this post was submitted on 20 Feb 2026
74 points (100.0% liked)

Selfhosted

60093 readers
962 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, and your account is at least 30 days old, your post is exempt from this rule as long as you continue to engage in comments.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
74
Tailscale Services GA: App-aware connectivity with more control (tailscale.com)
submitted 4 months ago by new_otters_raft@piefed.ca to c/selfhosted@lemmy.world
29 comments fedilink hide all child comments
 

This should be excellent for selfhosters that have all their services in one VM. I haven't tried this myself, but I think this means you can:

  • you can create memorable links instead of memorizing port numbers: jellyfin.foo-bar.ts.net
  • share one service from a machine instead of all of them in a more intuitive way

If you’re new to Tailscale Services, it lets you publish internal resources like databases, APIs, and web servers as named services in your tailnet, using stable MagicDNS names. Rather than connecting to individual machines, teams connect to logical services that automatically route traffic to healthy, available backends across your infrastructure. This decoupling makes migrations, scaling, and high availability far easier, without reconfiguring clients, rewriting access policies, or standing up load balancers. Our documentation has details on use cases, requirements, and implementation.

you are viewing a single comment's thread
view the rest of the comments
[–] MatSeFi@lemmy.liebeleu.de 6 points 4 months ago* (last edited 4 months ago) (1 children)

I did it about 8 months ago... it just works like black magic. It’s a "fire and forget" VPN, but SSO is a must in my opinion; otherwise, key exchange is too tedious.

[–] avidamoeba@lemmy.ca 4 points 4 months ago (1 children)

You're talking about Headscale right?

[–] MatSeFi@lemmy.liebeleu.de 3 points 4 months ago (1 children)

Yes.. sry wasn't clear about that..

[–] avidamoeba@lemmy.ca 2 points 4 months ago (2 children)

Can you share what components are you using for SSO, UI, etc.?

[–] MatSeFi@lemmy.liebeleu.de 5 points 4 months ago

Never got warm with all the UIs available. But things change very fast on that front. For me it looks like that they only differ by the time it takes to provide support for the newest headscale version. Just take the one supporting yours :) For SSO , the OIDC provider from Nextcloud is working as good as any other. Having some kind of static IP also helps but the headscale server runs on HTTPS port plus some optional ones (not sure if I remember correctly) dynamic dns should be ok as well.

[–] tux7350@lemmy.world 4 points 4 months ago* (last edited 4 months ago)

Not OP but I use headscale and have it configured using Authentik for SSO. Works flawlessly once its up and running. I also use headplane for the UI. It has SSO integration as well which makes everything a breeze.

Edit: Forgot to mention, all running in docker with traefik as the reverse proxy.