hi, i finally found some time to dig into this. Oddly, I think I got a functioning setup, although it did a bit differently in the end. If you may, please advise if I indeed reached completion, or I have it set suboptimal.
I installed Tailscale gui natively on my mac mini, and ios devices.
I tried following up on your advise of creating DNS records. First in Cloudflare, but since I already set a wildcard entry as type CNAME/*/mydomain.com/DNSonly/TTLauto I wasn’t allowed to add type A record with a similar wildcard entry. I need this existing CNAME line for Traefik to work my SSL certificates (as far i understood). Then I tried setting it up through the DNS>custom Namespaces within Tailscale admin console instead. An entry would look like service.mydomain.com and for ipv4 the local ip of the mac mini. But I wasn’t sure about the config as it wasn’t working. Then i tried the Tailscale ip 100.xx.xx.xx, to no avail.
I thought I needed to advertise routes for my local network, so I did. As similar to --advertise-routes=192.168.68.0/24. And later instead the docker network 172.23.0.0/16. Still didn’t do it.
As I am a NextDNS user I set the ID number in Tailscale>DNS>Nameservers as the Global nameserver and checked Override local DNS.
In the NextDNS config I defined a Rewrite function as *.mydomain.com to the Tailscale IP of the local machine 100.xx.xx.xx . And boom, I can access the servers from my idevices over the Tailscale vpn tunnel.
I then tried to tear down the setup again. It seems the advertise routes from (3) doesn’t do anything, so I removed it again.
Open for any suggestions on this hacked attempt.
Update: yes found an issue. I can only access the services with tailscale enabled. I suspect the rewrite is causing an inproper pass through without the tunnel, as that the tailscale ip cannot be reached.
Update 2: I changed to rewrite to the local ip address instead, similar to 192.168.68.110. I think it works now when accessing within the local network without tunnel and externally with the tunnel.
hi, i finally found some time to dig into this. Oddly, I think I got a functioning setup, although it did a bit differently in the end. If you may, please advise if I indeed reached completion, or I have it set suboptimal.
Open for any suggestions on this hacked attempt.
Update: yes found an issue. I can only access the services with tailscale enabled. I suspect the rewrite is causing an inproper pass through without the tunnel, as that the tailscale ip cannot be reached.
Update 2: I changed to rewrite to the local ip address instead, similar to 192.168.68.110. I think it works now when accessing within the local network without tunnel and externally with the tunnel.