← Back home

Using Tailscale for my home server

I recently did away with reverse-proxying HTTPS to my home server in favor of Tailscale, a one-click VPN.

Published , 273 words

As detailed in my previous post about my home server, I was using dynamic DNS and HAProxy on my pfsense firewall to access my self-hosted services. I decided to stop exposing port 443 inbound to the world and needed a VPN solution that didn’t involve lots of learning.

Enter Tailscale, a one-click VPN service built atop WireGuard. It supports Google single-sign-on, and although it’s a bit of centralized infrastructure I have to rely on, the auth is as reasonably secure as anything else (Yubikey 2FA, multiple-attempt lockout, secondary recovery mechanism, etc.).

My out-of-home access paradigm is now much simpler.

The end result:

Everything seems to work as intended for the time being, so I’m pleased.