Accessing Frigate via Tailscale from HA

Hi,

I have Frigate running as Docker on an Unraid NAS and the docker is connected to my tailnet.

Home assistant is running on the same Unraid NAS as a virtual machine and tailscale is also installed an running and HA is connected to my tailnet.

I am trying to access the external Frigate instance via the frigate proxy addon.

Because I want to use 2-way-audio, I have to access the frigate server via HTTPS.
Without https and without tailscale it works great.

But with installed tailscale, I only receive a 502 error message, when accessing the frigate WebIf.

Does anyone hasthe same configuration up and running and can explain to me, what Iam doing wrong?

Thank you very much.

What certificate are you using on Frigate?
What url do you use to access Frigate through tailscale?

See (from frigate doc)

Is that a requirement? I don’t remember seeing that, but I don’t use audio with frigate.

So that’s from a browser?

I am not sure, which certificates I am using. This topic is absolutely new to me.

I tried acessing frigate via the tailscale IPv4 and the magic DNS on port 8971. I tried with tls enabled and disabled in frigate config.

The 502 error appeared in home assistant, when I clicked on the Frigate icon in the side menu. I was able to connect to the same IP via the safari browser on my iPad.

In the logs of the frigate proxy addon, there are also some messages regarding a bad ssl handshake.

I do not want to access my frigate docker from outside of my network. I just need the secure access because of the 2-way-audio. I use the nabu casa cloud for accessing HA from outside.

What server dns/ip/port did you specify in the proxy addon config?
That one shouldn’t use the tailscale ip/dns as they are running on the same machine

HA is running in a VM in Unraid with IP 192.168.10.29.

Frigate is running as docker container with tailscale activated in Unraid with IP 192.168.10.22.

In the frigate proxy addon I tried the tailscale IP of the frigate container with port 8971 as well as the magic dns address of the frigate container.

Is this wrong?

Does HA automatically „receive“ the tailscale ssl certificate? Or do I have to import them manually?

I am very unexperienced in using this ssl or tls certificates. Normally I wouldn‘t use it, because I do not want to access frigate from outside of my LAN. I only want to access it via Home assistant via https to get the chance to get 2-way-audio working.

Sorry, i was totally wrong.

I tried to access the Frigate container via HTTPS. But the solution is much easier: The HA companion app has to connect to the HA Server via HTTPS. This was quite easy to solve with tailscale.

Thanks for your help guys.

Hi, I have som trouble to connect my frigate to tailscale. As of noe, i reach it through my tailnet docker-url with port in the browser. How did you add frigate to your tailnet?


 services:
  frigate:
    container_name: frigate
    privileged: true
    restart: unless-stopped
    network_mode: host
    image: ghcr.io/blakeblackshear/frigate:stable
    shm_size: "128mb"
    devices:
      - /dev/bus/usb:/dev/bus/usb
      - /dev/dri/renderD128
    volumes:
      - /etc/localtime:/etc/localtime:rw
      - /root/frigate/config:/config:rw
      - /frigate:/media/frigate
      - type: tmpfs
        target: /tmp/cache
        tmpfs:
          size: 1000000000
    environment:
      FRIGATE_RTSP_PASSWORD: "password"

  frigate-ts:
    image: tailscale/tailscale:latest
    container_name: frigate-ts
    hostname: frigate
    environment:
      - TS_AUTHKEY=tskey-auth-something
      - TS_EXTRA_ARGS=--accept-routes --ssh --reset
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve.json
      - TS_USERSPACE=true
    volumes:
      - /root/frigate/tailscale/state:/var/lib/tailscale
      - /root/frigate/tailscale/config/serve.json:/config/serve.json
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

When i tried with network-mode, frigate could not Access my cameras

services:
  frigate-ts:
    image: tailscale/tailscale:latest
    container_name: frigate-ts
    hostname: frigate
    environment:
      - TS_AUTHKEY=tskey-auth-something
      - TS_EXTRA_ARGS=--accept-routes --ssh --reset
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_SERVE_CONFIG=/config/serve.json
      - TS_USERSPACE=true
    volumes:
      - /root/frigate/tailscale/state:/var/lib/tailscale
      - /root/frigate/tailscale/config/serve.json:/config/serve.json
    cap_add:
      - NET_ADMIN
    restart: unless-stopped


  frigate:
    container_name: frigate
    privileged: true
    restart: unless-stopped
    network_mode: service:frigate-ts
    image: ghcr.io/blakeblackshear/frigate:stable
    shm_size: "128mb" # update for your cameras based on calculation above
    devices:
      - /dev/bus/usb:/dev/bus/usb
      - /dev/dri/renderD128 # for intel hwaccel, needs to be updated for your hardware
    volumes:
      - /etc/localtime:/etc/localtime:rw
      - /root/frigate/config:/config:rw
      - /frigate:/media/frigate
      - type: tmpfs # Optional: 1GB of memory, reduces SSD/SD Card wear
        target: /tmp/cache
        tmpfs:
          size: 1000000000
    environment:
      FRIGATE_RTSP_PASSWORD: "password"

It is working to Access frigate with specified port in the browser, but I can not add it to HA through the frigate-integration

http://docker.my-tailnet.ts.net:5000

I have frigate Running in docker on Unraid NAS. There you can configure Tailscale Support via GUI.