Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Out of curiosity, why? I use TS for all my homelab bits (including my HA instance), but connect to TS before opening the HA app. Is it just a case of making it easier/ possible to connect if you’re on another VPN? Are you not concerned with having something from your local network open to the internet?




I use funnels for things like Vaultwarden, that are secure enough to be exposed on internet, and would be cumbersome if behind the tailnet.

I use serve for everything else, just for the clean SSL termination for things that should stay within the telnet, like *arr stacks, immich, etc.

reply


After a decade with KeePass, I’ve finally moved to Vaultwarden. I’ll admit, self-hosting such a critical service still feels a bit scary, but the seamless syncing across all my devices is a huge upgrade. To balance the risk, I keep it tucked safely behind Tailscale for that extra peace of mind.

reply


Ah neat, that makes sense. Thanks.

Do you have anything that’ll trigger a notification if there’s suspicious traffic on your local network? I may be overly paranoid about exposing things on my local network to the internet.

reply


Not really, but these stuff are in an isolated DMZ vlan, so theres not much to escalate to.

I fancy a bit upgrading to a smarter router like unify's with integrated firewall and stuff like like though.

reply


Besides the use cases listed, we see this as an opportunity for homelabers and organizations to add authentication with access control to already exposed services.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: