The topic This app makes remote homelab access stupidly simple—no port forwarding required is currently the subject of lively discussion — readers and analysts are keeping a close eye on developments.
This is taking place in a dynamic environment: companies’ decisions and competitors’ reactions can quickly change the picture.
When you set up a service on your home server, you can access it right away by just typing the server’s IP address, followed by the port that service is mapped to. So long as you’re connected to the same network as the server, you can access that service.
However, when you’re outside, not connected to your home Wi-Fi, you can’t access your home server or its services directly. The usual advice is to set up port forwarding on your router or a reverse proxy. But those aren’t your only options. There’s a really simple way to access your home server and its services outside the internal network.
These days I have set up a domain name and I use the reverse proxy Caddy to access my services on different subdomains via HTTPS. for example, I have a self-hosted Vaultwarden server accessible on a URL that looks something like this: https://vault.domainname.com. I can access it on any network, anywhere in the world, just like a normal website. It does require a bit of a setup and tinkering though.
Tailscale lets you do something similar without the complicated configurations. You can sign up for Tailscale, then run it on your server and your client devices (your phone, laptop, and other devices) and it’ll create a secure, private network for you.
The network is called a “tailnet.” Any devices connected to the private tailnet can communicate with each other. Tailscale automatically assigns each device on your tailnet an IP addssress, which only authorized devices connected to the same network can access. Those devices can be connected to Wi-Fi, LAN, or data anywhere in the world and still reach the tailnet IP addresses. No need to mess with ports.
The best part is that you don’t even need to remember those IP addresses because Tailscale provides you with “magic DNS.” Basically, instead of typing an IP address like http://100.x.x.x, you can type an easy to remember name like https://dietpi.lemon-cow.ts.net. Note that the example magic DNS uses HTTPS, which some self-hosted services require (like password managers). Usually, it’s a hassle to configure, but with Tailscale you just have to click one button.
Tailscale is the first solution I used, and it worked like magic for the longest time. The only reason I ditched it is that I found it inconvenient to keep and toggle the Tailscale app on my phone.
To start, you’ll want to install Tailscale on your server. There’s an official script that automates that process for you. Let’s run it.
It’s always a good idea to inspect scripts from the internet before running them.
The script installs and runs Tailscale as a systemd service by default. If your server is using a different init system, you’ll have to manually set up a background service for it.
You’ll see a link printed on the console. Follow that link to either sign up or sign into the Tailscale console. With that, your server should be authorized and connected.
The next step is installing Tailscale on your devices. For Linux machines, you can use the same commands to get the Tailscale service up and running. On Windows or macOS, you can get the right installers from the Tailscale website. For mobile devices, you can download the Tailscale app from the App Store or Play Store.
You’ll want to log into the same Tailscale account you used for the server and authorize your devices. Check all devices currently on your tailnet with this command.
As I mentioned, the easy way to access your server and its services is through the MagicDNS feature. Open the DNS tab on your Tailscale Console and scroll down to find the MagicDNS and HTTPS Certificates buttons. Make sure both are enabled.
You can also enable HTTPS Certificates for your tailnet by running this command on your server. Substitute the tailnet address with your own.
Once all your servers and devices are on the same tailnet, you can access running services from any of those devices, as long as Tailscale is running on that device. Let me show you how to do that next.
Let’s say you have a Docker container that you want to access outside your home network.
Open the Tailscale console again and hop to the DNS tab. Note your unique tailnet name. It might look something like lemon-cow.ts.net. Then go to the Machines tab and look for the server name. You need both to access your server on tailnet. for example, mine is named dietpi. So the full address pointing to the server will look like this.
Let’s say you have an Docker container active on port 3001. On your home network, you’d typically type the server IP address, followed by :3001. It might look something like this.
Now that you’ve set up Tailscale with a unique MagicDNS, you can just substitute that server IP with the Tailscale address, keep the target port, and it’ll work as if you were on the local network.
Tailscale makes it straightforward to access your home lab and your self-hosted services when you’re out and about. It’s pretty much a set-and-forget system that just works (mostly.) Even the setup is simple enough.