WingNews logo WingNews
top | item 46845216

(no title)

edentrey | 29 days ago

Tailscale is the only non-self-hosted part of my setup now and this has bugged me since. I use a custom Nameserver rule to point all my subdomains to a Caddy container sitting on my Tailnet. Caddy handles the SSL and routes everything to the right containers. I skipped Tailscale Funnel on purpose; since these are just family services, I’d rather keep them locked behind the VPN than open them up to the web. This project looks promising as a replacement for my current setup and for its digital sovereignity of self hosting the server. I'm looking to manage several embedded devices remotely via Tailscale, but I've hit a major roadblock: the 90-day maximum expiration for Auth Keys. Constantly renewing these tokens is a significant maintenance burden, so I'm searching for a more permanent, 'set-and-forget' solution for my remote hardware.

discuss

order

tass|29 days ago

Tailscale allows you to disable the expiration time - I do this for my gateways.

My other simplifier is having everything at home get a .home dns name, and telling Tailscale to route all these via tailnet.

edentrey|29 days ago

can you please tell me how to disable expiration time? I see auth keys have an Expiration which says it "Must be between 1 and 90 days." I do use a custom domain name as well with a Nameservers rule to have all my services reachable as subdomains of my custom domain.

inapis|29 days ago

Use tag-based node authentication. Login as a user and then switch the device to use a tag. I just recently did that and retained the usual 6 months expiry. I can also disable key expiry completely.

atmosx|29 days ago

Headscale is a self hosted drop-in control plane replacement that has been pretty stable for us.

nagaiaida|26 days ago

you may also be interested in nebula (although you'd give up the nice management ui)

Lucasoato|29 days ago

+1 for caddy in Tailnet, working well for us too!