Thanks!

I think what you are using (SSH, Tailscale) is great for your use case! We see this as more of a static and permanent tunnel to a service - less ephemeral than a ssh tunnel - and more to get public users into your application. Meaning if you had a internal app for your business or some homelab application like Immich or Grafana at home/work that you want to expose to your family in their browser this could be a good tool to use. Does that make sense?

▲

barbazoo 4 days ago | parent | next [-]

I’m using an nginxproxymanager as reverse proxy and ssl terminus for exactly that, Immich, home assistant, etc. What would I gain from your solution?

	▲	fossorialowen 4 days ago \| parent [-]
		I think if that works for you then stick with it! Pangolin would mostly do the same thing. I think if you wanted more auth control like users and pin codes and OIDC and roles you might not get that with NPM out of the box but could add on. Pangolin has a tunnel component to it so if you were challenged on the ISP front you can put this on the VPS and it just makes configuring the connection back to the network easier so you don't need to set up WG back etc... It wraps it all up nicely in a UI and simple install script. It can also all be automated with the API if you are into that kind of thing.

▲

wredcoll 3 days ago | parent | prev | next [-]

If you have an internal app or homelab app or whatever, why don't you just... route to it? Configure your firewall to let traffic in and out?

I get there's a tunnel provided by this sort of software, I just don't understand how so many people actually need one.

	▲	zerd 3 days ago \| parent [-]
		My ISP blocks port 25, 80 and 443, so need to tunnel those. Some don't want to expose their IP directly. If you have dynamic IP you don't have to update the IP in DNS (since the "application" connects to the tunnel endpoint).

▲

noduerme 4 days ago | parent | prev [-]

That makes a ton of sense actually! I'm excited to give it a try!