Using Tailscale with Docker for Secure Database Backups

Connect a Dockerized database to SimpleBackups over a private Tailscale tunnel without exposing it to the public internet.

Tailscale creates an encrypted peer-to-peer network between your devices using WireGuard. When your database runs inside a Docker container, you can attach a Tailscale sidecar container to that network namespace, giving SimpleBackups a private IP to connect through — no jump host, no VPN configuration, no open firewall ports required.

Prerequisites

• Docker installed on the machine running your database container
• A running Docker database container
• A Tailscale account with an Auth Key generated

How to set it up

1. Start the Tailscale sidecar container

Run the following command to attach a Tailscale container to your database container's network namespace:

docker run -d \
  --name database-sb-connector \
  --network container:NAME-OF-DATABASE-CONTAINER \
  --cap-add NET_ADMIN \
  --cap-add NET_RAW \
  --env TS_AUTHKEY=YOUR_TAILSCALE_AUTH_KEY \
  tailscale/tailscale

Replace NAME-OF-DATABASE-CONTAINER with the name of your running database container and YOUR_TAILSCALE_AUTH_KEY with the Auth Key from your Tailscale account settings.

The flags do the following:

• --network container:NAME-OF-DATABASE-CONTAINER — shares the database container's network namespace so Tailscale intercepts traffic at the correct layer.
• --cap-add NET_ADMIN and --cap-add NET_RAW — grant the capabilities Tailscale needs to manage the network interface.
• --env TS_AUTHKEY — authenticates the sidecar with your Tailscale account automatically on startup.

2. Verify the connection

Once the container starts, confirm it has joined your Tailscale network:

docker exec -it database-sb-connector tailscale status

The output lists connected devices and shows the private IP address assigned to this container. Note this IP — you will use it in the next step.

3. Connect your database in SimpleBackups

In your SimpleBackups dashboard, create a new database backup and enter the private Tailscale IP from the previous step as the database host address. SimpleBackups will route the connection through Tailscale without your database needing a public IP or any firewall exceptions.

SYour database stays private

The Tailscale connection is encrypted end-to-end using WireGuard. Your database is never reachable from the public internet — only devices authenticated to your Tailscale network can connect to it.

Connecting a Private DatabaseOther methods for backing up databases that are not publicly accessible.›