Tailscale (and headscale) is great for internal access to something that night not have public internet access. Others have mentioned an example of keeping a NAS off the public internet.

Cloudflare tunnels help expose a service to the internet with a bit more protection.

I have seen folks use both tailscale to access the backend and the public side is only Cloudflare tunnels.

It’s not unreasonable to point Cloudflare tunnels to a central and internal nginx proxy manager.

Tailscale can route the public internet into your services too can do this too but the protections in Cloudflare are likely a little more robust.

Panagolin looks interesting enough to try out, it could sit run behind Cloudflare tunnels while testing and then moved out.

▲

Lord_Zero 3 days ago | parent [-]

I'm using caprover on a Linux VM with tailscale and cloudflare. Works great, it does require some tinkering because caprover doesn't like not being in control of SSL, and the nginx configs need to be manually edited per app if you want to set up headers for cloudflare real ip and stuff.

	▲	j45 2 days ago \| parent [-]
		Sounds like a nice setup. I like being able to choose if I don’t want to maintain or think about it again, then going one direction. If it’s something I will be tinkering with, a different direction is better.