[GH-ISSUE #413] Use Tailnet for Secure Cross-Server Database Connections #270

New issue

Open

opened 2026-03-03 11:14:25 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 11:14:25 +03:00

Owner

Copy link

Originally created by @charanm927 on GitHub (Aug 13, 2025).
Original GitHub issue: https://github.com/dflow-sh/dflow/issues/413

Description:

Enable dFlow to connect databases hosted on separate servers via Tailnet (Tailscale network). By default, create all user databases on dFlow-managed servers and connect services to them securely using Tailnet. This approach improves security, performance, and simplifies DB networking without exposing databases to the public internet.

Acceptance Criteria:

• Configure Tailnet to allow secure, private connections between servers hosting services and databases.
• Automatically add database server(s) to the same Tailnet as application servers.
• Create all user databases on dFlow-managed DB servers by default.
• Generate and inject private Tailnet connection strings into services.
• Ensure connections remain functional during Tailnet IP changes (use MagicDNS where possible).
• Log connection setup and errors for troubleshooting.

Benefits:

• Improves database security by removing public exposure.
• Simplifies multi-server DB networking for users.
• Centralizes database hosting on optimized servers.

Originally created by @charanm927 on GitHub (Aug 13, 2025). Original GitHub issue: https://github.com/dflow-sh/dflow/issues/413 **Description:** Enable dFlow to connect databases hosted on separate servers via Tailnet (Tailscale network). By default, create all user databases on dFlow-managed servers and connect services to them securely using Tailnet. This approach improves security, performance, and simplifies DB networking without exposing databases to the public internet. **Acceptance Criteria:** - Configure Tailnet to allow secure, private connections between servers hosting services and databases. - Automatically add database server(s) to the same Tailnet as application servers. - Create all user databases on dFlow-managed DB servers by default. - Generate and inject private Tailnet connection strings into services. - Ensure connections remain functional during Tailnet IP changes (use MagicDNS where possible). - Log connection setup and errors for troubleshooting. Benefits: - Improves database security by removing public exposure. - Simplifies multi-server DB networking for users. - Centralizes database hosting on optimized servers.

kerem added the

enhancement

label 2026-03-03 11:14:25 +03:00

kerem referenced this issue 2026-03-03 11:29:49 +03:00

[PR #270] [MERGED] feat: Wrote api calls for tailscale integration #408

kerem referenced this issue 2026-03-03 11:29:49 +03:00

[PR #272] [MERGED] Sync with main #409

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

turborepo-extended

turborepo-simple

turborepo

monorepo

monorepo-mutli-package

monorepo-test-1

feat/webhook-events

feat/activity-tracking

ui-fixes-team

ui-updates

headway

mobile-view-layout-ui

feat/preserve-terminal-logs

enhance/empty-states-ui

template-deploy-fix

bugfix/disabled-projects-access

enhance/embedded-toast-in-bubble

migrate-restapi-to-restsdk

middleware-redirects-issue

feat/bubble-ui

restrict-role-updation

fix/beszel-edge-case

safety/restrict-plugin-uninstall

feat/purge-redis-queues

feat/cross-domain-auth

cros

add-clickhouse

update-services-ui

feat/magic-link-auth-selection

feat/auto-detect-and-install-plugins

bugfix/scaling-units-metrics-config

chore/remove-hidden-projects

feat-custom-branding-live-preview-support

update-template

replace-netdata-with-beszel

feat/beszel-integration

feat/update-server-status-ui

feat/show-delete-card-in-detail-pages

feat-rbac

feat/resource-check

volumes-fix

template-select-ui

feat/service-switching

queueLogs

bug/build-path

vps-plans-update

sample_selenium_testing

feat/servers-tailscale-support

2fa

documentation

db-backup

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.0

latest

Labels

Clear labels   

backend

  

bug

  

developer

  

documentation

  

enhancement

  

enhancement

  

enhancement

  

feature

  

feature

  

fix

  

frontend

  

frontend

  

good first issue

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

safety-check

  

security

  

styles

  

styles

  

templates

  

templates

No labels

backend

bug

developer

documentation

enhancement

enhancement

enhancement

feature

feature

fix

frontend

frontend

good first issue

help wanted

pull-request

safety-check

security

styles

styles

templates

templates

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/dflow#270

No description provided.