Hi everyone,

I’m struggling to get a Celery worker on Render to connect to my self-hosted RabbitMQ instance on an external VM via Tailscale. I’ve been debugging this for 3 days and keep hitting a wall with [Errno 111] Connection refused.

The Setup:

Service Type: Background Worker.

Networking: Using Tailscale in userspace-networking mode (since Render doesn’t support TUN).

The Goal: Connect the Celery worker on Render to RabbitMQ running on a VM

The Problem: Tailscale seems to initialize correctly, and I can see the Render node in my Tailscale dashboard. However, Celery fails to connect to the broker.

Error Log:
[2026-01-31 12:48:12,044: ERROR/MainProcess] consumer: Cannot connect to amqp://user:**@127.0.0.1:5672//: [Errno 111] Connection refused.

My start-worker.sh: I am using tailscale nc to bridge the remote RabbitMQ port to localhost, but Celery still can’t “see” it:

./tailscaled --tun=userspace-networking --socket=./tailscaled.sock --state=mem: --no-logs-no-support &
sleep 15

./tailscale --socket=./tailscaled.sock up --authkey=$TAILSCALE_AUTHKEY --hostname=cove-worker --accept-dns=false

./tailscale --socket=./tailscaled.sock nc ace-01 5672 &

echo “Bridge established: localhost:5672 → ace-01:5672”
sleep 5

exec celery -A my_project --broker=“pyamqp://user:pass@127.0.0.1:5672//” worker -Q gateway_queue --loglevel=info --pool=solo

**What I’ve tried:
**
* Using the Tailscale IP (100.x.x.x) directly in the broker URL.
* Using a SOCKS5 proxy (socks5h://localhost:1055) via CELERY_BROKER_TRANSPORT_OPTIONS.
* (Verified that RabbitMQ on the external VM is listening on all interfaces (0.0.0.0) and the firewall allows port 5672.
* Switching to a unique hostname for each deploy to avoid 404: node not found errors.

And yes I made sure to install Tailscale during build phase

My Question: Does Render’s Background Worker environment restrict internal TCP bridging/loopback traffic? Is there a specific way to ensure the Python amqp library respects the userspace proxy or the tailscale nc bridge?