Hi everyone,
I’m struggling to get a Celery worker on Render to connect to my self-hosted RabbitMQ instance on an external VM via Tailscale. I’ve been debugging this for 3 days and keep hitting a wall with [Errno 111] Connection refused.
The Setup:
Service Type: Background Worker.
Networking: Using Tailscale in userspace-networking mode (since Render doesn’t support TUN).
The Goal: Connect the Celery worker on Render to RabbitMQ running on a VM
The Problem: Tailscale seems to initialize correctly, and I can see the Render node in my Tailscale dashboard. However, Celery fails to connect to the broker.
Error Log:
[2026-01-31 12:48:12,044: ERROR/MainProcess] consumer: Cannot connect to amqp://user:**@127.0.0.1:5672//: [Errno 111] Connection refused.
My start-worker.sh: I am using tailscale nc to bridge the remote RabbitMQ port to localhost, but Celery still can’t “see” it:
./tailscaled --tun=userspace-networking --socket=./tailscaled.sock --state=mem: --no-logs-no-support &
sleep 15
./tailscale --socket=./tailscaled.sock up --authkey=$TAILSCALE_AUTHKEY --hostname=cove-worker --accept-dns=false
./tailscale --socket=./tailscaled.sock nc ace-01 5672 &
echo “Bridge established: localhost:5672 → ace-01:5672”
sleep 5
exec celery -A my_project --broker=“pyamqp://user:pass@127.0.0.1:5672//” worker -Q gateway_queue --loglevel=info --pool=solo
**What I’ve tried:
**
* Using the Tailscale IP (100.x.x.x) directly in the broker URL.
* Using a SOCKS5 proxy (socks5h://localhost:1055) via CELERY_BROKER_TRANSPORT_OPTIONS.
* (Verified that RabbitMQ on the external VM is listening on all interfaces (0.0.0.0) and the firewall allows port 5672.
* Switching to a unique hostname for each deploy to avoid 404: node not found errors.
And yes I made sure to install Tailscale during build phase
My Question: Does Render’s Background Worker environment restrict internal TCP bridging/loopback traffic? Is there a specific way to ensure the Python amqp library respects the userspace proxy or the tailscale nc bridge?