Out of curiosity, why? I use TS for all my homelab bits (including my HA instance), but connect to TS before opening the HA app. Is it just a case of making it easier/ possible to connect if you’re on another VPN? Are you not concerned with having something from your local network open to the internet?

▲

5 hours ago | parent | next [-]

[deleted]

▲

m_santos 4 hours ago | parent | prev | next [-]

Besides the use cases listed, we see this as an opportunity for homelabers and organizations to add authentication with access control to already exposed services.

▲

Galanwe 5 hours ago | parent | prev [-]

I use funnels for things like Vaultwarden, that are secure enough to be exposed on internet, and would be cumbersome if behind the tailnet.

I use serve for everything else, just for the clean SSL termination for things that should stay within the telnet, like *arr stacks, immich, etc.

▲

ethangk 5 hours ago | parent | next [-]

Ah neat, that makes sense. Thanks.

Do you have anything that’ll trigger a notification if there’s suspicious traffic on your local network? I may be overly paranoid about exposing things on my local network to the internet.

	▲	Galanwe 5 hours ago \| parent [-]
		Not really, but these stuff are in an isolated DMZ vlan, so theres not much to escalate to. I fancy a bit upgrading to a smarter router like unify's with integrated firewall and stuff like like though.

▲

edentrey 5 hours ago | parent | prev [-]

After a decade with KeePass, I’ve finally moved to Vaultwarden. I’ll admit, self-hosting such a critical service still feels a bit scary, but the seamless syncing across all my devices is a huge upgrade. To balance the risk, I keep it tucked safely behind Tailscale for that extra peace of mind.