional: comma-separated tags
    }
  ]
};

You can also set these variables in the Hathora Console: Setting TS_AUTHKEY and TS_ADVERTISE_TAGS in the Hathora dashboard

Tag Format

The TS_ADVERTISE_TAGS value must match the following regex pattern:

^[a-zA-Z0-9:,]+$

This means:

  • Multiple tags should be comma-separated
  • Only alphanumeric characters, commas, and colons are allowed
  • No spaces or special characters

Example Use Cases

  1. Secure Database Access:

    • Connect your game servers directly to your database without exposing it to the public internet
    • Use Tailscale ACLs to restrict database access to specific game servers

  2. Multi-Region Communication:

    • Enable secure communication between game servers in different regions
    • Use Tailscale's built-in NAT traversal for reliable connections

  3. Development Access:

    • Securely access your game servers for debugging and monitoring
    • Use tags to distinguish between development and production servers

Limitations

  • Tailscale traffic is currently not metered by Hathora, but will be metered in the future.
  • Maximum of one Tailscale connection per process
  • Arbitrary TS_EXTRA_ARGS are not allowed. Only tags can be set with TS_ADVESTISE_TAGS