You can use tailscale services to do this now:
replyhttps://tailscale.com/docs/features/tailscale-services
Then you can access stuff on your tailnet by going to http://service instead of http://ip:port
It works well! Only thing missing now is TLS
This would be perfect with TLS. The docs don't make this clear...
reply> tailscale serve --service=svc:web-server --https=443 127.0.0.1:8080
> http://web-server.<tailnet-name>.ts.net:443/ > |-- proxy http://127.0.0.1:8080
> When you use the tailscale serve command with the HTTPS protocol, Tailscale automatically provisions a TLS certificate for your unique tailnet DNS name.
So is the certificate not valid? The 'Limitations' section doesn't mention anything about TLS either:
https://tailscale.com/docs/features/tailscale-services#limit...
I think maybe TLS would work if you were to go to https://service.yourts.net domain, but I've not tried that.
replyIt works, I’m using tailscale services with https
replyIn the 1Password entry go to the "website" item. To right right there's an "autofill behavior" button. Change it to "Only fill on this exact host" and it will no longer show up unless the full host matches exactly
replyPangolin handles this nicely. You can define alias addresses for internal resources and keep the fully private and off the public internet. Also based on WireGuard like Tailscale.
replyYou can still have subdomains with Tailscale. Point them at the tailscale IP address and run a reverse proxy in front of your services
replyGood point, but for simplicity i'd still like 1Password to use the full hostname + port a the primary key and not the hostname.
replytailscale serve 4000 --BG
replyProblem solved ;)