I'm no expert, but I think you could have the reverse proxy node be the only thing whitelisted to be accepted by the nodes you want behind the proxy (via their tailscale IP). I believe this would all be done in their ACL JSON.
Tailscale offers a super basic reverse proxy called tailscale serve. Or baring that caddy has built in support. They have the full details for both in the tailscale docs.
open-paren|11 months ago
https://github.com/almeidapaulopt/tsdproxy
jjice|11 months ago
pokemod97|11 months ago