this post was submitted on 20 Feb 2026
28 points (100.0% liked)

Selfhosted

56741 readers
568 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
28
Tailscale Services GA: App-aware connectivity with more control (tailscale.com)
submitted 6 hours ago by new_otters_raft@piefed.ca to c/selfhosted@lemmy.world
18 comments fedilink hide all child comments
 

This should be excellent for selfhosters that have all their services in one VM. I haven't tried this myself, but I think this means you can:

  • you can create memorable links instead of memorizing port numbers: jellyfin.foo-bar.ts.net
  • share one service from a machine instead of all of them in a more intuitive way

If you’re new to Tailscale Services, it lets you publish internal resources like databases, APIs, and web servers as named services in your tailnet, using stable MagicDNS names. Rather than connecting to individual machines, teams connect to logical services that automatically route traffic to healthy, available backends across your infrastructure. This decoupling makes migrations, scaling, and high availability far easier, without reconfiguring clients, rewriting access policies, or standing up load balancers. Our documentation has details on use cases, requirements, and implementation.

you are viewing a single comment's thread
view the rest of the comments
[–] MatSeFi@lemmy.liebeleu.de 5 points 5 hours ago* (last edited 5 hours ago) (1 children)

I did it about 8 months ago... it just works like black magic. It’s a "fire and forget" VPN, but SSO is a must in my opinion; otherwise, key exchange is too tedious.

[–] avidamoeba@lemmy.ca 4 points 5 hours ago (1 children)

You're talking about Headscale right?

[–] MatSeFi@lemmy.liebeleu.de 3 points 5 hours ago (1 children)

Yes.. sry wasn't clear about that..

[–] avidamoeba@lemmy.ca 2 points 4 hours ago (2 children)

Can you share what components are you using for SSO, UI, etc.?

[–] MatSeFi@lemmy.liebeleu.de 3 points 3 hours ago

Never got warm with all the UIs available. But things change very fast on that front. For me it looks like that they only differ by the time it takes to provide support for the newest headscale version. Just take the one supporting yours :) For SSO , the OIDC provider from Nextcloud is working as good as any other. Having some kind of static IP also helps but the headscale server runs on HTTPS port plus some optional ones (not sure if I remember correctly) dynamic dns should be ok as well.

[–] tux7350@lemmy.world 3 points 3 hours ago* (last edited 3 hours ago)

Not OP but I use headscale and have it configured using Authentik for SSO. Works flawlessly once its up and running. I also use headplane for the UI. It has SSO integration as well which makes everything a breeze.

Edit: Forgot to mention, all running in docker with traefik as the reverse proxy.