| ▲ | oliyoung 14 hours ago |
| Docker + Immich + Tailscale is the killer replacement to Google & Apple Photos, it's simply that simple |
|
| ▲ | mijoharas 8 minutes ago | parent | next [-] |
| So, I wanted to use tailscale for a few local services in my home, but I run a few of them on the same device, and have a simple reverse proxy that switches based on hostname. Afaict I can't use a tailnet address to talk to that (or is it magic dns I'm thinking about? it was a while since I dug in). I suppose I could have a different device be an exit node on my internal network, but at that point I figure I may as well just keep using my wireguard vpn into my home network. I'm not sure if tailscale wins me anything. Do other people have a solution for this? (I definitely don't want to use tailscale funnel or anything. I still want all this traffic to be restricted like a vpn.) |
|
| ▲ | nightski 12 hours ago | parent | prev | next [-] |
| I don't get the appeal of Tailscale for simple homelab use. I have OpenVPN and it's trivial. Hit the toggle and I'm connected, no fuss. |
| |
| ▲ | Cyph0n 12 hours ago | parent | next [-] | | Tailscale (and similar services) is an abstraction on top of Wireguard. This gives you a few benefits: 1. You get a mesh network out of the box without having to keep track of Wireguard peers. It saves a bunch of work once you’re beyond the ~5 node range. 2. You can quickly share access to your network with others - think family & friends. 3. You have the ability to easily define fine grained connectivity policies. For example, machines in the “untrusted” group cannot reach machines in the “trusted” group. 4. It “just works”. No need to worry about NAT or port forwarding, especially when dealing with devices in your home network. | | |
| ▲ | andrew_eu 8 hours ago | parent [-] | | Also it has a very rich ACL system. The Immich node can be locked out from accessing any other node in the network, but other nodes can be allowed to access it. |
| |
| ▲ | robcohen 12 hours ago | parent | prev | next [-] | | Tailscale uses wireguard, which is better in a lot of ways compared to OpenVPN. It's far more flexible, secure, configurable and efficient. That said, you probably won't notice a significant difference | |
| ▲ | Jnr 8 hours ago | parent | prev | next [-] | | OpenVPN is far from "no fuss", especially when compared to Tailscale. I like to self host things so I also self host Headscale (private tailnet) and private derp proxy nodes (it is like TURN). Since derp uses https and can run on 443 using SNI I get access to my network also at hotels and other shady places where most of the UDP and TCP traffic is blocked. Tailscale ACL is also great and requires more work to achieve the same result using OpenVPN. And Tailscale creates a wireguard mesh which is great since not everything goes through the central server. You should give it a try. | | |
| ▲ | sva_ 6 hours ago | parent [-] | | Why not just use wireguard directly? The configuration is fairly trivial | | |
| ▲ | Jnr 5 hours ago | parent | next [-] | | Wireguard is great, I have personally donated to it and have used Wireguard for years before it became stable. And I still use it on devices (routers) where Tailscale is not supported. But as Jason stated - it is quite basic and is supposed to be used in other tools and this is what we are seeing with solutions like Tailscale. Tailscale makes it simple for the user - no need to set up and maintain complex configurations, just install it, sign in with your SSO and it does everything for you. Amazing! | |
| ▲ | palata 6 hours ago | parent | prev | next [-] | | With Tailscale you don't have to learn anything, you just install apps and click. One value of Tailscale for a ton of simple use-cases is that people don't have time / don't want to learn. | |
| ▲ | iAMkenough an hour ago | parent | prev [-] | | Even more trivial with Tailscale, so why wouldn’t I use Tailscale to configure wireguard for me? |
|
| |
| ▲ | UltraSane 12 hours ago | parent | prev [-] | | Tailscale is much more reliable in my experience. OpenVPN isn't very reliable in my experience as a network admin. And IPsec is an abomination. |
|
|
| ▲ | turtlebits 13 hours ago | parent | prev | next [-] |
| I want to love Tailscale on mobile, but it conflicts with Adguard and regularly disconnects. I keep Tailscale but switched over to Pangolin for access most of my self-hosted services. |
| |
| ▲ | k8sToGo 11 hours ago | parent | next [-] | | Any reason you didn't just set tailscale DNS to ad guard? I have set it to controlD | |
| ▲ | omnimus 8 hours ago | parent | prev | next [-] | | With pangolin you are exposing it otside your private network right? Its public website. That might be undesireable for security. | |
| ▲ | supersuryaansh 10 hours ago | parent | prev [-] | | [dead] |
|
|
| ▲ | vvpan 14 hours ago | parent | prev | next [-] |
| Can you elaborate? What role does Tailscale play? I selfhost and have heard about Tailscale but couldn't figure out how it's used. |
| |
| ▲ | AnonC 14 hours ago | parent | next [-] | | Not GP. My guess is that they’re self hosting this at home (not on a server that’s on the internet), and Tailscale easily and securely allows them to access this when they’re elsewhere. | | |
| ▲ | Sanzig 13 hours ago | parent [-] | | Even if you are self hosting in the cloud or on a rented box, Tailscale is still really nice from a security perspective. No need to expose anything to the internet, and you can easily mix and match remotely hosted and home servers since they all are on the same Tailnet. |
| |
| ▲ | nickthegreek 11 hours ago | parent | prev | next [-] | | Tailscale routes my mobile device dns through my pile back at the home. I have nginx setup with easy to remember domains (photos.my domain.com) that work when i’m away as well without exposing anything to the open internet. | |
| ▲ | digitalDM 13 hours ago | parent | prev | next [-] | | In my words, I use Tailscale at home but not for this (yet). Tailscale is a simple mesh network that joins my home computers and phones while on separate networks. Like a VPN, but only the phone to PC traffic flows on that virtual private network. | |
| ▲ | dawnerd 12 hours ago | parent | prev | next [-] | | Tailscale can give you domains + ssl for local services with basically no effort. | |
| ▲ | UltraSane 12 hours ago | parent | prev | next [-] | | With tailscale on your server and endpoints you can access the server from anywhere without even having to open any ports. It is like magic. | |
| ▲ | tjpnz 12 hours ago | parent | prev [-] | | Tailscale gives me access to my home network when I'm not at home. I can be on a train, in another country even, and watch shows streamed off the Raspberry Pi in my home office. |
|
|
| ▲ | oulipo2 7 hours ago | parent | prev [-] |
| I'm using it with Dokploy, which takes care of Docker+Tailscale for me, it's quite convenient |
