New to Tailscale. Can I use it along with my own DNS and NPM to access my services externally using my existing internal custom domain?
from chazwhiz@lemmy.world to selfhosted@lemmy.world on 23 Jan 09:15
https://lemmy.world/post/42054795

I’ve not done much with external access in the past, but I’m playing with Tailscale and it’s pretty neat. Wondering if I can configure it to work like my local access does:

  1. I use Nginx Proxy Manager to set easy subdomains for my services, I.e. service.mydomain.com
  2. I use AdGuard Home and have a redirect for *.mydomain to that NPM
  3. This works great internally, which is all I’ve really used it for.
  4. I’ve got tailscale working and I can go externally to server.wackyname.ts.net:serviceport.
  5. what I’d like to do is have tailscale somehow use the same internal dns/npm info so when I’m on my tailnet service.mydomain.com still works.
  6. But no other external access, said subdomains do nothing off tailnet.
  7. Mydomain.com is an actual domain I own. General DNS is at Cloudflare right now (main domain was pointed at a hosted site previously, but that’s not needed anymore)

Any way to pull this off without a ton of complexity?

#selfhosted

threaded - newest

iamthetot@piefed.ca on 23 Jan 09:23 next collapse

I’m not an expert, take this with a very big grain of salt.

But I think what you want here is for your home server tailscale to act as an exit node for your remote connection.

This will mean that your phone for example will route traffic through your home server, using its AdGuard DNS.

You can even set it up to conditionally use it as an exit mode, iirc.

chazwhiz@lemmy.world on 23 Jan 11:03 next collapse

Interesting. I saw the exit node feature but didn’t look into it closely. I’ll check it out. Thanks!

dieTasse@feddit.org on 23 Jan 13:32 collapse

Also use advertise-routes to get access to the network as opposed to just the node. Like e.g.

--advertise-routes=192.168.1.0/24
[deleted] on 23 Jan 13:32 collapse

.

rnDoug@hometech.social on 23 Jan 09:30 next collapse

@chazwhiz yes you can. Setup a subnet and just tell Tailscale to use your dns. I’m guessing you already have your dns pointing to NPM?

chazwhiz@lemmy.world on 23 Jan 12:39 collapse

Can you be more specific?

Blaster_M@lemmy.world on 23 Jan 09:34 next collapse

Yes, also Tailscale already provides hostname dns for every device on your tailscale net.

chazwhiz@lemmy.world on 23 Jan 12:40 collapse

I know it gives me their magicdns, like server.wackyname.ts.net, I’m talking about using my own domain.

Blaster_M@lemmy.world on 23 Jan 13:47 collapse

slap the tailscale ips into your dns entries then. I do that.

stratself@lemdro.id on 23 Jan 11:28 next collapse

Do a DNS rewrite at AGH, but instead of the LAN IP make it the Tailscale IP of your NPM machine. Then configure AGH’s IP address as one of the global nameservers on your Tailscale admin panel

Delete all A/AAAA records on Cloudflare, only use it for registrar purposes and the occassional certs authentication.

chazwhiz@lemmy.world on 23 Jan 12:38 collapse

Do a DNS rewrite at AGH, but instead of the LAN IP make it the Tailscale IP of your NPM machine

Wouldn’t that prevent any devices that don’t have tailscale from using it even locally?

[deleted] on 23 Jan 11:46 collapse

.