Running Pi-hole with Docker and Tailscale

I have previously been running my Pi-hole in a docker container with port forwarding. I connected to the Pi-hole using the host machine's tailscale IP. This all worked fine, except all requests were logged twice (image below)


So I decided to change the docker setup so the container would be its own Tailscale node and pihole listens on the tailscale network. The docker compose is below.

version: "3.7"
services:
  tailscale:
    image: tailscale/tailscale:latest
    hostname: pi-hole
    environment:
      - TS_AUTHKEY=REDACTED?ephemeral=false&preauthorized=true
      - TS_EXTRA_ARGS=--accept-dns=false --advertise-tags=tag:dns --ssh
      - TS_STATE_DIR=/var/lib/tailscale
    volumes:
      - './tailscale-data:/var/lib/tailscale'
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    restart: unless-stopped
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    environment:
      TZ: 'America/New_York'
      WEBPASSWORD: 'REDACTED'
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    restart: unless-stopped
    depends_on:
      - tailscale
    network_mode: service:tailscale
volumes:
  tailscale-data:
    driver: local

The Pi-hole works like this, but now all requests come from localhost in the logs (below)


Has anyone figured out a setup like this?

Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:

pihole -d

or do it through the Web interface:

Tools > Generate Debug Log

Thanks for responding! This is my token URL https://tricorder.pi-hole.net/hJRYDOCN/