Casey LissOct 28

This is super hot. I had been relying on the excellent, but seemingly abandoned, TSDProxy. Happy to see an equivalent come in-house.

https://tailscale.com/blog/services-beta

tl;dr: expose a particular service on your tailnet, with full ACL grant support.

So, I could have Tailscale expose…

https://n8n.fancy-name.ts.net/

…with full TLS/SSL and ACL support, even though in actuality the _real_ address for this service is

http://synology.fancy-name.ts.net:8089/

Very cool.

Tailscale Services: Define resources on your tailnet, with granular controls

Tailscale Services is a new way to define available resources on your network and expand the granularity of your access controls to resources that may not have Tailscale installed on them.

Show threadCasey LissOct 28
I don't _love_ that this requires serving devices to be tagged (and thus no longer user-owned), but I do understand it. Makes me a little nervous to dive in, though. 🫣
Show threadCasey LissOct 30

Update: I have now switched over all the services on my Tailnet that were previously hosted by TSDProxy to the new Services approach that @tailscale debuted this week, and it's 😗👌🏻

Had no issues switching my Synology from user-owned to tagged, either.

Recommended for those of you running internal services on your Tailnet.

Show thread CalebOct 30
@caseyliss @tailscale I did attempt this yesterday with one service. It *appeared* “successful” but didn’t actually work so I ended up rolling it back.
Show threadCasey Liss

@ccunning Oh? I've had no issue across 14 services. Wonder why.

I will say that the first one or two times you make a request, it's doing the LetsEncrypt SSL dance, and seems like your service is just ghosting you. Give it a couple minutes and then it's good.

Oct 30 at 6:17pmIvory for Mac
Show thread CalebOct 30
@caseyliss I’m sure it was user error - I’ll probably give it another go eventually. Maybe after it’s less new and more how-tos. My documentation literacy is low.
Show thread CalebOct 31
@caseyliss Ok - I swear I did the exact same thing as yesterday, but today it’s working