this post was submitted on 30 Aug 2023
76 points (95.2% liked)

Selfhosted

40400 readers
813 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I've read a lot of recommendations for tailscale and am on my way to try it out myself. Do you use Tailscale in the "normal" way or do you host your own Headscale server (as I'm planning to do)? Any pros and cons?

you are viewing a single comment's thread
view the rest of the comments
[–] sn0opy 5 points 1 year ago* (last edited 1 year ago) (6 children)

I use Tailscale as is. Mainly to connect to my devices but also for fancy stuff like this:

Some of my servers are only available via Tailscale. They don't have any open ports to the internet. Even authentication to these servers via SSH is handled by Tailscale SSH.

I have some SMB shares on my local server and I gave access to it to some friends via Tailscale by sharing said server and lock it down ACLs. So people that have "shared" access can only access the server via SMB's ports.

One more thing I wanted to use but then stopped screwing around with it: Tailscale Funnel. I wanted to access some local webservices on my server via the internet without connecting to Tailscale first but also without opening ports on my local router. The downside of Funnel: no custom domains (yet). This means I would have to use their Tailnet name instead. Instead I went with Cloudflare Tunnel.

One more thing that was annoying with Funnel: I wanted to use tsnet for quick file shares via a very basic HTTP server. Tsnet created "virtual" machines within mail Tailnet which I could then funnel to the internet. Unfortunately, Tailnet DNS propagation is absurdly slow. It's not really made for on-demand funnel usage. It would work just fine while being connected to the Tailnet via Tailscale, but not via Funnel over the internet.

All in all, I'm super happy with Tailscale. Setting things up was so absurdly easy and it just works.

[–] AlecStewart1st 2 points 1 year ago (5 children)

I'm curious, what's the benefit of using Tailscale over setting up Wireguard yourself? Is it just not having to do all of the setup? Or do I misunderstand what the main use of Tailscale is?

[–] sn0opy 2 points 1 year ago* (last edited 1 year ago)

Pretty much that. I don’t want to host „mission critical“ stuff by myself nor do I want to care about backups. With Tailscale I’m just a sign-in away to be able to access all devices connected to it

load more comments (4 replies)
load more comments (4 replies)