I’ve not done much with external access in the past, but I’m playing with Tailscale and it’s pretty neat. Wondering if I can configure it to work like my local access does:

  1. I use Nginx Proxy Manager to set easy subdomains for my services, I.e. service.mydomain.com
  2. I use AdGuard Home and have a redirect for *.mydomain to that NPM
  3. This works great internally, which is all I’ve really used it for.
  4. I’ve got tailscale working and I can go externally to server.wackyname.ts.net:serviceport.
  5. what I’d like to do is have tailscale somehow use the same internal dns/npm info so when I’m on my tailnet service.mydomain.com still works.
  6. But no other external access, said subdomains do nothing off tailnet.
  7. Mydomain.com is an actual domain I own. General DNS is at Cloudflare right now (main domain was pointed at a hosted site previously, but that’s not needed anymore)

Any way to pull this off without a ton of complexity?

  • stratself@lemdro.idEnglish
    2·
    1 day ago

    Yes.

    If you want to access your NPM stuff on both Tailscale and LAN, either:

    • Advertise a subnet route for your LAN range, configure Tailscale devices to use it, and use your LAN IP on the AGH rewrite, or
    • Split Horizon: Have your DNS respond with a Tailnet IP when it’s queried from the Tailnet range, and respond with a LAN IP when queried from LAN. AGH cannot do this, but other software like Technitium can